From 84ab7e623fd3b7f9f26396d1a6a478a874ece5b7 Mon Sep 17 00:00:00 2001 From: Sandor Semsey Date: Sat, 14 Jun 2025 23:21:49 +0200 Subject: [PATCH 1/2] lib/certificate: add parameter on cert-create to config private key (algorithm, size, etc.) --- docs/lib/certificate.md | 4 +++- lib/certificate.sh | 19 ++++++++++++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/docs/lib/certificate.md b/docs/lib/certificate.md index 60514fe..6f51b16 100644 --- a/docs/lib/certificate.md +++ b/docs/lib/certificate.md @@ -18,7 +18,7 @@ Subject example: `/C=CountryCode/ST=State/L=City/O=Your Company/CN=Your site URL **Usage** ``` -cert-create KEY SUBJECT CA_KEY CA_CERT CERT VALIDITY +cert-create KEY SUBJECT CA_KEY CA_CERT CERT VALIDITY [KEY_TYPE] Params: KEY Filename of private key @@ -27,6 +27,8 @@ CA_KEY Filename of CA private key to sign a certificate with CA_CERT Filename of CA certificate to be used for signing CERT Filename for newly created certificate VALIDITY Certificate validity in days +KEY_TYPE Comma-separated list of private key algorithm and options. + Default: RSA,rsa_keygen_bits:4096 ``` --- diff --git a/lib/certificate.sh b/lib/certificate.sh index 99b92b9..58cf455 100644 --- a/lib/certificate.sh +++ b/lib/certificate.sh @@ -129,7 +129,10 @@ cert-selfsigned() { ## @param $4 CA cert path ## @param $5 Certificate path ## @param $6 Validity in days -#################################### +## @param $7 Private key options, comma-separated +## first item is algorithm, then any number of options +## default: RSA,rsa_keygen_bits:4096 +#################################################################### cert-create() { local priv_key="${1?:Private key path missing}" local subject="${2?:CSR subject missing}" @@ -137,10 +140,20 @@ cert-create() { local ca_cert="${4?:CA cert path missing}" local cert="${5?:Certificate path missing}" local validity="${6?:Valid days missing}" - local csr + local priv_key_type="${7:-RSA,rsa_keygen_bits:4096}" + local csr key_opts option + local priv_key_options=() + + # Parse comma-separated private key options + IFS=',' read -ra key_opts <<< "${priv_key_type}" + priv_key_options=(-newkey "${key_opts[0]}") + unset 'key_opts[0]' + for option in "${key_opts[@]}"; do + priv_key_options+=(-pkeyopt "${option}") + done csr=$(mktemp) - csr-create "${priv_key}" "${csr}" "${subject}" + csr-create "${priv_key}" "${csr}" "${subject}" "${priv_key_options[@]}" csr-sign "${ca_priv_key}" "${ca_cert}" "${csr}" "${cert}" "${validity}" } From 5faa3749aba922eb6adb05d1136c7cda1060e2c0 Mon Sep 17 00:00:00 2001 From: Sandor Semsey Date: Sun, 15 Jun 2025 00:47:41 +0200 Subject: [PATCH 2/2] docs: format --- docs/bin.md | 34 +++++++++++++++++----------------- docs/nav.md | 38 +++++++++++++++++++------------------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/docs/bin.md b/docs/bin.md index cb91427..5041878 100644 --- a/docs/bin.md +++ b/docs/bin.md @@ -13,14 +13,14 @@ This compression is done by `pigz` which creates standard `gzip` files but sprea Modes: -- Archive +- Archive 1. Copy files to destination dir (`rsync`) 1. Create single archive file from backed up files (`tar` & `pigz`) 1. Rotate (delete) old archives (`find`) -- Quick: only copy files to destination. -- Snapshot: backup only changed files from last backup. - Not changed files get hard-linked from previous run so you can access them normally & restore easily but using way less disk space. - This is a quick and efficient way to create many backups. +- Quick: only copy files to destination. +- Snapshot: backup only changed files from last backup. + Not changed files get hard-linked from previous run so you can access them normally & restore easily but using way less disk space. + This is a quick and efficient way to create many backups. **Usage** @@ -63,10 +63,10 @@ OPTIONAL A wrapper and runner for `sysbench`. You can design multiple test runs with different test parameters, so you can benchmark the system for: -- CPU -- Memory -- Disks -- Download speed +- CPU +- Memory +- Disks +- Download speed in a single script. @@ -118,10 +118,10 @@ OPTIONS Clean-up temporary and other not needed files to free up disk space: -- Remove unused `apt` packages -- Remove old snaps -- Rotate system journal (keep 2 weeks of logs) -- Flush system caches +- Remove unused `apt` packages +- Remove old snaps +- Rotate system journal (keep 2 weeks of logs) +- Flush system caches !!! info @@ -176,10 +176,10 @@ Manages a `pass` password store located inside a `tomb`. Available actions: -- open: open password store in tomb -- close: close password store -- generate: generate a password but not save it as a pass. Useful if you just need a strong key. -- retrieve: get password from store +- open: open password store in tomb +- close: close password store +- generate: generate a password but not save it as a pass. Useful if you just need a strong key. +- retrieve: get password from store **Usage** diff --git a/docs/nav.md b/docs/nav.md index 0b2e6f5..3a3aaf8 100644 --- a/docs/nav.md +++ b/docs/nav.md @@ -1,19 +1,19 @@ -- [Home](index.md) -- [Installation](install.md) -- Reference - - [Bin](bin.md) - - Lib - - [Analytics](lib/analytics.md) - - [Certificates](lib/certificate.md) - - [Database](lib/db.md) - - [Dev Tools](lib/dev.md) - - [Error Handling](lib/error.md) - - [Files](lib/files.md) - - [Git](lib/git.md) - - [GitHub CLI](lib/github.md) - - [Loader](lib/_loader.md) - - [Network](lib/network.md) - - [Process](lib/process.md) - - [SSH](lib/ssh.md) - - [Text Processing](lib/text.md) - - [User Interface](lib/ui.md) +- [Home](index.md) +- [Installation](install.md) +- Reference + - [Bin](bin.md) + - Lib + - [Analytics](lib/analytics.md) + - [Certificates](lib/certificate.md) + - [Database](lib/db.md) + - [Dev Tools](lib/dev.md) + - [Error Handling](lib/error.md) + - [Files](lib/files.md) + - [Git](lib/git.md) + - [GitHub CLI](lib/github.md) + - [Loader](lib/_loader.md) + - [Network](lib/network.md) + - [Process](lib/process.md) + - [SSH](lib/ssh.md) + - [Text Processing](lib/text.md) + - [User Interface](lib/ui.md)