added support for certificates

2024-11-08 04:23:42 +02:00 · 2024-11-08 04:23:42 +02:00 · 4aab2d684f
commit 4aab2d684f
parent cbe84f228c
3 changed files with 15 additions and 0 deletions
--- a/create.sh
+++ b/create.sh
@ -12,6 +12,7 @@ echo_cyan "Installing binaries and libs..."
 install_binary $(which switch_root)
 install_binary $(which bash)
 install_binary $(which mount)
+install_binary $(which openssl) && cp -r /etc/ssl "${ROOT}/etc/"
 install_kmod
 install_busybox

--- a/init.sh
+++ b/init.sh
@ -2,6 +2,7 @@
 source /init_functions.sh
 create_mounts
 load_modules
+create_certs
 setup_network
 mount_root
 exec switch_root /mnt /sbin/init "$@"
--- a/init_functions.sh
+++ b/init_functions.sh
@ -33,6 +33,19 @@ create_mounts() {
    ln -sfT /proc/self/fd/2 /dev/stderr
 }

+create_certs() {
+  cert_dir="/tmp/certs"
+  key="$cert_dir/guest_api.key"
+  cert="$cert_dir/guest_api.crt"
+  subject="/C=W3/O=DeTEE/OU=COCO/CN=guest-api"
+  mkdir -p "$cert_dir"
+  openssl genpkey -algorithm RSA -out "$key" \
+    -pkeyopt rsa_keygen_bits:4096 2>/dev/null
+  openssl req -x509 -new \
+    -key "$key" -out "$cert" \
+    -days 365 -subj "$subject" 2>/dev/null
+}
+
 # expects kernel param in this format: detee_net=192.168.122.140_24_192.168.122.1_1.1.1.1
 setup_network() {
  local settings='' ip_addr='' mask='' cidr='' gateway='' nameserver=''