| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame^] | 1 | #!/bin/sh |
| 2 | |
| 3 | set -e |
| 4 | |
| 5 | # avoid problems with sudo path |
| 6 | SYSREPOCFG=`which sysrepocfg` |
| 7 | OPENSSL=`which openssl` |
| 8 | |
| 9 | # check that there is no SSH key with this name yet |
| 10 | KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"` |
| 11 | if [ -z "$KEYSTORE_KEY" ]; then |
| 12 | |
| 13 | # generate a new key |
| 14 | PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null` |
| 15 | # remove header/footer |
| 16 | PRIVKEY=`grep -v -- "-----" - <<STDIN |
| 17 | $PRIVPEM |
| 18 | STDIN` |
| 19 | # get public key |
| 20 | PUBPEM=`$OPENSSL rsa -pubout 2>/dev/null <<STDIN |
| 21 | $PRIVPEM |
| 22 | STDIN` |
| 23 | # remove header/footer |
| 24 | PUBKEY=`grep -v -- "-----" - <<STDIN |
| 25 | $PUBPEM |
| 26 | STDIN` |
| 27 | |
| 28 | # generate edit config |
| 29 | CONFIG="<keystore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-keystore\"> |
| 30 | <asymmetric-keys> |
| 31 | <asymmetric-key> |
| 32 | <name>genkey</name> |
| 33 | <algorithm>rsa2048</algorithm> |
| 34 | <public-key>$PUBKEY</public-key> |
| 35 | <private-key>$PRIVKEY</private-key> |
| 36 | </asymmetric-key> |
| 37 | </asymmetric-keys> |
| 38 | </keystore>" |
| 39 | TMPFILE=`mktemp -u` |
| 40 | printf -- "$CONFIG" > $TMPFILE |
| 41 | # apply it to startup and running |
| 42 | $SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2 |
| 43 | $SYSREPOCFG -C startup -m ietf-keystore -v2 |
| 44 | # remove the tmp file |
| 45 | rm $TMPFILE |
| 46 | |
| 47 | fi |