sync-certs: Add script to get certs from cache dir

The sync-certs script gets the certs from the SOAP cache directory,
moves them to the bcfg2 repo and makes an automatic commit for each
certificate.

1 files changed, 39 insertions, 0 deletions

diff --git a/sync-certs b/sync-certs
new file mode 100755
index 0000000..724b76c
--- /dev/null
+++ b/sync-certs
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+FILE_REGEXP='\(.*\)-\([0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}\).crt'
+REPO="$1"
+
+if [[ -z "$REPO" || ! -d "$REPO/SSL/" || ! -d "$REPO/.git" ]]; then
+    echo "Usage: $0 <repo>" >&2
+    exit 1
+fi
+
+change=0
+cd "$REPO" >/dev/null
+
+for cert in /var/cache/spline-ssl/* ; do
+
+    if read host date ; then
+
+        if [[ -n "$host" && -n "$date" ]]; then
+            mkdir -p "SSL/$host/"
+            mv "$cert" "SSL/$host/$host-$date.crt"
+
+            git add "SSL/$host/$host-$date.crt"
+            git commit --no-verify --quiet \
+                --author="SSL Cert Syncer <root@bcfg2.spline.inf.fu-berlin.de>" \
+                --message="SSL: Automatic ssl cert sync
+
+Add cert for $host." \
+                "SSL/$host/$host-$date.crt"
+
+            ((change++))
+
+        fi
+
+    fi < <(basename "$cert" | sed "s/$FILE_REGEXP/\1 \2/")
+done
+
+if [[ $change -gt 0 ]]; then
+    echo "Moved $change certificates into repo, you may want to call $(tput bold)renew-config$(tput sgr0) now."
+fi