kek generation
This commit is contained in:
user
parent
f7c5b4ea8c
commit
2759a72710
71
start.sh
71
start.sh
|
|
@ -87,6 +87,77 @@ update_env HANDSHAKE_INTERVAL_SEC "$HANDSHAKE_INTERVAL_SEC"
|
||||||
update_env TELEGRAM_API_KEY "$TELEGRAM_API_KEY"
|
update_env TELEGRAM_API_KEY "$TELEGRAM_API_KEY"
|
||||||
update_env CLIENT_TELEGRAM_API_KEY "$CLIENT_TELEGRAM_API_KEY"
|
update_env CLIENT_TELEGRAM_API_KEY "$CLIENT_TELEGRAM_API_KEY"
|
||||||
|
|
||||||
|
generate_kek() {
|
||||||
|
if command -v openssl >/dev/null 2>&1; then
|
||||||
|
openssl rand -base64 32 | tr -d '\n'
|
||||||
|
elif command -v python3 >/dev/null 2>&1; then
|
||||||
|
python3 - <<'PY'
|
||||||
|
import os, base64
|
||||||
|
print(base64.b64encode(os.urandom(32)).decode())
|
||||||
|
PY
|
||||||
|
elif command -v python >/dev/null 2>&1; then
|
||||||
|
python - <<'PY'
|
||||||
|
import os, base64
|
||||||
|
print(base64.b64encode(os.urandom(32)).decode())
|
||||||
|
PY
|
||||||
|
else
|
||||||
|
echo "Need openssl or python to generate CONTENT_KEY_KEK_B64" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ensure_content_key_kek() {
|
||||||
|
local current
|
||||||
|
current=$(ini_val CONTENT_KEY_KEK_B64)
|
||||||
|
local valid=0
|
||||||
|
if [[ -n "$current" ]]; then
|
||||||
|
if command -v python3 >/dev/null 2>&1; then
|
||||||
|
if python3 - "$current" <<'PY' >/dev/null 2>&1
|
||||||
|
import base64, sys
|
||||||
|
try:
|
||||||
|
raw = base64.b64decode(sys.argv[1], validate=False)
|
||||||
|
except Exception:
|
||||||
|
raise SystemExit(1)
|
||||||
|
if len(raw) == 32:
|
||||||
|
raise SystemExit(0)
|
||||||
|
raise SystemExit(1)
|
||||||
|
PY
|
||||||
|
then
|
||||||
|
valid=1
|
||||||
|
fi
|
||||||
|
elif command -v python >/dev/null 2>&1; then
|
||||||
|
if python - "$current" <<'PY' >/dev/null 2>&1
|
||||||
|
import base64, sys
|
||||||
|
try:
|
||||||
|
raw = base64.b64decode(sys.argv[1], validate=False)
|
||||||
|
except Exception:
|
||||||
|
raise SystemExit(1)
|
||||||
|
if len(raw) == 32:
|
||||||
|
raise SystemExit(0)
|
||||||
|
raise SystemExit(1)
|
||||||
|
PY
|
||||||
|
then
|
||||||
|
valid=1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [[ $valid -eq 1 ]]; then
|
||||||
|
echo "Using existing CONTENT_KEY_KEK_B64 from .env"
|
||||||
|
update_env CONTENT_KEY_KEK_B64 "$current"
|
||||||
|
return
|
||||||
|
else
|
||||||
|
echo "Existing CONTENT_KEY_KEK_B64 is invalid; generating a new key"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Generating CONTENT_KEY_KEK_B64 ..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
local new_kek
|
||||||
|
new_kek=$(generate_kek)
|
||||||
|
update_env CONTENT_KEY_KEK_B64 "$new_kek"
|
||||||
|
}
|
||||||
|
|
||||||
|
ensure_content_key_kek
|
||||||
|
|
||||||
# Ensure IPFS swarm key exists for private swarm by default
|
# Ensure IPFS swarm key exists for private swarm by default
|
||||||
SWARM_KEY_FILE_DEFAULT="$BASE_DIR/configs/ipfs/swarm.key"
|
SWARM_KEY_FILE_DEFAULT="$BASE_DIR/configs/ipfs/swarm.key"
|
||||||
if [[ ! -f "$SWARM_KEY_FILE_DEFAULT" ]]; then
|
if [[ ! -f "$SWARM_KEY_FILE_DEFAULT" ]]; then
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue