mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-29 21:54:13 +01:00
generate cert for notary signer in prepare,
update the default certificates so the subject is formal.
This commit is contained in:
parent
74e7b66aa0
commit
3e8d71538f
34
make/common/templates/notary/notary-signer-ca.crt
Normal file
34
make/common/templates/notary/notary-signer-ca.crt
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF3TCCA8WgAwIBAgIJANgnJg8tUB+HMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
|
||||||
|
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRv
|
||||||
|
MRUwEwYDVQQKDAxWTXdhcmUsIEluYy4xDzANBgNVBAsMBkhhcmJvcjEkMCIGA1UE
|
||||||
|
AwwbU2VsZi1zaWduZWQgYnkgVk13YXJlLCBJbmMuMB4XDTE3MDMyNDA1MzE1N1oX
|
||||||
|
DTI3MDMyMjA1MzE1N1owgYQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y
|
||||||
|
bmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEP
|
||||||
|
MA0GA1UECwwGSGFyYm9yMSQwIgYDVQQDDBtTZWxmLXNpZ25lZCBieSBWTXdhcmUs
|
||||||
|
IEluYy4wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQClgcA3XhXFgaBa
|
||||||
|
iK5G60ym0SB0P4KDyB0aKz1nQwf3svJdzUOLzom3zK8mUDXZ5b0Jnix5KrW6CONs
|
||||||
|
JsjPtZKRXVNkWhUh6362OUt2icmq3BLGqKQ9qTqi4R1NrPr4vug/TmBumxMB+JJI
|
||||||
|
UHRJgLox1dXUEsyxxv5yt/AKPa9nZruI2x8CzdKRVhsiR06B70OJZA8l2UuRv7v8
|
||||||
|
9biGGu4Haavt4CG0goPBXh7PpPNHcoQmgdMAHkawBmrf3qvn2nSrJzfbjsv6iQ9/
|
||||||
|
e3GRAmWmJVsDBvlxwtIJDXLvm3qUN/P/ul6w6zbueAXkAq5UcjIMdDLSnt690DWo
|
||||||
|
B7cO8FWKg4TqvuJ0+qb9Uwty+3x/mONiq9kwbFIKuLnjRJApPO1gevGexotiOyKp
|
||||||
|
ljJMkeabPCuClquqI+LxM+TEmDtxOfJ2OuhisOaAuW2qYl2ZdnaTaVz42kctobwj
|
||||||
|
+DnhvtwItE88mf8tYxDY+Kp+bITlcanmSPASw/YJXMrIbPynzMPCloe2TRSoImGC
|
||||||
|
8uQI6rLSyeUvkpCCxIDnfUTuhmSc2jseqTYyxXrf+qMVNNoTC2VMUwt/nxerjK1a
|
||||||
|
L000KIqk4h0GqUwuAE6I1CPLN9eQE9qlaeSxKPiScPG3M3mkKyIIAKUz3WjR7UnW
|
||||||
|
Aw1Z5fRH28ci8GfbxynTMuWlU/izqwIDAQABo1AwTjAdBgNVHQ4EFgQUZP1uZGYH
|
||||||
|
85c0RIrIJVr/RdC64YcwHwYDVR0jBBgwFoAUZP1uZGYH85c0RIrIJVr/RdC64Ycw
|
||||||
|
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEACYIVf0U2kc849GlpvYCv
|
||||||
|
LDGjbdswjmjAxpZaKFCO3MjAEhDxd8QWb1uCN+asRKV146qU3UL40stjjWUpwx6P
|
||||||
|
YQ48zJi1N+Npc53NWoTQ8JxsmQtATTaIlAgYg1WC1oTg5WTPeNOAY/KuSiwPHIrX
|
||||||
|
yaCJdz0+c1xKRRE1m3m85amrtAJkIigL8WIPsKqnNprP11zLzaebMJNpGwq2lRsI
|
||||||
|
4Sm0SEdJNaOm3fQ8KuTElBAGEmJ3F34FeNajM+hIkd0RnG35nsJQgMQz36E5rMVd
|
||||||
|
P1Djk/wPfXJIk61lGJvS/Rl41c1d+XG8aFjhL0APdYHddB11IZ7+QNslEk11kiVI
|
||||||
|
nNjx5CfFuE6ZSq/TAVrco97TxqKdbMIMkRp/MKoTlxG4O5UlFGOniGvQT4g1A962
|
||||||
|
aobnVvxkIhZ5NbPc8PX18EdfpQcheubDZuQtZMmcdU7ilFI0pP9/bQ2EYKi2oPJv
|
||||||
|
4v6vtCYKU2et2KLJLFt7zUoY4zJGqJcW8BibP5kDkmAT+qxurH6T5X+M2QctdxU/
|
||||||
|
63L3sE/dH3saSAVNqB1hs+9pweEj6E+Uaj6Oyn9UDarri11y+esyVPdBEnHwCEsc
|
||||||
|
o3/KMSc7gXfixQi+WgRoD0DpR/bNatjgbq7KSGi9gZp/Aq+ltx5I49nbf4c+WZ9b
|
||||||
|
l7WOOMS8XTJr7KLDUXkAeic=
|
||||||
|
-----END CERTIFICATE-----
|
@ -1,63 +1,32 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIFBDCCAuygAwIBAgIJAMbWdVJcKhXYMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV
|
MIIFdjCCA14CCQCeVwANSZmmiDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
|
VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVBhbG8gQWx0bzEVMBMG
|
||||||
A1UECgwGRG9ja2VyMScwJQYDVQQDDB5Ob3RhcnkgSW50ZXJtZWRpYXRlIFRlc3Rp
|
A1UECgwMVk13YXJlLCBJbmMuMQ8wDQYDVQQLDAZIYXJib3IxJDAiBgNVBAMMG1Nl
|
||||||
bmcgQ0EwHhcNMTcwMTIzMDYwMzM3WhcNMTkwMjEyMDYwMzM3WjBbMQswCQYDVQQG
|
bGYtc2lnbmVkIGJ5IFZNd2FyZSwgSW5jLjAeFw0xNzAzMjQwNTMyMDBaFw0yNzAz
|
||||||
EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDzANBgNV
|
MjIwNTMyMDBaMHUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIw
|
||||||
BAoMBkRvY2tlcjEWMBQGA1UEAwwNbm90YXJ5LXNpZ25lcjCCASIwDQYJKoZIhvcN
|
EAYDVQQHDAlQYWxvIEFsdG8xFTATBgNVBAoMDFZNd2FyZSwgSW5jLjEPMA0GA1UE
|
||||||
AQEBBQADggEPADCCAQoCggEBANhO8+K9xT6M9dQC90Hxs6bmTXWQzE5oV2kLeVKq
|
CwwGSGFyYm9yMRUwEwYDVQQDDAxub3RhcnlzaWduZXIwggIiMA0GCSqGSIb3DQEB
|
||||||
OjwAvGt6wBE2XJCAbTS3FORIOyoOVQDVCv2Pk2lZXGWqSrH8SY2umjRJIhPDiqN9
|
AQUAA4ICDwAwggIKAoICAQC6TV2RCoH8d1g6xFvDo4FL9v+pGLe5+bu9ryjTaLbN
|
||||||
V5M/gcmMm2EUgwmp2l4bsDk1MQ6GSbud5kjYGZcp9uXxAVO8tfLVLQF7ohJYqiex
|
dH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZn6NwDm2Tm+ETMCG85yEA3jl4Kr9R
|
||||||
JN+fZkQyxTgSqrI7MKK1pUvGX/fa6EXzpKwxTQPJXiG/ZQW0Pn+gdrz+/Cf0PcVy
|
XfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJBnFX2qKpODeYLHaHxU1EnIXrStNf
|
||||||
V/Ghc2RR+WjKzqqAiDUJoEtKm/xQVRcSPbagVLCe0KZr7VmtDWnHsUv9ZB9BRNlI
|
IqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413CXzBCKEuu3VJj07ZvonnTzOgoLvh8
|
||||||
lRVDOhVDCCcMu/zEtcxuH8ja7fafi5xNt6vCBmHuCXQtTUsCAwEAAaOBuTCBtjAf
|
+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3YIGCB5TV9x0Y7hjvkr4E38gbJURj
|
||||||
BgNVHSMEGDAWgBQjgpNYJjU9Ei7nadpOhHm59FPiKTAMBgNVHRMBAf8EAjAAMB0G
|
uDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7dyEKRA03Lr7htfP5sa9tmv3L93dKD
|
||||||
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNwYD
|
po1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9oL59r8JmweqF3zRSwGSY336XoR/Fv
|
||||||
VR0RBDAwLoINbm90YXJ5LXNpZ25lcoIMbm90YXJ5c2lnbmVygglsb2NhbGhvc3SH
|
/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf1957bND+DS2HWPmWkw4yK6CGa0s55X
|
||||||
BAp1BI4wHQYDVR0OBBYEFLv4/22eN7pe8IzCbL+gKr2i/o6VMA0GCSqGSIb3DQEB
|
adiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uqagcX1kzbr/Pzy1gsq9FBBwaTJqBu
|
||||||
CwUAA4ICAQBzBcFgcwtr7oNP7WPyG64mRXHFs1qGCoDZO3D2dZPF/vUKnyPWI6+i
|
YIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VOQIBZK83xZEtHSJBEdUSuBOo3JS7j
|
||||||
Ozu1Lmvd6QUQ5C0m91D6RidKKy3ENz2MgUo8NNj3QY3XzassiLnNOtpo1ed6U3BG
|
/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW4u8/ZUdIq8KIE30Mj/XI/sgAPr5j
|
||||||
2w05gaLTTFywnpOgPy180U6f5uNSHGxY/fq9dN+8YR/MqGOht74q36x0swkPegG/
|
UQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBjqYBm/FRqyMH2hnHA0TMXY/WPufJ8
|
||||||
+0SLloKOJw1wBzZ4nCLmED08DWNnuNTAj5IIVjApzqZbTh4+z6H1lmN3b7XwmiWw
|
TX10daELCAYJCEETXmUt1i7dnFxdAZXTnHENHdNYiS4nGBfqMLmODtcAamcv6Dcl
|
||||||
+y7Jx8k74h5JmqKQnV+3lN0DlCc1BCbtH2fbKOmAKeu4gMniw5FBo75wYrPIet+Z
|
JnyQPt3QlCDPKkcHgz3y4tvDDx6M5rFWYzN9QLiWAYrunIk1R4Jj7FODrM6/NODE
|
||||||
E3G2Zg+T6fjTXAnLGT3S0RVn/CW1lLR6RgkoFgURRZoJyTWrg+1yu4ZOgEz+bot2
|
0Mz1czWfsmLfX/jF80SsxnY1DCLKGgo6/RID3xTp4eIMboxCfeH2/yDA+6YPyYbV
|
||||||
/hMAr/fjo+Dd6ReFrgGkpTyWYtPhYusori1W8KW138CVrJmSs6p2ss1Ixh8uIOaQ
|
Si4ccwo9Foq0IYU8bimPNTyBQ0N+8ajcn328ql6aazmr894Ch5pWA3Qxaa98FcKS
|
||||||
iFmlX/ZXXbvkz3FGQS9LfBdESO3MGjiJTcnXE0DTnXf6RmdlUfNwxsZbIliFa0TQ
|
zokBvmmCuvCJ9HOmxKWdFEhSRS9GWxn7wg78UIlLP/8RfUrsecBJHgyhWRA7Qs3K
|
||||||
E/JjIJYQzWmtkJbUdC02GUMjUJAM7SxmP7tU9CmMmjUI28Nno0XtPN2WsAszaiLh
|
keiG68Zrhn456IdMxjCZXgJ7gAAe77n4Cz8sFEHAvnAg9JLNEHuEBV5H1Hb7TzET
|
||||||
JYLJCi7rqaLo0oZuaXVIrgBpQ0qEC1XXS5sCQL+xvMSYvke/rhwIPItWt7Ww/9yj
|
k0lPiEY78QjutOpqHsWiagqSjlGEMqKI9c8WxXHh9030T/6NnWkdXFo+4HaEZEpp
|
||||||
QDIi1nzzX86lbKd095pNX4sUfFx6j4caR8iENgJDfWnqynAzj1Y21A==
|
0JryASS53B5SwLIPrn0Y2/io/kRgbglGktPt6Ex0DwW3f96lcz3me34Nw+HOYYnz
|
||||||
-----END CERTIFICATE-----
|
b0cz7JqJZgFXfEnykic3IwZs7m7Xrl9B/vvaVub9Fb5LQ7rIzrO7VkoILov/G41B
|
||||||
-----BEGIN CERTIFICATE-----
|
Pd4/kagjXDTWd+UBMvZF6YGjr+TUZi5ooi7bvQ3X6N9WNYKW4a1DOokz9janStiL
|
||||||
MIIF1TCCA72gAwIBAgIJAMk2DFRLRSRRMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
|
MrTKyOEOBi0Aew==
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
|
|
||||||
A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
|
|
||||||
MjMwNjAzMzdaFw0yNzAxMjEwNjAzMzdaMGwxCzAJBgNVBAYTAlVTMQswCQYDVQQI
|
|
||||||
DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMScw
|
|
||||||
JQYDVQQDDB5Ob3RhcnkgSW50ZXJtZWRpYXRlIFRlc3RpbmcgQ0EwggIiMA0GCSqG
|
|
||||||
SIb3DQEBAQUAA4ICDwAwggIKAoICAQCu+ldASegXuhXrA7mnk4nybTEomHnV8zJ/
|
|
||||||
uU6+8bWIo+htD8zgiONuk1uEww0p/nWtIZqm7xpLsklMp0CWRA8EAeUnxfNJ37ks
|
|
||||||
7nZuJ+YDtw77fC0IUJSWqFbro75nPMyegMqajT7IDWfLeTrIlgUmDu/45AWdbE2w
|
|
||||||
BrRgejqkL1yeQPaldgr97g00swbTd7wzWn1o6025Frm0kDEIqMJlkB61cHiVGZNu
|
|
||||||
oeDBZcFiwa/Ek/keDG3Y2R6cDQzZa8aEZG9i3Cmo0nGviojr+06JxQ8IkVc5P72e
|
|
||||||
Fb/jgX/NvRaqeBnJrZoiPnuMoMag/ynGC9fuIAGz25fKOuGOf52x+swzQB2ZVtxA
|
|
||||||
BIgIZIbMTURKknqbl6LAh46onQUVF+3h9E9Te3a4Oh7SvSGLYfEbWprPKo1J3lI9
|
|
||||||
ApU19TBhKUrj7dsJT3gri7f71NC2RLraZbpK3d8PWKMc/q4ffoRCeW+TPjYreC/d
|
|
||||||
7LdykAwYB2AGyHCLHkkkJC86n6wAsk/TaoTgjflyyQ35FNikUYqNF/rVuc+0Oj5R
|
|
||||||
odPk8y2vB7VvPvWWlttcr7OMqVVAymQvDOTb+5T6EI/LdHejjDMMI5lt6rVUU+uq
|
|
||||||
kGMYGiHtWG5JqQdhUBpISYuF74cS5aVRmnhK6O2ylMpmlWYq4128SRv8EEAPNcN9
|
|
||||||
V/RrOF9RsQIDAQABo4GGMIGDMB8GA1UdIwQYMBaAFJZZtwJ5t4SBmVaTb+T5puH5
|
|
||||||
sQWkMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
|
||||||
AQUFBwMCMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQUI4KTWCY1PRIu52naToR5
|
|
||||||
ufRT4ikwDQYJKoZIhvcNAQELBQADggIBAI64zW1o24R8K7qsE8FO3UHJQdizR1RC
|
|
||||||
FvMDgXGDSYMUg4QkEvHYYOoFH1zMd1HNUuLDO231dtw23kshNY/kdKfdFJktT3Dz
|
|
||||||
50r/hl2090uZIOk9aLv7swG0voA6A8CI2qyXEXW9Le8xrnrJUU5T+3YDxseHokTT
|
|
||||||
XT9hLd1iSNH5gi3tOaJ4KNbHc2zhKtQSUZbxguapUIUXStiQLz06itQu3i1fLdMd
|
|
||||||
L3yRJID4aWU+Dmm5AQ6F3ticIpzFmJyAsTM2BMiTnlSJPK3LA2WYMBOVD6r9yo08
|
|
||||||
cEpi6Vo8pZdsnHWaIaIkO4UR7iBwmkT0h8HfNZ4uEoViiMsxqNVsQBfJR/9DzAXz
|
|
||||||
ctO6JtNJdNwn2zlv4NCIcV0AdncVf049uOtTBWIqRn1IHQ8d119lQAMXZZMSNKBI
|
|
||||||
lIYFCKMh95XI6mK6VFsFKs2wSDiSH4ZOqIwr4urmr1opLNJ5T5Ck18YwJafgCH4p
|
|
||||||
1BcgR06wuw5ckIuUyUwiakiGINZcrzUnAoRtEKsVi/PQAC+45veo8Lcvwnj5X0vg
|
|
||||||
PKudwiJivo7Umvj1xEVyVIy+22cyDk/yLTVI0sS2Kpuwd+PLE16C5+nPr8wKEWqL
|
|
||||||
ccotlod4ZDVb6vNU5VRUSu4bSYBry/FbftPNgAwfH8ufSddeJMjTQ+V69XrQZ5Ex
|
|
||||||
XJCKYD/1jYIB
|
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
@ -1,28 +1,52 @@
|
|||||||
-----BEGIN RSA PRIVATE KEY-----
|
-----BEGIN PRIVATE KEY-----
|
||||||
MIIEowIBAAKCAQEA2E7z4r3FPoz11AL3QfGzpuZNdZDMTmhXaQt5Uqo6PAC8a3rA
|
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC6TV2RCoH8d1g6
|
||||||
ETZckIBtNLcU5Eg7Kg5VANUK/Y+TaVlcZapKsfxJja6aNEkiE8OKo31Xkz+ByYyb
|
xFvDo4FL9v+pGLe5+bu9ryjTaLbNdH/Cmf5/8WrmgJ3vG2Ksk796J7qsVddwvQkZ
|
||||||
YRSDCanaXhuwOTUxDoZJu53mSNgZlyn25fEBU7y18tUtAXuiEliqJ7Ek359mRDLF
|
n6NwDm2Tm+ETMCG85yEA3jl4Kr9RXfWHYWEavv0vsq6M+bUSSq7VJAhgk4wfx6qJ
|
||||||
OBKqsjsworWlS8Zf99roRfOkrDFNA8leIb9lBbQ+f6B2vP78J/Q9xXJX8aFzZFH5
|
BnFX2qKpODeYLHaHxU1EnIXrStNfIqR4Eu0Xre8jAkzrDdaFy/KnX4HGgNdz413C
|
||||||
aMrOqoCINQmgS0qb/FBVFxI9tqBUsJ7QpmvtWa0NacexS/1kH0FE2UiVFUM6FUMI
|
XzBCKEuu3VJj07ZvonnTzOgoLvh8+PCoQ2M4OBPT9gHqUov1I8nWnrjc+HuM1BW3
|
||||||
Jwy7/MS1zG4fyNrt9p+LnE23q8IGYe4JdC1NSwIDAQABAoIBAHykYhyRxYrZpv3Y
|
YIGCB5TV9x0Y7hjvkr4E38gbJURjuDwg8jof4lMRmU/FHXFLt1ucGwNFUJdPwI7d
|
||||||
B6pUIHVX1+Ka4V98+IFrPynHNW9F7UzxmqNQc95AYq0xojQ4+v6s64ZjPMYHaaYW
|
yEKRA03Lr7htfP5sa9tmv3L93dKDpo1gW1LsfiM3Cur5jARM/hBA+eYJr12Laf9o
|
||||||
/AsJKamN+sRNjEX8rko9LzIuE7yhp6QABbjXHPsAiPgZdF5CrFX2Q558yinHfFeC
|
L59r8JmweqF3zRSwGSY336XoR/Fv/PAFs9vfKKWZp0uiRtuY9JZNRTF8trnfNf19
|
||||||
sualDWK3JxEajaiBGU8BEGt2xAymuWACGblrM1aAEZa8B84TW3CzzcdyzAkn8P3e
|
57bND+DS2HWPmWkw4yK6CGa0s55XadiDt4gDFvKjl68dBWZoHutY+cZy/hK1D5uq
|
||||||
piJCe+DWMc33441r0KlV5GruwF9ewXiWzZtXAOiP/0xEDICFdlFWbO39myMpxDdU
|
agcX1kzbr/Pzy1gsq9FBBwaTJqBuYIAsSuzP+7NNZXoPd3rg13V93pbZr8eQN5VO
|
||||||
Y0uZ+zmn2G3gz2tz25thH0Wl7mDQ3AA0VlHurgPBBEekeZPQmjiKW+F4slCzXvuy
|
QIBZK83xZEtHSJBEdUSuBOo3JS7j/rjEnspRqOI4soFnx1vaK0TrRyzJ5KBOuGpW
|
||||||
kW/urIECgYEA/LhY+OWlZVXzIEly7z1/cU9/WImqTs2uRKDeQHMwZrd7D9BXkJuQ
|
4u8/ZUdIq8KIE30Mj/XI/sgAPr5jUQIDAQABAoICAQCqIgbFcqwcK7zWBgWrFsD3
|
||||||
jPN+jZlMYBBrxoaCywbMrgB80Z3MgGHaSx9OIDEZmaxyuQv0zQJCMogysYkbCcaD
|
53u4J4t4+df6NGB7F9CAtdgKlej1XDl8gI46Em89HLwqyOdPhCD3opoR3Vg69+IX
|
||||||
mHYnyAf7OXa708Z168WAisEhrwa/DXBn3/hPoBkrbMsuPF/J+tEP7lsCgYEA2x2g
|
f62+gSD+SrA4A7jFxXvryXt0g3hTHYFHssx2j39NUghxOrOvxm6bgxJ4ifqt+Uq8
|
||||||
86SitgPVeNV3iuZ6D/SV0QIbDWOYoST2GQn2LnfALIOrzpXRClOSQZ2pGtg9gYo1
|
cEtM26Xu/T4/3xTpN+7pnVBHGzmLe1q8RNiLe5qhmwtgz/ZKmdSnz0YLQDRo5jWf
|
||||||
owUyyOSv2Fke93p3ufHv3Gqvjl55lzBVV0siHkEXwHcol36DDGQcskVnXJqaL3IF
|
Xhxkb63WKrFIu4JzV9my/v9/GfMdHxD0a196ZqHLX0Buj4pQuVbS18dxLF94qIXC
|
||||||
tiOisuJS9A7PW7gEi0miyGzzB/kh/IEWHKqLL9ECgYEAoBOFB+MuqMmQftsHWlLx
|
FCZtYtpAxmhjOR2btJ/M1S2MBMkR3vRvSOuxHd8d/zdYys5k2WElArs1TDGGDldW
|
||||||
7qwUVdidb90IjZ/4J4rPFcESyimFzas8HIv/lWGM5yx/l/iL0F42N+FHLt9tMcTJ
|
jp3FYkoygsdWTs056HM1Y9F8dV2KAWfAhEQD8mBIGVjMrCqpnyZcK6JkqVg9c7YW
|
||||||
qNvjeLChLp307RGNtm2/0JJEyf+2iLKdmGz/Nc0YbIWw46vJ9dXcXgeHdn4ndjPF
|
IYQ2JRwsHq58FMNa3TLTvf/OClhEfSbRWAF0AhMTpnSUgP06cbJeXyzqzHdE37hv
|
||||||
GDEI/rfysa7hUoy6O41BMhECgYBPJsLPgHdufLAOeD44pM0PGnFMERCoo4OtImbr
|
74OBx7KNoS+PEQ3lVgbHsWoUzf3SqB1IOzLyzuEUgHqON2GKmmCNcRMBi3DuV9tw
|
||||||
4JdXbdazvdTASYo7yriYj1VY5yhAtSZu/x+7RjDnXDo9d7XsK6NT4g4Mxb/yh3ks
|
Q8LWynNxhD8vyBkmo0kAd/FwgXrxJTGdYvxyn29I7QanCTH7o8wtjSE0jj9Qo7oC
|
||||||
kW1/tE/aLLEzGHZKcZeUJlISN57e6Ld7dh/9spf4pajuHuk1T6JH+GNKTAqk5hSQ
|
McAYGR6oTAjrT78KhI7aZJU5nuA6ySSCJRa6et1CC+SseWknyMMJ5HTo8l7jjXJA
|
||||||
wmKJIQKBgCGBWGvJrCeT5X9oHdrlHj2YoKvIIG1eibagcjcKemD7sWzi7Q4P7JIo
|
9hjNGGs6giOxznizf+2YAQKCAQEA9wRQk4yN402tfuicvfQBnFUtcpqctWSgGc0T
|
||||||
xeX8K1WVxdBpo4/RiQcGFmwSmSUKwwr1dO00xtjxIl7ip4DU+WAM7CdmcOIOMbr4
|
qzWJgH/W07FMUHzAvqCgsYMMaeteXOMZH7jijvtIlhYfIg5w+RJ9PSsSu680OzGN
|
||||||
rP9T/wy1ZBkERCIw2ElybTzB8yuOlNLuOMhUeU55xUMFNYYrWEp2
|
R31+l2B/QzRAHUJ6+OVgWxAn6awU1mYLaiwVmSNWEnjAPE4XeSK708OOganI3pBQ
|
||||||
-----END RSA PRIVATE KEY-----
|
8zOHj+j6uV8ddG79D6FqNJHAQwpou/p+XO/BGDFgX22x4F68Z0gCQcmoyAE7ppOp
|
||||||
|
dqq3lPoDbRQ02/5cqaIA6dhmfjK2cpz4y1nUxffzY7qJjpoB/YSdR66cCNiYcJzp
|
||||||
|
fMVBXhF9Iyj/Cah1w+hc0NOy9dW15afFaLFK0zrtAzEaVxH/0QKCAQEAwRPOwSCl
|
||||||
|
XrMYXmc91TF6XbhErILHK/pIEOIMF09KNJvSjY0188Ram/pFbPRYh0cIyASmRGXL
|
||||||
|
Qq5B1Qi0vx5TCq1OCrW2yeE7zboAlnADhk1u9N8YmL6JrCKVGQO7wFD3V8uphXdM
|
||||||
|
tixNa5WvJ6eE5Vq+SVy99V5pQgb8ErrISlW4MYK7LI7DruSDuM2tHtiOcXcdTVej
|
||||||
|
1stXJZkH46RYvxxid9tRzfiB8K5ziZfLwPNf2wRyj1J4ojn5pPNhhfkjJ24LCZGt
|
||||||
|
JxwSXqdP+4x7by6x3mU+hutU/lF3jl+0edSnU0cZ6lvuq2T5YGgda/VXlv1ZFQUw
|
||||||
|
rwUXD9unU+aLgQKCAQEA9R74/pI5sthAVHFsKStb9dComtNGstI59aCF5h3oZvV1
|
||||||
|
Lvj/q9dARWqMS9qplOoV58MMCWikmhJNw3IMTvVZsjBgyzRVEJ4aDKttcQXde0Ys
|
||||||
|
w3m0LdTsxtSHu5XapY032FHG/gLlI+Pm48mjqbQsou6OyOOEJLNhO0qmqc/2tB4T
|
||||||
|
v6PdTM9enAYnqCcCTQSlTfSTNJJOYT2OTuRB4U7hUvQoGTSOInrmwLRDNBjQuCso
|
||||||
|
/zNQCQbu2P6EPYmam5yjZDTUxqZL+G/GvK49Fp9JXlQc5ycke7rD+uwa3s+3wCtG
|
||||||
|
rH9gJitfQZrxj+Cj9EOwj0bfJLbac6ZD0CkH5GNeIQKCAQBdoGFOPapzdZ2HicDu
|
||||||
|
NQQFlmmWzgQPS1rO9Q6v7v8o67b6dVOIVdsqb/5ii0qyrruPYtHNsR8TwrShvYsI
|
||||||
|
cogKUWfawatV0ibR6DSIvuC2q632iIjA6QSRuGNcsfbFl32Z0WTvF57XaDxSw08g
|
||||||
|
h5dmMM69fH+REKsyHXj3DCQ8B70+JQrm3IP/t0g4wWQF5TWNyBkpfCoy6n/j94Vf
|
||||||
|
2j4+zmDhhjTxEGTSdYYJXtarRllhN5Ll9TQSVtK8LllIQjvNzwsDJOU2ZeJyi+e5
|
||||||
|
L7Jbg+U01xuvCUc52/+Bxt8ZhQlu1Le4ccQW0Ows19AMnfhPe6NLEi09cdZxFi7Z
|
||||||
|
/J4BAoIBABCzkBDFxZdfWYt69VBt9PSG8eJ6avny3hXCtKaHIQb+aD5nKjRP0DVh
|
||||||
|
gyutCo6RasMEc6D1tJGyR/Xvhm64q4JPb5UbSaRQiVYKdgRtMM9pZeBkcBtNs18K
|
||||||
|
yMx5ajgYorrbi86hXHX7q+JYP8MCbcqqAUSl/Hi8nPxc1foTiCNDf4kGoHvXmoxt
|
||||||
|
0tA65tFFQhEA6KBn68SDkyTsl/zb5Sx0GJY4kZkOeF3GaxPFX12skgXv95GJUskX
|
||||||
|
88RJsH4Qqqtzbzj8R241BH8OrcOoyELc6xPioEqUHKVxSIf2ylITbj0UQHd2u0mN
|
||||||
|
tajKl+aoc+CDxUYbilzhhKetWWF/cJY=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
@ -1,32 +0,0 @@
|
|||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFhjCCA26gAwIBAgIJALJdsE+BUxypMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0G
|
|
||||||
A1UECgwGRG9ja2VyMRowGAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTAeFw0xNzAx
|
|
||||||
MjMwNjAzMzZaFw0yNzAxMjEwNjAzMzZaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQI
|
|
||||||
DAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEPMA0GA1UECgwGRG9ja2VyMRow
|
|
||||||
GAYDVQQDDBFOb3RhcnkgVGVzdGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
|
|
||||||
ADCCAgoCggIBALIZNBcIoQDJql5w+XULXq9W3tmD47xnf+IG4u7hkDVPCT4xRG74
|
|
||||||
LBoSuFyPUrfT+tsibMlNG6XRtSfLQdNNeQuyIuiilNXV0kXB0RR3TrhxCaKdhRU5
|
|
||||||
oQGfpYMvbPNFB7WU/5aAiQutHH85hEMPECf1qPjq8YlUaXJLGFY3WRkW+OOBZ78U
|
|
||||||
00PqKlvC1kR/NbsV3IkMrO+vWWJQrPFusyYjQ511eQXnRtt8P0Qic0azPffQDVxC
|
|
||||||
WUe47hmdQ1AULbxQ9AZcPlMI7UFqo+/w/4hPEGJMeOWirLvHLXg4nsOwy7DfWl/n
|
|
||||||
MqLdJOC/KNfQVAQtkteeZZkkIIV1gxTPYsJqPNwkP9GdJK1A8NW1ef75v7xbQCPY
|
|
||||||
03QQonBEK7ny7b1xXGGgJzXvK9RP0UUwjt/815c4d0cgUHsy4yuvl2F44EObRshk
|
|
||||||
fjJVsN/0wrtq4QLE5ZvbeO+7to8dLcRxkmB8axhxahega7akUyY0WxZ+iSn6fzft
|
|
||||||
/xeCcs/L10V5z0kK4PbiNnooDzV4B6Dy/5oyNExw0jgpD0mzOK5aLb0tXGqFT/ZJ
|
|
||||||
9vydelBq5q4jLV7SHhHM1dBJSv1fl7vOpDlEr7LBd4YAO2BowoyGLHtLhgYybXF+
|
|
||||||
CZ9ywPb1dIIcdK5IVeZECNHMSBuhCRZUu+aun8tRcdSgLEX7mQ/GKWELAgMBAAGj
|
|
||||||
RTBDMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgFGMB0GA1UdDgQW
|
|
||||||
BBSWWbcCebeEgZlWk2/k+abh+bEFpDANBgkqhkiG9w0BAQsFAAOCAgEAQ9gA3Q4b
|
|
||||||
r2+ZJdIDoDzCNdtHQbb/d1NiUP/Na1MFo7omR3MnKGXy3dIp9IrQq6ROhlqUhDvl
|
|
||||||
pZegYhTbunTVv1KKJ+5n1hY6pG/Jr8oLY3b9i4qwDLKfQGm5PmrfwAtqbLSfY2M0
|
|
||||||
2AZyAhCdGbqB7WpTdG1J7DzGbVVWAtS05e24Mu0qZJvpHdtl4+t89vXgJ/bPrPxF
|
|
||||||
cpAlT9DOtobTEqrXZeS937F1qNyIgyBki+7mtxkwng5cf3zQM2BJ9lSFQJOBSRDr
|
|
||||||
haMcnaPI4pknO7OfYf5W9LaS1Dx/U/NeMBfnVBd9NjUw+TMjy2MdMLUaLa9EF7Jo
|
|
||||||
Gjk+fKaTaUgO8I487wHPMeoEA4A4dEePzGrybRLfl1ZYGQ0xcgunz64n2xfQIy2y
|
|
||||||
swiyaofYlLxzHzOL0N+Y76P0ic37t9R2F5ggNhfbXhClK2h4HmdjRRRt3VkxR4AD
|
|
||||||
7OM09bEhlZby34HOlCaC0PHKwYBMjneAG3ycPN88YTMYR2/KizExe71ayNwX2KHL
|
|
||||||
ib1nOZgZT6s+YvgsZ7lRmMD4iqjuAEh5SRAcWlolVif8bAy09BkY1vwrtgV73q88
|
|
||||||
heEbsCE1fsfk1OfH5W4yjjiSDZFRt5oTCPQWJp+2P0RJ9LCxcbf0RrCg3hg5rD9N
|
|
||||||
lVTA0dsixv5zF3wTuad9inhk9Rmlq1KoaqA=
|
|
||||||
-----END CERTIFICATE-----
|
|
@ -6,7 +6,7 @@
|
|||||||
"type": "remote",
|
"type": "remote",
|
||||||
"hostname": "notarysigner",
|
"hostname": "notarysigner",
|
||||||
"port": "7899",
|
"port": "7899",
|
||||||
"tls_ca_file": "./root-ca.crt",
|
"tls_ca_file": "./notary-signer-ca.crt",
|
||||||
"key_algorithm": "ecdsa"
|
"key_algorithm": "ecdsa"
|
||||||
},
|
},
|
||||||
"logging": {
|
"logging": {
|
||||||
|
@ -60,6 +60,8 @@ services:
|
|||||||
- TERM=dumb
|
- TERM=dumb
|
||||||
- MYSQL_ALLOW_EMPTY_PASSWORD="true"
|
- MYSQL_ALLOW_EMPTY_PASSWORD="true"
|
||||||
command: mysqld --innodb_file_per_table
|
command: mysqld --innodb_file_per_table
|
||||||
|
depends_on:
|
||||||
|
- log
|
||||||
logging:
|
logging:
|
||||||
driver: "syslog"
|
driver: "syslog"
|
||||||
options:
|
options:
|
||||||
|
@ -20,19 +20,10 @@ max_job_workers = 3
|
|||||||
|
|
||||||
#Determine whether or not to generate certificate for the registry's token.
|
#Determine whether or not to generate certificate for the registry's token.
|
||||||
#If the value is on, the prepare script creates new root cert and private key
|
#If the value is on, the prepare script creates new root cert and private key
|
||||||
#for generating token to access the registry. If the value is off, a key/certificate must
|
#for generating token to access the registry. If the value is off the default key/cert will be used.
|
||||||
#be supplied for token generation.
|
#This flag also controls the creation of the notary signer's cert.
|
||||||
customize_crt = on
|
customize_crt = on
|
||||||
|
|
||||||
#Information of your organization for certificate
|
|
||||||
crt_country = CN
|
|
||||||
crt_state = State
|
|
||||||
crt_location = CN
|
|
||||||
crt_organization = organization
|
|
||||||
crt_organizationalunit = organizational unit
|
|
||||||
crt_commonname = example.com
|
|
||||||
crt_email = example@example.com
|
|
||||||
|
|
||||||
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||||
ssl_cert = /data/cert/server.crt
|
ssl_cert = /data/cert/server.crt
|
||||||
ssl_cert_key = /data/cert/server.key
|
ssl_cert_key = /data/cert/server.key
|
||||||
|
85
make/prepare
85
make/prepare
@ -135,13 +135,6 @@ if protocol == "https":
|
|||||||
cert_path = rcp.get("configuration", "ssl_cert")
|
cert_path = rcp.get("configuration", "ssl_cert")
|
||||||
cert_key_path = rcp.get("configuration", "ssl_cert_key")
|
cert_key_path = rcp.get("configuration", "ssl_cert_key")
|
||||||
customize_crt = rcp.get("configuration", "customize_crt")
|
customize_crt = rcp.get("configuration", "customize_crt")
|
||||||
crt_country = rcp.get("configuration", "crt_country")
|
|
||||||
crt_state = rcp.get("configuration", "crt_state")
|
|
||||||
crt_location = rcp.get("configuration", "crt_location")
|
|
||||||
crt_organization = rcp.get("configuration", "crt_organization")
|
|
||||||
crt_organizationalunit = rcp.get("configuration", "crt_organizationalunit")
|
|
||||||
crt_commonname = rcp.get("configuration", "crt_commonname")
|
|
||||||
crt_email = rcp.get("configuration", "crt_email")
|
|
||||||
max_job_workers = rcp.get("configuration", "max_job_workers")
|
max_job_workers = rcp.get("configuration", "max_job_workers")
|
||||||
token_expiration = rcp.get("configuration", "token_expiration")
|
token_expiration = rcp.get("configuration", "token_expiration")
|
||||||
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
|
||||||
@ -262,52 +255,54 @@ FNULL = open(os.devnull, 'w')
|
|||||||
from functools import wraps
|
from functools import wraps
|
||||||
def stat_decorator(func):
|
def stat_decorator(func):
|
||||||
@wraps(func)
|
@wraps(func)
|
||||||
def check_wrapper(*args, **kwargs):
|
def check_wrapper(*args, **kw):
|
||||||
stat = func(*args, **kwargs)
|
stat = func(*args, **kw)
|
||||||
message = "Generated configuration file: %s" % kwargs['path'] \
|
message = "Generated certificate, key file: %s, cert file: %s" % (kw['key_path'], kw['cert_path']) \
|
||||||
if stat == 0 else "Fail to generate %s" % kwargs['path']
|
if stat == 0 else "Fail to generate key file: %s, cert file: %s" % (kw['key_path'], kw['cert_path'])
|
||||||
print(message)
|
print(message)
|
||||||
if stat != 0:
|
if stat != 0:
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
return check_wrapper
|
return check_wrapper
|
||||||
|
|
||||||
@stat_decorator
|
@stat_decorator
|
||||||
def check_private_key_stat(*args, **kwargs):
|
def create_root_cert(subj, key_path="./k.key", cert_path="./cert.crt"):
|
||||||
return subprocess.call(["openssl", "genrsa", "-out", kwargs['path'], "4096"],\
|
rc = subprocess.call(["openssl", "genrsa", "-out", key_path, "4096"], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
if rc != 0:
|
||||||
|
return rc
|
||||||
|
return subprocess.call(["openssl", "req", "-new", "-x509", "-key", key_path,\
|
||||||
|
"-out", cert_path, "-days", "3650", "-subj", subj], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
|
|
||||||
@stat_decorator
|
@stat_decorator
|
||||||
def check_certificate_stat(*args, **kwargs):
|
def create_cert(subj, ca_key, ca_cert, key_path="./k.key", cert_path="./cert.crt"):
|
||||||
dirty_subj = "/C={0}/ST={1}/L={2}/O={3}/OU={4}/CN={5}/emailAddress={6}"\
|
cert_dir = os.path.dirname(cert_path)
|
||||||
.format(crt_country, crt_state, crt_location, crt_organization,\
|
csr_path = os.path.join(cert_dir, "tmp.csr")
|
||||||
crt_organizationalunit, crt_commonname, crt_email)
|
rc = subprocess.call(["openssl", "req", "-newkey", "rsa:4096", "-nodes","-sha256","-keyout", key_path,\
|
||||||
subj = validate_crt_subj(dirty_subj)
|
"-out", csr_path, "-subj", subj], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
return subprocess.call(["openssl", "req", "-new", "-x509", "-key",\
|
if rc != 0:
|
||||||
private_key_pem, "-out", root_crt, "-days", "3650", "-subj", subj], \
|
return rc
|
||||||
stdout=FNULL, stderr=subprocess.STDOUT)
|
return subprocess.call(["openssl", "x509", "-req", "-days", "3650", "-in", csr_path, "-CA", \
|
||||||
|
ca_cert, "-CAkey", ca_key, "-CAcreateserial", "-out", cert_path], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
|
|
||||||
def openssl_is_installed(stat):
|
def openssl_installed():
|
||||||
if stat == 0:
|
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
return True
|
if shell_stat != 0:
|
||||||
else:
|
|
||||||
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
|
print("Cannot find openssl installed in this computer\nUse default SSL certificate file")
|
||||||
return False
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
if customize_crt == 'on':
|
|
||||||
|
if customize_crt == 'on' and openssl_installed():
|
||||||
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
shell_stat = subprocess.check_call(["which", "openssl"], stdout=FNULL, stderr=subprocess.STDOUT)
|
||||||
if openssl_is_installed(shell_stat):
|
empty_subj = "/C=/ST=/L=/O=/CN=/"
|
||||||
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
|
private_key_pem = os.path.join(config_dir, "ui", "private_key.pem")
|
||||||
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
root_crt = os.path.join(config_dir, "registry", "root.crt")
|
||||||
|
create_root_cert(empty_subj, key_path=private_key_pem, cert_path=root_crt)
|
||||||
check_private_key_stat(path=private_key_pem)
|
|
||||||
check_certificate_stat(path=root_crt)
|
|
||||||
else:
|
else:
|
||||||
print("Generated configuration file: %s" % ui_config_dir + "private_key.pem")
|
print("Copied configuration file: %s" % ui_config_dir + "private_key.pem")
|
||||||
shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem"))
|
shutil.copyfile(os.path.join(templates_dir, "ui", "private_key.pem"), os.path.join(ui_config_dir, "private_key.pem"))
|
||||||
print("Generated configuration file: %s" % registry_config_dir + "root.crt")
|
print("Copied configuration file: %s" % registry_config_dir + "root.crt")
|
||||||
shutil.copyfile(os.path.join(templates_dir, "registry", "root.crt"), os.path.join(registry_config_dir, "root.crt"))
|
shutil.copyfile(os.path.join(templates_dir, "registry", "root.crt"), os.path.join(registry_config_dir, "root.crt"))
|
||||||
|
|
||||||
FNULL.close()
|
|
||||||
if args.notary_mode:
|
if args.notary_mode:
|
||||||
notary_config_dir = prep_conf_dir(config_dir, "notary")
|
notary_config_dir = prep_conf_dir(config_dir, "notary")
|
||||||
notary_temp_dir = os.path.join(templates_dir, "notary")
|
notary_temp_dir = os.path.join(templates_dir, "notary")
|
||||||
@ -315,11 +310,27 @@ if args.notary_mode:
|
|||||||
if os.path.exists(os.path.join(notary_config_dir, "mysql-initdb.d")):
|
if os.path.exists(os.path.join(notary_config_dir, "mysql-initdb.d")):
|
||||||
shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
|
shutil.rmtree(os.path.join(notary_config_dir, "mysql-initdb.d"))
|
||||||
shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d"))
|
shutil.copytree(os.path.join(notary_temp_dir, "mysql-initdb.d"), os.path.join(notary_config_dir, "mysql-initdb.d"))
|
||||||
#TODO:generate certs?
|
if customize_crt == 'on' and openssl_installed():
|
||||||
|
temp_cert_dir = os.path.join(base_dir, "cert_tmp")
|
||||||
|
if not os.path.exists(temp_cert_dir):
|
||||||
|
os.makedirs(temp_cert_dir)
|
||||||
|
ca_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=Self-signed by VMware, Inc."
|
||||||
|
cert_subj = "/C=US/ST=California/L=Palo Alto/O=VMware, Inc./OU=Harbor/CN=notarysigner"
|
||||||
|
signer_ca_cert = os.path.join(temp_cert_dir, "notary-signer-ca.crt")
|
||||||
|
signer_ca_key = os.path.join(temp_cert_dir, "notary-signer-ca.key")
|
||||||
|
signer_cert_path = os.path.join(temp_cert_dir, "notary-signer.crt")
|
||||||
|
signer_key_path = os.path.join(temp_cert_dir, "notary-signer.key")
|
||||||
|
create_root_cert(ca_subj, key_path=signer_ca_key, cert_path=signer_ca_cert)
|
||||||
|
create_cert(cert_subj, signer_ca_key, signer_ca_cert, key_path=signer_key_path, cert_path=signer_cert_path)
|
||||||
|
print("Copying certs for notary signer")
|
||||||
|
shutil.copy2(signer_cert_path, notary_config_dir)
|
||||||
|
shutil.copy2(signer_key_path, notary_config_dir)
|
||||||
|
shutil.copy2(signer_ca_cert, notary_config_dir)
|
||||||
|
else:
|
||||||
print("Copying certs for notary signer")
|
print("Copying certs for notary signer")
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.crt"), notary_config_dir)
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer.key"), notary_config_dir)
|
||||||
shutil.copy2(os.path.join(notary_temp_dir, "root-ca.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(notary_temp_dir, "notary-signer-ca.crt"), notary_config_dir)
|
||||||
|
|
||||||
shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
|
shutil.copy2(os.path.join(registry_config_dir, "root.crt"), notary_config_dir)
|
||||||
print("Copying notary signer configuration file")
|
print("Copying notary signer configuration file")
|
||||||
@ -335,6 +346,6 @@ if args.notary_mode:
|
|||||||
default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
|
default_alias = ''.join(random.choice(string.ascii_letters) for i in range(8))
|
||||||
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
||||||
|
|
||||||
|
FNULL.close()
|
||||||
print("The configuration files are ready, please use docker-compose to start the service.")
|
print("The configuration files are ready, please use docker-compose to start the service.")
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user