fix(system/services/taskserver/certs): Move cert generation to script

This fully removes the human-factor and allows it to just run
`./generate` to generate all required certificates and keys (with the
needed extra keys and certificates)

1 files changed, 14 insertions, 7 deletions

diff --git a/system/services/taskserver/certs/generate b/system/services/taskserver/certs/generate
index 253e4bb..283697f 100755
--- a/system/services/taskserver/certs/generate
+++ b/system/services/taskserver/certs/generate
@@ -10,13 +10,19 @@
 #   server.key.pem
 #   server.cert.pem
 
-GENERATION_LOCATION="/run/user/$(id -u)/taskserver/keys";
+GENERATION_LOCATION="/run/user/$(id -u)/taskserver/certs";
+BASEDIR="$(dirname "$0")"
+cd "$BASEDIR" || echo "(BUG?) No basedir ('$BASEDIR')" 1>&2
+
+set -- ./vars ./generate.ca ./generate.crl ./generate.client ./ca.key.pem.gpg ./isrgrootx1.pem
 
 mkdir -p "$GENERATION_LOCATION"
-cp ./vars ./generate.ca ./generate.crl ./generate.client "$GENERATION_LOCATION"
+cp "$@" "./ca.cert.pem" "$GENERATION_LOCATION"
 cd "$GENERATION_LOCATION" || echo "(BUG?) No possible location fould!" 1>&2
 
-./generate.ca
+gpg --decrypt ca.key.pem.gpg > ca.key.pem
+cat ./isrgrootx1.pem >> ./ca.cert.pem
+[ -f ./ca.key.pem ] || ./generate.ca
 
 # Generate a certificate revocation list (CRL).  The initial CRL is empty, but
 # can grow over time.  Creates:
@@ -28,14 +34,15 @@ cd "$GENERATION_LOCATION" || echo "(BUG?) No possible location fould!" 1>&2
 # process per client; Add the required client names and uncomment
 # ./generate.client <client_name>
 #
-./generate.client soispha
-./generate.client android-mobile
-./generate.client android-tab
 #
 # Creates:
 #   <client_name>.key.pem
 #   <client_name>.cert.pem
+#
+./generate.client soispha
+./generate.client android-mobile
+./generate.client android-tab
 
 
-rm ./vars ./generate.ca ./generate.crl ./generate.client
+rm "$@" "./ca.key.pem"
 echo "(INFO) Look for the keys at: $GENERATION_LOCATION"