diff options
author | Alex Auvolat <alex@adnab.me> | 2021-12-06 13:15:50 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-12-06 13:15:50 +0100 |
commit | ccce75bc25a2827e23443ec65ceb6b409f4a55ae (patch) | |
tree | 40c46b1af79c8c8344fa34215fcdfa221a0db6e0 | |
parent | 7f26ed55cdad4a67300447cf92bf8e4975a5c978 (diff) | |
download | garage-ccce75bc25a2827e23443ec65ceb6b409f4a55ae.tar.gz garage-ccce75bc25a2827e23443ec65ceb6b409f4a55ae.zip |
Remove TODO and genkeys.sh
-rw-r--r-- | TODO | 27 | ||||
-rwxr-xr-x | genkeys.sh | 83 |
2 files changed, 0 insertions, 110 deletions
@@ -1,27 +0,0 @@ -Testing -------- - -How are we going to test that our replication method works correctly? -We will have to introduce lots of dummy data and then add/remove nodes many times. - - -Attaining S3 compatibility --------------------------- - -- test multipart uploads -- get ranges - -- fix sync not working in some cases ? (when starting from empty?) - -- api_server following the S3 semantics for head/get/put/list/delete: verify more that it works as intended -- PUT requests: verify content-md5 if provided -- possibly other necessary endpoints ? - - -Lower priority --------------- - -- less a priority: hinted handoff -- repair: re-propagate block ref table to rc -- FIXME in rpc_server when garage shuts down and futures can be interrupted - (tokio::spawn should be replaced by a new function background::spawn_joinable) diff --git a/genkeys.sh b/genkeys.sh deleted file mode 100755 index 70fe12e0..00000000 --- a/genkeys.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash - -set -xe - -cd $(dirname $0) - -mkdir -p pki -cd pki - -# Create a certificate authority that both the client side and the server side of -# the RPC protocol will use to authenticate the other side. -if [ ! -f garage-ca.key ]; then - echo "Generating Garage CA keys..." - openssl genpkey -algorithm ED25519 -out garage-ca.key - openssl req -x509 -new -nodes -key garage-ca.key -sha256 -days 3650 -out garage-ca.crt -subj "/C=FR/O=Garage" -fi - - -# Generate a certificate that can be used either as a server certificate -# or a client certificate. This is what the RPC client and server will use -# to prove that they are authenticated by the CA. -if [ ! -f garage.crt ]; then - echo "Generating Garage agent keys..." - if [ ! -f garage.key ]; then - openssl genpkey -algorithm ED25519 -out garage.key - fi - openssl req -new -sha256 -key garage.key -subj "/C=FR/O=Garage/CN=garage" \ - -out garage.csr - openssl req -in garage.csr -noout -text - openssl x509 -req -in garage.csr \ - -extensions v3_req \ - -extfile <(cat <<EOF -[req] -distinguished_name = req_distinguished_name -req_extensions = v3_req -prompt = no - -[req_distinguished_name] -C = FR -O = Garage -CN = garage - -[v3_req] -keyUsage = keyEncipherment, dataEncipherment -extendedKeyUsage = serverAuth, clientAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = garage -EOF -) \ - -CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \ - -out garage.crt -days 365 -fi - -# Client-only certificate used for the CLI -if [ ! -f garage-client.crt ]; then - echo "Generating Garage client keys..." - if [ ! -f garage-client.key ]; then - openssl genpkey -algorithm ED25519 -out garage-client.key - fi - openssl req -new -sha256 -key garage-client.key -subj "/C=FR/O=Garage" \ - -out garage-client.csr - openssl req -in garage-client.csr -noout -text - openssl x509 -req -in garage-client.csr \ - -extensions v3_req \ - -extfile <(cat <<EOF -[req] -distinguished_name = req_distinguished_name -req_extensions = v3_req -prompt = no - -[req_distinguished_name] -C = FR -O = Garage - -[v3_req] -keyUsage = keyEncipherment, dataEncipherment -extendedKeyUsage = clientAuth -EOF -) \ - -CA garage-ca.crt -CAkey garage-ca.key -CAcreateserial \ - -out garage-client.crt -days 365 -fi |