Remove scripts that are no longer required (#1759)

2025-02-23 12:37:00 +01:00 · 2023-06-21 15:52:19 +10:00 · 2023-06-21 15:52:19 +10:00 · 4725d625af
parent 41d8fece68
commit 4725d625af
5 changed files with 14 additions and 304 deletions
--- a/book/src/DEVELOPER_README.md
+++ b/book/src/DEVELOPER_README.md
@ -259,15 +259,11 @@ is critical.
 Once you have the source code, you need encryption certificates to use with the server, because
 without certificates, authentication will fail.
-We recommend using [Let's Encrypt](https://letsencrypt.org), but if this is not possible, please use
+We recommend using [Let's Encrypt](https://letsencrypt.org), but if this is not possible kanidmd
-our insecure certificate tool (`scripts/insecure_generate_tls.sh`). The insecure certificate tool
+will create self-signed certificates in `/tmp/kanidm`.
 creates `/tmp/kanidm` and puts some self-signed certificates there.
 **NOTE:** Windows developers can use `scripts/insecure_generate_tls.ps1`, which puts everything
 (including a templated config file) in `$TEMP\kanidm`. Please adjust paths below to suit.
 You can now build and run the server with the commands below. It will use a database in
-`/tmp/kanidm.db`.
+`/tmp/kanidm/kanidm.db`.
 Create the initial database and generate an `admin` password:
--- a/scripts/insecure_generate_tls.ps1
+++ b/scripts/insecure_generate_tls.ps1
@ -1,106 +0,0 @@
 $ErrorActionPreference = "Stop"
 $KANI_TMP="$Env:TEMP\kanidm\"
 $ALTNAME_FILE="${KANI_TMP}altnames.cnf"
 $CACERT="${KANI_TMP}ca.pem"
 $CAKEY="${KANI_TMP}cakey.pem"
 $KEYFILE="${KANI_TMP}key.pem"
 $CERTFILE="${KANI_TMP}cert.pem"
 $CSRFILE="${KANI_TMP}cert.csr"
 $CHAINFILE="${KANI_TMP}chain.pem"
 # $DHFILE="${KANI_TMP}dh.pem"
 $CONFIG_FILE="${KANI_TMP}server.toml"
 if (Test-Path -Path "$KANI_TMP" ) {
    Write-Output "Output dir exists at $KANI_TMP"
 } else {
    Write-Warning "Output dir missing at $KANI_TMP"
    $result = New-Item -Path "$KANI_TMP" -ItemType Directory
 }
 if ( $(Test-Path -Path "examples\insecure_server.toml") -eq $false ) {
    Write-Error "You need to run this from the base dir of the repo!"
    exit 1
 }
 # Building the config file
 $CONFIG = Get-Content "examples\insecure_server.toml"
 $CONFIG = $CONFIG -replace "/tmp/kanidm/", "$KANI_TMP"
 $CONFIG = $CONFIG -replace "\\", "/"
 $CONFIG | Set-Content "${CONFIG_FILE}" -Force
 $ALTNAME_FILE_CONTENTS = @'
 [req]
 nsComment = "Certificate"
 distinguished_name  = req_distinguished_name
 req_extensions = v3_req
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = AU
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = Queensland
 localityName                    = Locality Name (eg, city)
 localityName_default            = Brisbane
 0.organizationName              = Organization Name (eg, company)
 0.organizationName_default      = INSECURE EXAMPLE
 organizationalUnitName          = Organizational Unit Name (eg, section)
 organizationalUnitName_default =  kanidm
 commonName                      = Common Name (eg, your name or your servers hostname)
 commonName_max                  = 64
 commonName_default              = localhost
 [ v3_req ]
 basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names
 [alt_names]
 DNS.1 = localhost
 IP.1 = 127.0.0.1
 '@
 Write-Output "Creating cert template"
 $result = New-Item -Path "$ALTNAME_FILE" -ItemType File -Value "$ALTNAME_FILE_CONTENTS" -Force
 write-debug $result
 Write-Output "Generate the CA"
 openssl req -x509 -new -newkey rsa:4096 -sha256 -keyout "${CAKEY}" -out "${CACERT}" -days 31 -subj "/C=AU/ST=Queensland/L=Brisbane/O=INSECURE/CN=insecure.ca.localhost" -nodes
 if ( $LastExitCode -ne 0  ){
    exit 1
 }
 Write-Output "Generating the private key"
 openssl genrsa -out "${KEYFILE}" 4096
 if ( $LastExitCode -ne 0  ){
    exit 1
 }
 Write-Output "Generating the certificate signing request"
 openssl req -sha256 -config "${ALTNAME_FILE}" -days 31 -new -extensions v3_req -key "${KEYFILE}" -out "${CSRFILE}"
 if ( $LastExitCode -ne 0  ){
    exit 1
 }
 Write-Output "Signing the certificate"
 openssl x509 -req -days 31 -extfile "${ALTNAME_FILE}" -CA "${CACERT}" -CAkey "${CAKEY}" -CAcreateserial -in "${CSRFILE}" -out "${CERTFILE}" -extensions v3_req -sha256
 Write-Output "Creating the certificate chain"
 Get-Content "${CERTFILE}" ,"${CACERT}" | Set-Content "${CHAINFILE}" -Force
 Write-Output "Certificate chain is at: ${CHAINFILE}"
 Write-Output "Private key is at: ${KEYFILE}"
 Write-Output "The configuration file is at: ${CONFIG_FILE}"
--- a/scripts/insecure_generate_tls.sh
+++ b/scripts/insecure_generate_tls.sh
@ -1,190 +0,0 @@
 #!/bin/sh
 set -e
 # you can set the hostname if you want, but it'll default to localhost
 if [ -z "$CERT_HOSTNAME" ]; then
    CERT_HOSTNAME="localhost"
 fi
 # also where the files are stored
 if [ -z "$KANI_TMP" ]; then
    KANI_TMP=/tmp/kanidm/
 fi
 ALTNAME_FILE="${KANI_TMP}altnames.cnf"
 CANAME_FILE="${KANI_TMP}ca.cnf"
 CACERT="${KANI_TMP}ca.pem"
 CAKEY="${KANI_TMP}cakey.pem"
 CADB="${KANI_TMP}ca.txt"
 CASRL="${KANI_TMP}ca.srl"
 KEYFILE="${KANI_TMP}key.pem"
 CERTFILE="${KANI_TMP}cert.pem"
 CSRFILE="${KANI_TMP}cert.csr"
 CHAINFILE="${KANI_TMP}chain.pem"
 DHFILE="${KANI_TMP}dh.pem"
 if [ ! -d "${KANI_TMP}" ]; then
    echo "Creating temp kanidm dir: ${KANI_TMP}"
    mkdir -p "${KANI_TMP}"
 fi
 cat > "${CANAME_FILE}" << DEVEOF
 [req]
 nsComment = "Certificate Authority"
 distinguished_name  = req_distinguished_name
 req_extensions = v3_ca
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = AU
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = Queensland
 localityName                    = Locality Name (eg, city)
 localityName_default            = Brisbane
 0.organizationName              = Organization Name (eg, company)
 0.organizationName_default      = INSECURE EXAMPLE
 organizationalUnitName          = Organizational Unit Name (eg, section)
 organizationalUnitName_default =  kanidm
 commonName                      = Common Name (eg, your name or your server\'s hostname)
 commonName_max                  = 64
 commonName_default              = insecure.ca.localhost
 [ v3_ca ]
 subjectKeyIdentifier = hash
 basicConstraints = critical, CA:true
 keyUsage = critical, digitalSignature, cRLSign, keyCertSign
 DEVEOF
 cat > "${ALTNAME_FILE}" << DEVEOF
 [ca]
 default_ca = CA_default
 [ CA_default ]
 # Directory and file locations.
 dir               = ${KANI_TMP}
 certs             = ${KANI_TMP}
 crl_dir           = ${KANI_TMP}
 new_certs_dir     = ${KANI_TMP}
 database          = ${CADB}
 serial            = ${CASRL}
 # The root key and root certificate.
 private_key       = ${CAKEY}
 certificate       = ${CACERT}
 # SHA-1 is deprecated, so use SHA-2 instead.
 default_md        = sha256
 name_opt          = ca_default
 cert_opt          = ca_default
 default_days      = 3650
 preserve          = no
 policy            = policy_loose
 [ policy_loose ]
 countryName             = optional
 stateOrProvinceName     = optional
 localityName            = optional
 organizationName        = optional
 organizationalUnitName  = optional
 commonName              = supplied
 emailAddress            = optional
 [req]
 nsComment = "Certificate"
 distinguished_name  = req_distinguished_name
 req_extensions = v3_req
 [ req_distinguished_name ]
 countryName                     = Country Name (2 letter code)
 countryName_default             = AU
 countryName_min                 = 2
 countryName_max                 = 2
 stateOrProvinceName             = State or Province Name (full name)
 stateOrProvinceName_default     = Queensland
 localityName                    = Locality Name (eg, city)
 localityName_default            = Brisbane
 0.organizationName              = Organization Name (eg, company)
 0.organizationName_default      = INSECURE EXAMPLE
 organizationalUnitName          = Organizational Unit Name (eg, section)
 organizationalUnitName_default =  kanidm
 commonName                      = Common Name (eg, your name or your server\'s hostname)
 commonName_max                  = 64
 commonName_default              = ${CERT_HOSTNAME}
 [ v3_req ]
 basicConstraints = CA:FALSE
 nsCertType = server
 nsComment = "Server Certificate"
 subjectKeyIdentifier = hash
 keyUsage = critical, digitalSignature, keyEncipherment
 extendedKeyUsage = serverAuth
 subjectAltName = @alt_names
 [alt_names]
 DNS.1 = localhost
 IP.1 = 127.0.0.1
 DEVEOF
 touch ${CADB}
 echo 1000 > ${CASRL}
 echo "Make the ca key..."
 openssl ecparam -genkey -name prime256v1 -noout -out "${CAKEY}"
 echo "Self sign the CA..."
 openssl req -batch -config "${CANAME_FILE}" \
    -key "${CAKEY}" \
    -new -x509 -days +31 \
    -sha256 -extensions v3_ca \
    -out "${CACERT}" \
    -nodes
 echo "Generating the server private key..."
 openssl ecparam -genkey -name prime256v1 -noout -out "${KEYFILE}"
 echo "Generating the certificate signing request..."
 openssl req -sha256 -new \
    -batch \
    -config "${ALTNAME_FILE}" -extensions v3_req \
    -key "${KEYFILE}"\
    -nodes \
    -out "${CSRFILE}"
 echo "Signing the certificate..."
 openssl ca -config "${ALTNAME_FILE}" \
    -batch \
    -extensions v3_req \
    -days 31 -notext -md sha256 \
    -in "${CSRFILE}" \
    -out "${CERTFILE}"
 # Create the chain
 cat "${CERTFILE}" "${CACERT}" > "${CHAINFILE}"
 # create the dh file for RADIUS
 openssl dhparam -in "${CAFILE}" -out "${DHFILE}" 2048
 echo "Certificate chain is at: ${CHAINFILE}"
 echo "Private key is at: ${KEYFILE}"
 echo ""
 echo "**Remember** the default action is to store the files in /tmp/ so they'll be deleted on reboot! Set the KANI_TMP environment variable before running this script if you want to change that. You'll need to update server config elsewhere if you do, however."
--- a/server/daemon/run_insecure_dev_server.sh
+++ b/server/daemon/run_insecure_dev_server.sh
@ -6,6 +6,16 @@ if [ -z "$KANI_CARGO_OPTS" ]; then
    KANI_CARGO_OPTS=""
 fi
 # also where the files are stored
 if [ -z "$KANI_TMP" ]; then
    KANI_TMP=/tmp/kanidm/
 fi
 if [ ! -d "${KANI_TMP}" ]; then
    echo "Creating temp kanidm dir: ${KANI_TMP}"
    mkdir -p "${KANI_TMP}"
 fi
 CONFIG_FILE="../../examples/insecure_server.toml"
 if [ ! -f "${CONFIG_FILE}" ]; then
--- a/tools/cli/src/opt/kanidm.rs
+++ b/tools/cli/src/opt/kanidm.rs
@ -138,7 +138,7 @@ pub struct AccountNamedExpireDateTimeOpt {
    #[clap(flatten)]
    copt: CommonOpt,
    #[clap(name = "datetime", verbatim_doc_comment)]
-    /// This accepts mulitple options:
+    /// This accepts multiple options:
    /// - An RFC3339 time of the format "YYYY-MM-DDTHH:MM:SS+TZ", "2020-09-25T11:22:02+10:00"
    /// - One of "any", "clear" or "never" to remove account expiry.
    /// - "epoch" to set the expiry to the UNIX epoch