[ARVADOS] updated: 1.3.0-206-gcf5df1de2

Git user git at public.curoverse.com
Fri Feb 1 17:05:52 EST 2019 

Summary of changes:
 tools/arvbox/lib/arvbox/docker/service/certificate/run | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

       via  cf5df1de29221a8bb46219f68a953c6e33aafc62 (commit)
      from  c5a89fc450c90216ac2100e537189638a35bdc02 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit cf5df1de29221a8bb46219f68a953c6e33aafc62
Author: Peter Amstutz <pamstutz at veritasgenetics.com>
Date:   Fri Feb 1 17:03:52 2019 -0500

    arvbox certificates can have DNS in subjectAltName
    
    no issue #
    
    Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <pamstutz at veritasgenetics.com>

diff --git a/tools/arvbox/lib/arvbox/docker/service/certificate/run b/tools/arvbox/lib/arvbox/docker/service/certificate/run
index 2b802f2ab..1b062ad8d 100755
--- a/tools/arvbox/lib/arvbox/docker/service/certificate/run
+++ b/tools/arvbox/lib/arvbox/docker/service/certificate/run
@@ -37,6 +37,13 @@ if test ! -s /var/lib/arvados/root-cert.pem ; then
 fi
 
 if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
+
+    if [[ $localip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+	san=IP:$localip
+    else
+	san=DNS:$localip
+    fi
+
     # req           signing request sub-command
     # -new          new certificate request
     # -nodes        "no des" don't encrypt key
@@ -56,7 +63,7 @@ if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
 	    -reqexts x509_ext \
 	    -extensions x509_ext \
 	    -config <(cat /etc/ssl/openssl.cnf \
-			  <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,IP:$localip")) \
+			  <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,$san")) \
             -out /var/lib/arvados/server-cert-${localip}.csr \
             -keyout /var/lib/arvados/server-cert-${localip}.key \
             -days 365
@@ -69,7 +76,7 @@ if test ! -s /var/lib/arvados/server-cert-${localip}.pem ; then
 	    -out /var/lib/arvados/server-cert-${localip}.pem \
 	    -set_serial $RANDOM$RANDOM \
 	    -extfile <(cat /etc/ssl/openssl.cnf \
-			  <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,IP:$localip")) \
+			  <(printf "\n[x509_ext]\nkeyUsage=critical,digitalSignature,keyEncipherment\nsubjectAltName=DNS:localhost,$san")) \
 	    -extensions x509_ext
 
     chown arvbox:arvbox /var/lib/arvados/server-cert-${localip}.*
@@ -78,4 +85,4 @@ fi
 cp /var/lib/arvados/root-cert.pem /usr/local/share/ca-certificates/arvados-testing-cert.crt
 update-ca-certificates
 
-sv stop certificate
\ No newline at end of file
+sv stop certificate

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list