Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
update sealer key rotation script and bump base from rocky 8.9 to 8.10
  • Loading branch information
pcaskey committed Aug 16, 2024
1 parent 5f78603 commit 43a1723
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 19 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
@@ -1,4 +1,4 @@
FROM --platform=$TARGETPLATFORM rockylinux:8.9
FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10

########################
### VERSION SETTINGS ###
Expand All @@ -10,7 +10,7 @@ ENV TOMCAT_MAJOR=10 \
##shib-idp \
VERSION=5.1.3 \
##TIER \
TIERVERSION=20240813_rocky8_multiarch \
TIERVERSION=20240816_rocky8_multiarch \
#################### \
#### OTHER VARS #### \
#################### \
Expand Down
33 changes: 18 additions & 15 deletions container_files/idp/rotateSealerKey.sh
Expand Up @@ -16,22 +16,17 @@ then
exit 1
fi

# Default JAVA_HOME if not already set
if [ -d "${JAVA_HOME:=/usr}" ]
then
export JAVA_HOME=${JAVA_HOME:=/usr}
else
echo "ERROR: JAVA_HOME Directory does not exist: ${JAVA_HOME:=/usr}" >&2
exit 1
fi

function get_config {
# Key to lookup (escape . for regex lookup)
local KEY=${1:?"No key provided to look up value"}
# Passed default value
local DEFAULT="${2:-}"
# Lookup key, strip spaces, replace idp.home with IDP_HOME value
local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/conf/idp.properties)
if [ -z "$RESULT" ]
then
local RESULT=$(sed -rn '/^'"${KEY//./\\.}"'\s*=/ { s|^[^=]*=(.*)\s*$|\1|; s|%\{idp\.home\}|'"${IDP_HOME}"'|g; p}' ${IDP_HOME}/credentials/secrets.properties)
fi
# Set if no result with default - exit if no default
echo ${RESULT:-${DEFAULT:?"No value in config and no default defined for: '${KEY}'"}}
}
Expand All @@ -48,12 +43,19 @@ then
sync_hosts=$(get_config idp.sealer._sync_hosts ${HOSTNAME})

# Run the keygen utility
${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
--storefile "${storefile}" \
--storepass "${storepass}" \
--versionfile "${versionfile}" \
--alias "${alias}" \
--count "${count}"
${0%/*}/seckeygen.sh \
--storefile "${storefile}" \
--storepass "${storepass}" \
--versionfile "${versionfile}" \
--alias "${alias}" \
--count "${count}"

# ${0%/*}/runclass.sh net.shibboleth.utilities.java.support.security.BasicKeystoreKeyStrategyTool \
# --storefile "${storefile}" \
# --storepass "${storepass}" \
# --versionfile "${versionfile}" \
# --alias "${alias}" \
# --count "${count}"

# Display current version
echo "INFO: $(tac "${versionfile}" | tr "\n" " ")" >&2
Expand All @@ -73,3 +75,4 @@ then
done

fi

4 changes: 2 additions & 2 deletions test-compose/sp/Dockerfile
@@ -1,12 +1,12 @@
FROM i2incommon/shibboleth_sp:latest
FROM i2incommon/shibboleth_sp:3.4.1_05152024_rocky9_multiarch

LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
Vendor="TIER" \
ImageType="Shibboleth SP" \
ImageName=$imagename \
ImageOS=centos7

RUN yum -y update; yum -y install php
RUN dnf -y update; dnf -y install php

ADD container_files/shibboleth2.xml /etc/shibboleth/
ADD container_files/idp-metadata.xml /etc/shibboleth/
Expand Down

0 comments on commit 43a1723

Please sign in to comment.