Skip to content
This repository was archived by the owner on Jan 7, 2026. It is now read-only.
This repository was archived by the owner on Jan 7, 2026. It is now read-only.

creds_setup.sh does not work on Windows #64

Open
Open
creds_setup.sh does not work on Windows#64
@bobaekang

Description

@bobaekang
bobaekang
opened on Jun 4, 2020

There are a couple of lines of bash code that does not work on Windows:

  1. timestamp variable on line 41 includes colon(":"). This is used later when writing openssl keys to a disk location. The problem is that colon is not allowed as part of a file or folder name in Windows. See below for the code:

    compose-services/creds_setup.sh

    Lines 40 to 55 in 4b9509f

    # make directories for temporary credentials
    timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
    # generate private and public key for fence
    yearMonth="$(date +%Y-%m)"
    if [[ ! -d ./fenceJwtKeys ]] || ! (ls ./fenceJwtKeys | grep "$yearMonth" > /dev/null 2>&1); then
    echo "Generating fence OAUTH key pairs under Secrets/fenceJwtKeys"
    mkdir -p fenceJwtKeys
    mkdir -p fenceJwtKeys/${timestamp}
    openssl genpkey -algorithm RSA -out fenceJwtKeys/${timestamp}/jwt_private_key.pem \
    -pkeyopt rsa_keygen_bits:2048
    openssl rsa -pubout -in fenceJwtKeys/${timestamp}/jwt_private_key.pem \
    -out fenceJwtKeys/${timestamp}/jwt_public_key.pem
    chmod -R a+rx fenceJwtKeys
    fi

  2. SUBJ variable on line 82 is not preserved as defined when provided as parameter input to openssl req -sbj on line 84. For this code to work, the SUBJ string value has to be revised to SUBJ="//countryName=US\stateOrProvinceName=IL\localityName=Chicago\organizationName=CDIS\organizationalUnitName=PlanX\commonName=$commonName\emailAddress=cdis@uchicago.edu". Here is a related discussion on StackOverflow.
    See below for the code:

    compose-services/creds_setup.sh

    Lines 77 to 84 in 4b9509f

    if ! [[ -f openssl.cnf && -f ca.pem && -f ca-key.pem ]]; then
    echo "Generating a local certificate authority, and TLS certificates under Secrets/TLS/"
    # erase old certs if they exist
    /bin/rm -rf service.key service.crt
    commonName=${1:-localhost}
    SUBJ="/countryName=US/stateOrProvinceName=IL/localityName=Chicago/organizationName=CDIS/organizationalUnitName=PlanX/commonName=$commonName/emailAddress=cdis@uchicago.edu"
    openssl req -new -x509 -nodes -extensions v3_ca -keyout ca-key.pem \
    -out ca.pem -days 365 -subj $SUBJ $OPTS

I've tweaked the two lines mentioned above to get the script work using Git Bash on my machine running on Windows 10 Home.

It would be helpful if the script is modified to accommodate Windows users or at least that this repo's README.md mentions that the script is meant to be run on Linux/MacOS.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions