forked from CyanogenMod/hudson
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup_key.sh
executable file
·49 lines (36 loc) · 1.1 KB
/
setup_key.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#!/bin/bash
set -u
#host="https://jenkins.apps.cxl-server.home.lan"
host="https://jenkins.cxl.epac.to"
get_cert() {
local url=${1#*://}
url=${url%/*}:443
openssl s_client -connect "${url}" </dev/null 2>/dev/null | \
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > jenkins-cli.cer
}
get_cert "${host}"
pass=$(dd if=/dev/urandom bs=1 count=4096 2>/dev/null | sha512sum - | awk '{print $1}')
unset _JAVA_OPTIONS
# Setup java keystore
keytool \
-import \
-noprompt \
-trustcacerts \
-alias jenkins-cli \
-file jenkins-cli.cer \
-keystore jenkins-cli.ks \
-storepass "${pass}"
keytool \
-list \
-v \
-keystore jenkins-cli.ks \
-storepass "${pass}"
cat <<EOF
################################################################################
Upload the following files to the remote host:
* jenkins-cli.cer - HTTPS certificate for ${host}
* jenkins-cli.ks - Java keystore containing the certificate
Password for keystore: ${pass}
Java should be invoked with the following command:
$ java -Djavax.net.ssl.trustStore=jenkins-cli.ks -Djavax.net.ssl.trustStorePassword=PASSWORD
EOF