Certmonger docker.

2022-12-09 17:04:46 +01:00
commit 1b38117732
4 changed files with 47 additions and 0 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,14 @@
+kind: pipeline
+name: default
+
+steps:
+- name: docker  
+  image: plugins/docker
+  settings:
+    registry: https://git.ivasoft.cz
+    username:
+      from_secret: repo_user
+    password:
+      from_secret: repo_pass
+    repo: git.ivasoft.cz/sw/certmonger
+    tags: latest
--- a/13
+++ b/13
@@ -0,0 +1,13 @@
+FROM almalinux
+
+RUN yum update \
+ && yum install wget certmonger
+
+COPY createCertChain.sh /createCertChain.sh
+COPY entrypoint.sh /entrypoint.sh
+
+RUN mkdir /var/run/dbus
+
+VOLUME /var/lib/certmonger
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/createCertChain.sh
+++ b/createCertChain.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+wget "$2?operation=GetCACert&message=&base64=1&onlyRoot=1" -O $3
+wget "$2?operation=GetCACert&message=&base64=1&skipRoot=1" -O /tmp/inter.cer
+cat $1 /tmp/inter.cer > $4
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+RUN_CMD="/usr/sbin/certmonger -L -P /var/run/certmonger.sock"
+
+if [ -f /var/lib/certmonger/lock ]; then
+        echo Certmonger already configured
+        eval "$RUN_CMD -n -c 'getcert list -i Task'"
+else
+        echo Creating certificate for $CERT_NAME from $SCEP_URL
+        mkdir /var/lib/certmonger/local
+        chmod 700 /var/lib/certmonger/local
+        eval "$RUN_CMD -n -c 'getcert add-scep-ca -c MyCA -u $SCEP_URL'"
+        eval "$RUN_CMD -n -c 'getcert request -I Task -c MyCA -f \"$CONTAINER_CERT_FILE\" -k \"$CONTAINER_KEY_FILE\" -g $CERT_KEY_BITS -N $CERT_NAME $CERT_KEY_USAGE $CERT_ALT_NAMES -C \"/createCertChain.sh $CONTAINER_CERT_FILE $SCEP_URL $CONTAINER_CA_FILE $CONTAINER_FULLCHAIN_FILE \"'"
+fi
+
+exec /usr/sbin/certmonger -L -P /var/run/certmonger.sock -n