From f3174de6b84f8b881f5af0457657fc04a4975d0c Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:24:09 +0000
Subject: [PATCH 1/7] Fixes in gitignore to ignore cassandra only in root and
to allow certmanager
---
.gitignore | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitignore b/.gitignore
index da9bbec..1f4e3a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,8 +5,8 @@ bin/smartdata/Config.php
tmp/*
bin/smartdata/importers/
bin/workflow/tutorial/
-cassandra
-certmanager
+/cassandra
+/certmanager
log
.*
bin/workflow
@@ -14,4 +14,4 @@ new/
prometheus/
wavs/
zips/
-
+/dev-certificates/*.pem
--
GitLab
From 2863aa157ba76cf8dd20bfceb398ab9c69d48c6a Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:24:36 +0000
Subject: [PATCH 2/7] Includes the certmanager and the CA key to allow
certificate creation
---
Dockerfile | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/Dockerfile b/Dockerfile
index 95748f3..40e390b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,9 +3,13 @@ FROM php:7.1-apache
# Came from https://downloads.datastax.com/cpp-driver/ubuntu/18.04/
COPY ./docker/web/*.deb /debs/
+RUN mkdir /certmanager
+RUN mkdir /certmanager/certificates
+
#Default SSLs
ADD docker/web/apache-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf
ADD docker/web/ca.crt /etc/apache2/ssl/
+ADD docker/web/ca.key /etc/apache2/ssl/
ADD docker/web/server.crt /etc/apache2/ssl/
ADD docker/web/server.key /etc/apache2/ssl/
ADD docker/command.sh /usr/local/bin/
@@ -43,5 +47,8 @@ ADD bin /var/www/html/bin/
ADD lib /var/www/html/lib/
ADD docker/web/index.html /var/www/html/
+ADD docker/certmanager/config /certmanager/
+ADD docker/certmanager/genclient.sh /certmanager/
+
#smartdata/Config.php
#RUN mkdir /usr/local/tmp/ && touch /usr/local/tmp/log && chmod 777 /usr/local/tmp/log
--
GitLab
From 89ae217cea090dd6407aa74e3b40a38a7bd6d1d9 Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:25:19 +0000
Subject: [PATCH 3/7] Fix to use the correct container name for mariadb
---
bin/smartdata/Config.php.template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/bin/smartdata/Config.php.template b/bin/smartdata/Config.php.template
index 8b29a74..9ad7cbb 100644
--- a/bin/smartdata/Config.php.template
+++ b/bin/smartdata/Config.php.template
@@ -8,7 +8,7 @@ namespace SmartData\Config
class Config_Common
{
- const MYSQL_SEVERNAME = 'db';
+ const MYSQL_SEVERNAME = 'mariadb';
const MYSQL_PORT = 3306;
const MYSQL_USERNAME = 'smartdata';
const MYSQL_PASSWORD = 'smartdata';
--
GitLab
From 7be50f8f8fe515c32628c6e8054de1876ff9c360 Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:26:21 +0000
Subject: [PATCH 4/7] Include volume for generated certificates
---
docker-compose.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/docker-compose.yml b/docker-compose.yml
index 8351ac6..8dfd23f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,6 +16,7 @@ services:
#- ./crt:/etc/apache2/ssl/server.crt
#- ./key:/etc/apache2/ssl/server.key
#- ./ca:/etc/apache2/ssl/ca.crt
+ - certificates:/certmanager/certificates
depends_on:
- cassandra
- mariadb
@@ -55,5 +56,7 @@ services:
# depends_on:
# - cassandra
volumes:
+ certificates:
mariadb:
cassandra:
+
--
GitLab
From 1cf6c0902e41dc18171af186b6244dbe60750c98 Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:26:53 +0000
Subject: [PATCH 5/7] Fixes for missing SQL in table creation in mysql
---
docker/db/02-smartdata_v1.sql | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/docker/db/02-smartdata_v1.sql b/docker/db/02-smartdata_v1.sql
index f4b3f0a..c511df4 100644
--- a/docker/db/02-smartdata_v1.sql
+++ b/docker/db/02-smartdata_v1.sql
@@ -34,6 +34,11 @@ CREATE TABLE `series` (
`workflow` int unsigned NOT NULL DEFAULT '0',
`domain` varchar(48) NOT NULL DEFAULT 'public',
`updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ `type` char(3) DEFAULT 'OLD',
+ `period` bigint(20) DEFAULT 0,
+ `event` varchar(300) DEFAULT NULL,
+ `count` int(11) DEFAULT NULL,
+ `uncertainty` int(11) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `uk_series` (`version`,`unit`,`x`,`y`,`z`,`r`,`dev`,`t0`,`t1`,`workflow`,`domain`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
@@ -77,6 +82,10 @@ CREATE TABLE `trackers` (
`domain` varchar(48) NOT NULL DEFAULT 'public',
`row_id` bigint unsigned NOT NULL,
`updated_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ `type` char(3) DEFAULT 'OLD',
+ `period` bigint(20) DEFAULT 0,
+ `event` varchar(300) DEFAULT NULL,
+ `uncertainty` int(11) DEFAULT 0,
PRIMARY KEY (`id`),
UNIQUE KEY `uk_trackers` (`version`,`unit`,`signature`,`t0`,`t1`,`dev`,`workflow`,`domain`,`row_id`)
--
GitLab
From 5cdad6eaa05d23ab713db43a59a204836204b7d2 Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:29:35 +0000
Subject: [PATCH 6/7] Support for creating and extracting certificates for
development
---
docker/certmanager/config | 12 ++++++
docker/certmanager/genclient.sh | 66 +++++++++++++++++++++++++++++++++
gen-dev-certificate.sh | 10 +++++
3 files changed, 88 insertions(+)
create mode 100644 docker/certmanager/config
create mode 100755 docker/certmanager/genclient.sh
create mode 100755 gen-dev-certificate.sh
diff --git a/docker/certmanager/config b/docker/certmanager/config
new file mode 100644
index 0000000..6faac61
--- /dev/null
+++ b/docker/certmanager/config
@@ -0,0 +1,12 @@
+export CERTNAME=/etc/apache2/ssl/ca
+export KEYSIZE=2048
+export CLIENTEXP=1491
+export ROOTEXP=2992
+
+export NUMCLIENTS=1
+
+export STATE="SC"
+export CITY="Florianopolis"
+export ORG="UFSC"
+export UNIT="Lisha"
+export HOST="localhost"
diff --git a/docker/certmanager/genclient.sh b/docker/certmanager/genclient.sh
new file mode 100755
index 0000000..4ea1077
--- /dev/null
+++ b/docker/certmanager/genclient.sh
@@ -0,0 +1,66 @@
+#!/bin/bash
+# Caciano Machado/Juliano Zatta - 16/10/2017
+
+cd /certmanager
+
+. config
+
+cd certificates
+
+# Initilize if not available the certificate list
+NUMPREVCERT=`tail -n 1 certificate_list | cut -d " " -f 1`
+ISNUM='^[0-9]+$'
+
+# Update - 30-10-2020 - Roberto M. Scheffel - Added receiver and purpose description, for documentation
+
+receiver=$1
+descr=$2
+if [ -z "$receiver" ]
+then
+ echo 'Usage: ' $0 '<receiver name>' '<purpose short description>.'
+ exit
+fi
+if [ -z "$descr" ]
+then
+ echo 'Usage: ' $0 '<receiver name>' '<purpose short description>.'
+ exit
+fi
+
+if [[ -a certificate_list ]]; then
+ if ! [[ $NUMPREVCERT =~ $ISNUM ]]; then
+ echo "ERROR: File certificate_list corrupted. This file stores the list of generated certificates and respective serial numbers."
+ exit -1
+ fi
+ CURRCLIENT=$((NUMPREVCERT + 1))
+ LASTCLIENT=$((NUMCLIENTS + NUMPREVCERT))
+else
+ CURRCLIENT=1
+ LASTCLIENT=$NUMCLIENTS
+fi
+
+if [ ! -f /certmanager/certificates/rootCA.srl ]; then
+ echo `openssl rand -hex 8` > /certmanager/certificates/rootCA.srl
+ ln -s /certmanager/certificates/rootCA.srl /certmanager/rootCA.srl
+fi
+
+
+for i in `seq $CURRCLIENT $LASTCLIENT`; do
+ # Generate RSA key
+
+ echo "openssl genrsa -out client-$i.key $KEYSIZE"
+ openssl genrsa -out client-$i.key $KEYSIZE
+
+ # Generate certificate request
+ echo "openssl req -subj \"/C=BR/ST=$STATE/L=$CITY/O=$ORG/OU=$UNIT/CN=$HOST\" -new -key client-$i.key -out client-$i.req"
+ openssl req -subj "/C=BR/ST=$STATE/L=$CITY/O=$ORG/OU=$UNIT/CN=$HOST" -new -key client-$i.key -out client-$i.req
+ # Generate certificate
+ echo "openssl x509 -req -in client-$i.req -CA ${CERTNAME}.crt -CAkey ${CERTNAME}.key -CAcreateserial -out client-$i.pem -days $CLIENTEXP -sha256"
+ openssl x509 -req -in client-$i.req -CA ${CERTNAME}.crt -CAkey ${CERTNAME}.key -CAcreateserial -out client-$i.pem -days $CLIENTEXP -sha256
+ serial=`openssl x509 -in client-$i.pem -serial -noout | cut -d "=" -f 2`
+ echo $i $serial
+ echo $i $serial `date "+%F-%T"` `whoami` ' | ' $receiver ' | ' $descr >> certificate_list
+ mv client-$i.key client-$i-$serial.key
+ mv client-$i.pem client-$i-$serial.pem
+ rm -f client-$i.req
+ echo "$serial client-$i-$serial.pem client-$i-$serial.key"
+done
\ No newline at end of file
diff --git a/gen-dev-certificate.sh b/gen-dev-certificate.sh
new file mode 100755
index 0000000..d07b77e
--- /dev/null
+++ b/gen-dev-certificate.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+mkdir dev-certificates
+CERT_DATA=`docker compose exec -it web /certmanager/genclient.sh "$@" | tail -n 1`
+echo "Received $CERT_DATA"
+CERT_ID=`echo $CERT_DATA | cut -f 1 -d \ `
+CERT_FILE=`echo $CERT_DATA | cut -f 2 -d \ `
+CERT_KEY=`echo $CERT_DATA | cut -f 3 -d \ `
+docker compose cp web:/certmanager/certificates/$CERT_FILE ./dev-certificates/
+docker compose cp web:/certmanager/certificates/$CERT_KEY ./dev-certificates/
+echo "Certificate at ./dev-certificates/$CERT_FILE with key ./dev-certificates/$CERT_KEY and id $CERT_ID"
\ No newline at end of file
--
GitLab
From f83f101890baeb0dbaf1d105b66e93babb342de5 Mon Sep 17 00:00:00 2001
From: Rodrigo Goncalves <rodrigo.g@ufsc.br>
Date: Tue, 20 Aug 2024 13:29:51 +0000
Subject: [PATCH 7/7] Aditional fix in .gitignore
---
.gitignore | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.gitignore b/.gitignore
index 1f4e3a5..f029742 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,4 +14,4 @@ new/
prometheus/
wavs/
zips/
-/dev-certificates/*.pem
+/dev-certificates
--
GitLab