generate_secrets.sh: add opensslConf option

Needed for the following commit.
This commit is contained in:
Erik Arvstedt 2019-11-27 14:04:30 +01:00
parent 9d14d5ba64
commit e34093a8ac
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -1,9 +1,10 @@
#!/bin/sh #!/bin/sh
SECRETSFILE=secrets.nix opensslConf=${1:-openssl.cnf}
secretsFile=secrets.nix
if [ ! -e "$SECRETSFILE" ]; then if [ ! -e "$secretsFile" ]; then
echo Write secrets to $SECRETSFILE echo Write secrets to $secretsFile
makepw="apg -m 20 -x 20 -M Ncl -n 1" makepw="apg -m 20 -x 20 -M Ncl -n 1"
{ {
echo \{ echo \{
@ -13,10 +14,10 @@ if [ ! -e "$SECRETSFILE" ]; then
echo " liquidrpcpassword = \"$($makepw)\";" echo " liquidrpcpassword = \"$($makepw)\";"
echo " spark-wallet-password = \"$($makepw)\";" echo " spark-wallet-password = \"$($makepw)\";"
echo \} echo \}
} >> $SECRETSFILE } >> $secretsFile
echo Done echo Done
else else
echo $SECRETSFILE already exists. Skipping. echo $secretsFile already exists. Skipping.
fi fi
if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then if [ ! -e nginx.key ] || [ ! -e nginx.cert ]; then
@ -33,8 +34,8 @@ fi
if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then if [ ! -e lnd.key ] || [ ! -e lnd.cert ]; then
echo Generate LND compatible TLS Cert echo Generate LND compatible TLS Cert
openssl ecparam -genkey -name prime256v1 -out lnd.key openssl ecparam -genkey -name prime256v1 -out lnd.key
openssl req -config openssl.cnf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd' openssl req -config $opensslConf -new -sha256 -key lnd.key -out lnd.csr -subj '/CN=localhost/O=lnd'
openssl req -config openssl.cnf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert openssl req -config $opensslConf -x509 -sha256 -days 1825 -key lnd.key -in lnd.csr -out lnd.cert
rm lnd.csr rm lnd.csr
echo Done echo Done
else else