203 lines
5.5 KiB
Bash
Executable File
203 lines
5.5 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
#############################################################
|
|
# Script name: install.sh
|
|
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
|
|
# Version: 1.0.0
|
|
# Description: This script prepare own pki environment
|
|
# License: GNU GPL v3
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# Changelog
|
|
# [1.0.0] - 2026-04-12
|
|
# - Added
|
|
# - create environment for cert
|
|
# - create DB
|
|
# - Project initialization
|
|
# - initialization by gilles.mouchet@gmail.com
|
|
#
|
|
############################################################
|
|
#
|
|
set -Eeuo pipefail
|
|
|
|
VERSION=1.0.0
|
|
|
|
############################################################
|
|
# FUNCTIONS
|
|
############################################################
|
|
#-----------------------------------------------------------
|
|
# init db
|
|
init_db(){
|
|
mkdir -p "$(dirname "$DB_PATH")"
|
|
sqlite3 $DB_PATH <<EOF
|
|
CREATE TABLE IF NOT EXISTS certs (
|
|
id INTEGER PRIMARY KEY AUTOINCREMENT,
|
|
common_name TEXT UNIQUE,
|
|
san_dns TEXT,
|
|
san_ip TEXT,
|
|
cert_key TEXT,
|
|
cert_csr TEXT,
|
|
cert_crt TEXT,
|
|
not_valid_before TEXT,
|
|
not_valid_after TEXT,
|
|
created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
|
|
updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
|
|
);
|
|
|
|
CREATE TRIGGER IF NOT EXISTS update_certs_updated_at
|
|
AFTER UPDATE ON certs
|
|
FOR EACH ROW
|
|
BEGIN
|
|
UPDATE certs
|
|
SET updated_at = CURRENT_TIMESTAMP
|
|
WHERE id = OLD.id;
|
|
END;
|
|
EOF
|
|
}
|
|
############################################################
|
|
# Main
|
|
############################################################
|
|
|
|
# path resolution
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
ROOT_DIR="$(dirname "$SCRIPT_DIR")"
|
|
CONF_PATH="/etc/own-pki"
|
|
ENABLE_COLOR=true
|
|
BIN_PATH="/opt/own-pki"
|
|
DB_PATH="/var/lib/own-pki/certificates.db"
|
|
ASSUME_YES=0
|
|
|
|
# read stdlib.sh
|
|
source "$ROOT_DIR/lib/set-color.sh"
|
|
source "$ROOT_DIR/lib/message.sh"
|
|
source "$ROOT_DIR/lib/check-rc.sh"
|
|
source "$ROOT_DIR/lib/yes-no.sh"
|
|
|
|
set_color
|
|
|
|
main(){
|
|
# check if user has sudo rigth
|
|
if sudo ! -n true 2>/dev/null; then
|
|
msg_error "Access denied: user $USER does not have sudo privileges or a password is required.."
|
|
exit 1
|
|
fi
|
|
|
|
# check if the effective user ID is 0 (root)
|
|
if [[ $EUID -ne 0 ]]; then
|
|
msg_error "\nThis script must be run as root or with sudo.\n"
|
|
exit 1
|
|
fi
|
|
|
|
# install sqlite
|
|
echo -n -e "Install ${ORANGE}sqlite${NC}. Please wait...: "
|
|
dnf install sqlite -y > /dev/null 2>&1
|
|
check_rc $?
|
|
|
|
# create paths
|
|
echo -n -e "Create path $BIN_PATH: "
|
|
if [ ! -d "$BIN_PATH" ]; then
|
|
mkdir -p "$BIN_PATH" 2>/dev/null
|
|
check_rc $?
|
|
else
|
|
msg_warn "$BIN_PATH already exists!"
|
|
fi
|
|
|
|
echo -n -e "Create path $BIN_PATH/lib: "
|
|
if [ ! -d "$BIN_PATH/lib" ]; then
|
|
mkdir -p "$BIN_PATH/lib" 2>/dev/null
|
|
check_rc $?
|
|
else
|
|
msg_warn "$BIN_PATH/lib already exists!"
|
|
fi
|
|
|
|
echo -e -n "Create $BIN_PATH/bin: "
|
|
if [ ! -d "$BIN_PATH/bin" ]; then
|
|
mkdir -p $BIN_PATH/bin 2>/dev/null
|
|
check_rc $?
|
|
else
|
|
msg_warn "$BIN_PATH/bin already exists!"
|
|
fi
|
|
|
|
echo -e -n "Create $BIN_PATH/config: "
|
|
if [ ! -d "$BIN_PATH/config" ]; then
|
|
mkdir -p $BIN_PATH/config 2>/dev/null
|
|
check_rc $?
|
|
else
|
|
msg_warn "$BIN_PATH/config already exists!"
|
|
fi
|
|
|
|
echo -e -n "Create $CONF_PATH: "
|
|
if [ ! -d "$CONF_PATH" ]; then
|
|
mkdir -p $CONF_PATH 2>/dev/null
|
|
check_rc $?
|
|
else
|
|
msg_warn "$CONF_PATH already exists!"
|
|
fi
|
|
|
|
# copy config file
|
|
echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/default.conf${NC} to $BIN_PATH/config: "
|
|
cp "$ROOT_DIR/config/default.conf" "$BIN_PATH/config/."
|
|
check_rc $?
|
|
|
|
# copy config file
|
|
echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/default.conf${NC} to $BIN_PATH/config: "
|
|
cp "$ROOT_DIR/config/default.conf" "$BIN_PATH/config/."
|
|
check_rc $?
|
|
|
|
# copy config file
|
|
echo -e -n "Copy ${ORANGE}$ROOT_DIR/config/ca-config.tmpl${NC} to ${BIN_PATH}/config: "
|
|
cp "$ROOT_DIR/config/ca-config.tmpl" "${BIN_PATH}/config/."
|
|
check_rc $?
|
|
|
|
# create DB
|
|
echo -n -e "Create DB $DB_PATH: "
|
|
if [ -f "$DB_PATH" ]; then
|
|
msg_warn "$DB_PATH already exists!"
|
|
yes_no "Are you sure you want to recreate a database"
|
|
rm -rf "$DB_PATH"
|
|
init_db
|
|
check_rc $?
|
|
else
|
|
init_db
|
|
check_rc $?
|
|
fi
|
|
|
|
# copy script file to opt
|
|
msg_info "Copy librairie scripts files"
|
|
files=( $ROOT_DIR/lib/* )
|
|
for f in "${files[@]}"; do
|
|
echo -e -n " copy ${ORANGE}$f${NC} to ${BIN_PATH}/lib: "
|
|
cp "$f" "$BIN_PATH/lib/"
|
|
check_rc $?
|
|
done
|
|
|
|
msg_info "Copy main scripts files"
|
|
files=( $ROOT_DIR/bin/* )
|
|
for f in "${files[@]}"; do
|
|
# exclude install.sh
|
|
if [ "$f" != "$ROOT_DIR/bin/install.sh" ]; then
|
|
echo -e -n " copy ${ORANGE}$f${NC} to ${BIN_PATH}/bin: "
|
|
cp "$f" "$BIN_PATH/bin/"
|
|
check_rc $?
|
|
fi
|
|
done
|
|
|
|
msg_info "Create link"
|
|
files=( $ROOT_DIR/bin/* )
|
|
for f in "${files[@]}"; do
|
|
# exclude install.sh
|
|
if [ "$f" != "$ROOT_DIR/bin/install.sh" ]; then
|
|
SCRIPT_FILE=$(basename "$f")
|
|
echo -e -n " create link ${ORANGE}$BIN_PATH/bin/$SCRIPT_FILE${NC} to /usr/local/bin/: "
|
|
ln -f -s $BIN_PATH/bin/$SCRIPT_FILE /usr/local/bin/ #>"$out_tmp" 2>"$err_tmp"
|
|
check_rc $?
|
|
|
|
fi
|
|
done
|
|
}
|
|
main "$@"
|
|
|