Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

creds_setup.sh does not work on Windows #64

Open
bobaekang opened this issue Jun 4, 2020 · 0 comments
Open

creds_setup.sh does not work on Windows #64

bobaekang opened this issue Jun 4, 2020 · 0 comments

Comments

@bobaekang
Copy link

There are a couple of lines of bash code that does not work on Windows:

  1. timestamp variable on line 41 includes colon(":"). This is used later when writing openssl keys to a disk location. The problem is that colon is not allowed as part of a file or folder name in Windows. See below for the code:

    compose-services/creds_setup.sh

    Lines 40 to 55 in 4b9509f

    # make directories for temporary credentials
    timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
    # generate private and public key for fence
    yearMonth="$(date +%Y-%m)"
    if [[ ! -d ./fenceJwtKeys ]] || ! (ls ./fenceJwtKeys | grep "$yearMonth" > /dev/null 2>&1); then
    echo "Generating fence OAUTH key pairs under Secrets/fenceJwtKeys"
    mkdir -p fenceJwtKeys
    mkdir -p fenceJwtKeys/${timestamp}
    openssl genpkey -algorithm RSA -out fenceJwtKeys/${timestamp}/jwt_private_key.pem \
    -pkeyopt rsa_keygen_bits:2048
    openssl rsa -pubout -in fenceJwtKeys/${timestamp}/jwt_private_key.pem \
    -out fenceJwtKeys/${timestamp}/jwt_public_key.pem
    chmod -R a+rx fenceJwtKeys
    fi

  2. SUBJ variable on line 82 is not preserved as defined when provided as parameter input to openssl req -sbj on line 84. For this code to work, the SUBJ string value has to be revised to SUBJ="//countryName=US\stateOrProvinceName=IL\localityName=Chicago\organizationName=CDIS\organizationalUnitName=PlanX\commonName=$commonName\emailAddress=cdis@uchicago.edu". Here is a related discussion on StackOverflow.
    See below for the code:

    compose-services/creds_setup.sh

    Lines 77 to 84 in 4b9509f

    if ! [[ -f openssl.cnf && -f ca.pem && -f ca-key.pem ]]; then
    echo "Generating a local certificate authority, and TLS certificates under Secrets/TLS/"
    # erase old certs if they exist
    /bin/rm -rf service.key service.crt
    commonName=${1:-localhost}
    SUBJ="/countryName=US/stateOrProvinceName=IL/localityName=Chicago/organizationName=CDIS/organizationalUnitName=PlanX/commonName=$commonName/emailAddress=cdis@uchicago.edu"
    openssl req -new -x509 -nodes -extensions v3_ca -keyout ca-key.pem \
    -out ca.pem -days 365 -subj $SUBJ $OPTS

I've tweaked the two lines mentioned above to get the script work using Git Bash on my machine running on Windows 10 Home.

It would be helpful if the script is modified to accommodate Windows users or at least that this repo's README.md mentions that the script is meant to be run on Linux/MacOS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bobaekang