File: logid.sh

package info (click to toggle)
golang-github-sigstore-fulcio 1.6.5-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,636 kB
  • sloc: sh: 399; makefile: 104; python: 27
file content (58 lines) | stat: -rw-r--r-- 2,077 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
#!/bin/bash
#
# Copyright 2021 The Sigstore Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


function get_log_id() {
	curl -s --retry-connrefused --retry 10 http://trillian-log-server:8095/metrics |grep "^quota_acquired_tokens{spec=\"trees"|head -1|awk ' { print $1 } '|sed -e 's/[^0-9]*//g' > /tmp/logid
}

function create_log () {
	/go/bin/createtree -admin_server trillian-log-server:8096 > /tmp/logid
	echo -n "Created log ID " && cat /tmp/logid
}

function update_config() {
	cat /root/ctfe/ct_server.cfg | sed -e "s/%LOGID%/"`cat /tmp/logid`"/g" > /etc/config/ct_server.cfg
	cp /root/ctfe/*.pem /etc/config/
}

# check to see if log id exists; if so, use that
echo -n "Checking for existing configuration..."
if ! [[ -s /etc/config/ct_server.cfg ]]; then
	echo " none found."
	echo "Checking for preexisting logs..."
	get_log_id
	# else create one
	if ! [[ -s /tmp/logid ]]; then
		echo "No log found; let's create one..."
		create_log
		# update config file accordingly
		update_config
	else
		echo "Log ID known but config not found"
		update_config
	fi
else
	echo " found."
	configid=`cat /etc/config/ct_server.cfg|grep log_id|awk ' { print $2 } '`
	echo "Existing configuration uses log ID $configid"
fi
curl -s --retry-connrefused --retry 10 http://fulcio-server:5555/api/v1/rootCert -o tmpchain.pem
csplit -s -f tmpcert- tmpchain.pem '/-----BEGIN CERTIFICATE-----/' '{*}'
mv $(ls tmpcert-* | tail -1) /etc/config/root.pem
rm tmpcert-* tmpchain.pem
cat /etc/config/root.pem
echo "Fetched valid root certificate from Fulcio to limit entries in CTFE instance"