about summary refs log tree commit diff stats
path: root/system/services/taskserver/certs/generate
diff options
context:
space:
mode:
Diffstat (limited to 'system/services/taskserver/certs/generate')
-rwxr-xr-xsystem/services/taskserver/certs/generate75
1 files changed, 0 insertions, 75 deletions
diff --git a/system/services/taskserver/certs/generate b/system/services/taskserver/certs/generate
deleted file mode 100755
index c3b58ae..0000000
--- a/system/services/taskserver/certs/generate
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i dash --packages openssl gnutls dash
-#! nix-shell --impure
-
-# For a public or production server, purchase a cert from a known CA, and skip
-# the next step.
-
-# For development, testing and personal server management, create a CA key and
-# cert, and use that to generate a server key and cert.  Creates:
-#   ca.key.pem
-#   ca.cert.pem
-#   server.key.pem
-#   server.cert.pem
-
-GENERATION_LOCATION="/run/user/$(id -u)/taskserver/certs"
-BASEDIR="$(dirname "$0")"
-cd "$BASEDIR" || {
-    echo "(BUG?) No basedir ('$BASEDIR')" 1>&2
-    exit 1
-}
-
-ca=false
-crl=false
-clients=false
-
-for arg in "$@"; do
-    case "$arg" in
-    "--ca")
-        ca=true
-        ;;
-    "--crl")
-        crl=true
-        ;;
-    "--clients")
-        clients=true
-        ;;
-    esac
-done
-
-# `ca.cert.pem` is not on this list, as it would otherwise get deleted in the `rm` on the
-# second-to last line
-set -- ./vars ./generate.ca ./generate.crl ./generate.client ./ca.key.pem.gpg ./isrgrootx1.pem
-
-mkdir --parents "$GENERATION_LOCATION"
-cp "$@" ./ca.cert.pem "$GENERATION_LOCATION"
-cd "$GENERATION_LOCATION" || echo "(BUG?) No possible location fould!" 1>&2
-
-gpg --decrypt ca.key.pem.gpg >ca.key.pem
-
-[ "$ca" = true ] && ./generate.ca
-cat ./isrgrootx1.pem >>./ca.cert.pem
-
-# Generate a certificate revocation list (CRL).  The initial CRL is empty, but
-# can grow over time.  Creates:
-#   server.crl.pem
-
-[ "$crl" = true ] && ./generate.crl
-
-# The above is sufficient to operate a server. You now need to run a client cert creation
-# process per client; Add the required client names and uncomment
-# ./generate.client <client_name>
-#
-#
-# Creates:
-#   <client_name>.key.pem
-#   <client_name>.cert.pem
-#
-[ "$clients" = true ] && ./generate.client soispha
-[ "$clients" = true ] && ./generate.client android-mobile
-[ "$clients" = true ] && ./generate.client android-tab
-
-rm "$@" "./ca.key.pem"
-echo "(INFO) Look for the keys at: $GENERATION_LOCATION"
-
-# vim: ft=sh
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-02-03 19:50:23 +0000