deblan-mirror/24eme-signaturepdf
1
0
Fork 0
mirror of https://github.com/24eme/signaturepdf synced 2026-03-14 13:55:44 +01:00
Code Activity

🎨 — Improve shell scripts

Browse source 
- make them pass shellcheck
- add set -euo pipefail
- simplify sed commands
This commit is contained in:
Luc Didry 2025-05-27 17:26:52 +02:00
commit 85877244b5
No known key found for this signature in database
GPG key ID: EA868E12D0257E3C
2 changed files with 16 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

7
entrypoint.sh
View file

@ -9,10 +9,9 @@ export LANG=$DEFAULT_LANGUAGE
export LANGUAGE=$DEFAULT_LANGUAGE
export LC_ALL=$DEFAULT_LANGUAGE
if [[ ! -z $PDF_STORAGE_PATH ]] ; then
mkdir -p $PDF_STORAGE_PATH
chown www-data:www-data $PDF_STORAGE_PATH
if [[ -n $PDF_STORAGE_PATH ]] ; then
mkdir -p "$PDF_STORAGE_PATH"
chown www-data:www-data "$PDF_STORAGE_PATH"
fi
apache2-foreground

22
tools/create_nss_certs.sh
View file

@ -1,5 +1,7 @@
#!/bin/bash
set -eo pipefail
nss_dir=$1
nss_pass=$2
nss_nick=$3
@ -15,32 +17,34 @@ if ! test -d "$nss_dir"; then
echo "ERROR: nss_dir \"$nss_dir\" should exist" 1>&2 ;
exit 2;
fi
if echo "$nss_nick" | grep '\.' > /dev/null ; then
if echo "$nss_nick" | grep -q -F "."; then
echo "ERROR: $nss_nick should not contain . " 1>&2 ;
exit 3;
fi
signaturepdf_domain=$(echo $signaturepdf_url | sed 's/https*:\/\///' | sed 's/\/.*//')
signaturepdf_path=$(echo $signaturepdf_url | sed 's/https*:\/\///' | sed 's/.*'$signaturepdf_domain'\/*//')
signaturepdf_dc=$(echo $signaturepdf_domain | tr '.' '\n' | sed 's/^/DC=/' | tr '\n' ',' | sed 's/,$//')
set -u
signaturepdf_domain=$(echo "$signaturepdf_url" | sed -e 's@https*://@@' -e 's@/.*@@')
signaturepdf_path=$(echo "$signaturepdf_url" | sed -e 's@https*://@@' -e "s@.*$signaturepdf_domain/*@@")
signaturepdf_dc=$(echo "$signaturepdf_domain" | tr '.' '\n' | sed 's/^/DC=/' | tr '\n' ',' | sed 's/,$//')
if test "$signaturepdf_path"; then
signaturepdf_dc="DC=/"$signaturepdf_path','$signaturepdf_dc;
signaturepdf_dc="DC=/${signaturepdf_path},${signaturepdf_dc}";
fi
echo "$nss_pass" > /tmp/nss.$$.tmp
certutil -N -f /tmp/nss.$$.tmp -d "$nss_dir"
echo $RANDOM" CACert "$(date)" $$ "$RANDOM | shasum > /tmp/nss_noise.$$.tmp
echo "$RANDOM CACert $(date) $$ $RANDOM" | shasum > /tmp/nss_noise.$$.tmp
certutil -S -s "CN=PDF Sign CA Cert,$signaturepdf_dc" -n "PDFSignCA" -z /tmp/nss_noise.$$.tmp -x -t "CT,CT,CT" -v 120 -m 1234 -d "$nss_dir" -f /tmp/nss.$$.tmp
echo $RANDOM" $signaturepdf_dc "$(date)" $$ "$RANDOM | shasum >> /tmp/nss_noise.$$.tmp
echo "$RANDOM $signaturepdf_dc $(date) $$ $RANDOM" | shasum >> /tmp/nss_noise.$$.tmp
certutil -S -s "CN=$nss_nick,$signaturepdf_dc" -n "$nss_nick" -c "PDFSignCA" -z /tmp/nss_noise.$$.tmp -t ",," -m 730 -d "$nss_dir" -f /tmp/nss.$$.tmp
echo "Certs created :"
echo "==============="
certutil -f /tmp/nss.$$.tmp -d $nss_dir -L
certutil -f /tmp/nss.$$.tmp -d "$nss_dir" -L
echo "Private keys created :"
echo "======================"
certutil -f /tmp/nss.$$.tmp -d $nss_dir -K
certutil -f /tmp/nss.$$.tmp -d "$nss_dir" -K
rm /tmp/nss.$$.tmp /tmp/nss_noise.$$.tmp