44r0n7/pi-kit
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 12 Wiki Activity

Add CA hash sidecar for onboarding

Browse Source
This commit is contained in:
Aaron
2026-01-02 22:43:43 -05:00
parent 40b1b43449
commit 32a9f42361
4 changed files with 61 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
systemd/pikit-certgen.sh
View File

@@ -17,6 +17,19 @@ log() {
printf '[pikit-certgen] %s\n' "$*"
}
write_ca_hash() {
if [ -s "$WEB_ASSETS/pikit-ca.crt" ]; then
if command -v sha256sum >/dev/null 2>&1; then
sha256sum "$WEB_ASSETS/pikit-ca.crt" | awk '{print $1}' > "$WEB_ASSETS/pikit-ca.sha256"
elif command -v openssl >/dev/null 2>&1; then
openssl dgst -sha256 "$WEB_ASSETS/pikit-ca.crt" | awk '{print $2}' > "$WEB_ASSETS/pikit-ca.sha256"
fi
if [ -s "$WEB_ASSETS/pikit-ca.sha256" ]; then
chmod 644 "$WEB_ASSETS/pikit-ca.sha256"
fi
fi
}
ensure_group() {
if ! getent group "$CERT_GROUP" >/dev/null 2>&1; then
groupadd "$CERT_GROUP" || true
@@ -52,6 +65,7 @@ if [ -s "$CA_CRT" ] && [ -s "$CA_KEY" ] && [ -s "$SRV_KEY" ] && [ -s "$SRV_CRT"
chmod 644 "$WEB_ASSETS/pikit-ca.crt"
log "Copied CA to web assets."
fi
write_ca_hash
fix_perms
log "TLS certs already present; skipping generation."
exit 0
@@ -97,5 +111,6 @@ fix_perms
cp "$CA_CRT" "$WEB_ASSETS/pikit-ca.crt"
chmod 644 "$WEB_ASSETS/pikit-ca.crt"
write_ca_hash
log "TLS certs generated."