b60dfaba10
As the docs of codeberg refer to the strings printed by the Forgejo ssh servers, this is user-facing and is nice to update to the new product name. (cherry picked from commit103991d73f
) (cherry picked from commit2a0d3f85f1
) (cherry picked from commiteb2b4ce388
) (cherry picked from commit0998b51716
) [BRANDING] forgejo log message (cherry picked from commitd51a046ebe
) (cherry picked from commitd66e1c7b6e
) (cherry picked from commitb5bffe4ce8
) (cherry picked from commit3fa776d856
) (cherry picked from commit18d064f472
) (cherry picked from commitc95094e355
) (cherry picked from commit5784290bc4
) (cherry picked from commitaee336886b
) (cherry picked from commitec2f60b516
) (cherry picked from commit7af742a284
) (cherry picked from commitf279e2a264
) (cherry picked from commitfd38cfb14e
) (cherry picked from commit64c8226618
) (cherry picked from commitb546fb2304
) (cherry picked from commitad10202177
) (cherry picked from commitc89cab9c2b
) (cherry picked from commit9579322ec2
) (cherry picked from commit16b44ad18d
) (cherry picked from commit2571ff703b
) (cherry picked from commitad61d9ce9b
) (cherry picked from commit9b2c45d4d3
) (cherry picked from commited01b79a59
) (cherry picked from commitd040b66427
) (cherry picked from commitffe0bbea48
) (cherry picked from commit4c1b2c409b
) (cherry picked from commit3d8338ed10
) (cherry picked from commita92f044ea9
) [BRANDING] link to forgejo.org/docs instead of docs.gitea.io (cherry picked from commit3efafd0e08
) (cherry picked from commit148185e34b
) (cherry picked from commit834e264698
) (cherry picked from commite72fa6eb1e
) [BRANDING] link to forgejo.org/docs instead of docs.gitea.io Fix the link that was 404. (cherry picked from commitae515d7258
) (cherry picked from commitfacc2367f0
) (cherry picked from commit25784b9f21
) (cherry picked from commit2efc6138d9
) (cherry picked from commitb9d0871631
) (cherry picked from commitf0446e51b9
) (cherry picked from commit1638aa67fb
) (cherry picked from commit290db6a018
) (cherry picked from commit89b87cf542
) (cherry picked from commit656ed94962
) (cherry picked from commit036f879f96
) (cherry picked from commit69eea35f81
) (cherry picked from commitb72e3f4a92
) (cherry picked from commitaf606b8574
) (cherry picked from commit7e47f8135c
) (cherry picked from commit0e5218cc53
) (cherry picked from commit7c2a20a528
) (cherry picked from commit4e94006363
) (cherry picked from commite47cdfc43f
) (cherry picked from commit1dcb3e1da4
) (cherry picked from commit67367c4e0f
) (cherry picked from commit252087d1ff
) (cherry picked from commitf5977a43e5
) Conflicts: templates/base/head_navbar.tmpl https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commit594938eb15
) (cherry picked from commit0257d038a7
) (cherry picked from commit72821dd140
) [BRANDING] s/gitea/forgejo/ in HTML placeholders Replaced Gitea branding with Forgejo for input placeholders Closes: #686 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/752 (cherry picked from commit6160d37ca9
) (cherry picked from commitdf61138c7e
) (cherry picked from commit1f30566c3f
) (cherry picked from commit539bb825f5
) (cherry picked from commitbee0f66c86
) (cherry picked from commit60ad005c95
) (cherry picked from commit282e26222e
) (cherry picked from commitf9ca551f3d
) (cherry picked from commitb2e04b04c3
) (cherry picked from commitc8f395a03c
) (cherry picked from commit0d58ce49ae
) (cherry picked from commitc602ddf91e
) (cherry picked from commit029e37271e
) (cherry picked from commitfdaa96b3cc
) (cherry picked from commit515d99e27d
) (cherry picked from commitda73274ba1
) (cherry picked from commitce90b696a0
) (cherry picked from commitb6bf98763b
) (cherry picked from commit5b380d22d7
) [BRANDING] How to start a runner: URL to Actions admin documentation (cherry picked from commitda91799e6f
) (cherry picked from commit28231663b6
) (cherry picked from commit533a90345b
) (cherry picked from commit6a0e4e55dd
) (cherry picked from commitf47cd611c6
) (cherry picked from commit001264b784
) (cherry picked from commite4099e9bb9
) (cherry picked from commit3a1885649f
) (cherry picked from commitc42802c710
) (cherry picked from commita611ce8d6d
) (cherry picked from commita3d7d10a80
) (cherry picked from commit52adde671f
) (cherry picked from commitc9a3820fef
) (cherry picked from commitdce40997c9
) (cherry picked from commit312a6b92f3
) [BRANDING] package templates & links - Change Gitea to Forgejo where necessary. - Point all documentation to Forgejo's documentation. - Resolves #992 (cherry picked from commitd0b78a6ede
) (cherry picked from commite2382f30ba
) (cherry picked from commitc41cf05a33
) (cherry picked from commit797e598ae7
) (cherry picked from commit970031a1c2
) (cherry picked from commit0c1180e2e1
) Conflicts: templates/package/content/alpine.tmpl templates/package/content/cargo.tmpl templates/package/content/chef.tmpl templates/package/content/composer.tmpl templates/package/content/conan.tmpl templates/package/content/conda.tmpl templates/package/content/container.tmpl templates/package/content/cran.tmpl templates/package/content/debian.tmpl templates/package/content/generic.tmpl templates/package/content/go.tmpl templates/package/content/helm.tmpl templates/package/content/maven.tmpl templates/package/content/npm.tmpl templates/package/content/nuget.tmpl templates/package/content/pub.tmpl templates/package/content/pypi.tmpl templates/package/content/rpm.tmpl templates/package/content/rubygems.tmpl templates/package/content/swift.tmpl templates/package/content/vagrant.tmpl https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commit42ac9ff2ab
) (cherry picked from commite390000bce
) (cherry picked from commit56a437b29b
) Conflicts: templates/package/content/cargo.tmpl https://codeberg.org/forgejo/forgejo/pulls/1466 [BRANDING] s/Gitea/Forgejo/ in user visible help & comments - Modify the README of the docker directory to point to the relevant docker files and documentation for Forgejo. (cherry picked from commitaca6371215
) (cherry picked from commit0ba96b1bc4
) (cherry picked from commit5c8e6b53f1
) Conflicts: docker/README.md https://codeberg.org/forgejo/forgejo/pulls/1351 (cherry picked from commitb3121c8004
) (cherry picked from commit607f870416
) (cherry picked from commit191d96afe4
) [BRANDING] healthcheck/check.go (cherry picked from commitd703a236ce
) (cherry picked from commitd84ce3ff20
) (cherry picked from commit2dbb844606
) (cherry picked from commit14d3ae7e3a
) [BRANDING] s/Gitea/Forgejo/g in CLI output (cherry picked from commit7543c126bb
) (cherry picked from commitb66f422fc3
) (cherry picked from commita81e4e46f3
) [BRANDING] Gitea->Forgejo in mailer code (cherry picked from commitb91afea4ff
) (cherry picked from commit5d7428167c
) (cherry picked from commited8101ba6c
) [BRANDING] use 'Forgejo' for Discord, Packagist, and Slack webhooks Refs: https://codeberg.org/forgejo/forgejo/issues/1387 (cherry picked from commit7dc3a05f5b
) (cherry picked from commit133f2fc6cc
) [BRANDING] cmd/manager.go (cherry picked from commitd1dba2c79d
) [BRANDING] pyproject.toml (cherry picked from commit7e8c868db2
) (cherry picked from commit2395995c8b
) (cherry picked from commitdd6fbbf332
) Conflicts: templates/package/content/cargo.tmpl https://codeberg.org/forgejo/forgejo/pulls/1548 (cherry picked from commit6f9a5d5cab
) (cherry picked from commitd0635c4a07
) (cherry picked from commit5d3b4594df
) (cherry picked from commit6da3b43eff
)
196 lines
4.9 KiB
Go
196 lines
4.9 KiB
Go
// Copyright 2009 The Go Authors. All rights reserved.
|
|
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2016 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/elliptic"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"log"
|
|
"math/big"
|
|
"net"
|
|
"os"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/urfave/cli/v2"
|
|
)
|
|
|
|
// CmdCert represents the available cert sub-command.
|
|
var CmdCert = &cli.Command{
|
|
Name: "cert",
|
|
Usage: "Generate self-signed certificate",
|
|
Description: `Generate a self-signed X.509 certificate for a TLS server.
|
|
Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
|
|
Action: runCert,
|
|
Flags: []cli.Flag{
|
|
&cli.StringFlag{
|
|
Name: "host",
|
|
Value: "",
|
|
Usage: "Comma-separated hostnames and IPs to generate a certificate for",
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "ecdsa-curve",
|
|
Value: "",
|
|
Usage: "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521",
|
|
},
|
|
&cli.IntFlag{
|
|
Name: "rsa-bits",
|
|
Value: 3072,
|
|
Usage: "Size of RSA key to generate. Ignored if --ecdsa-curve is set",
|
|
},
|
|
&cli.StringFlag{
|
|
Name: "start-date",
|
|
Value: "",
|
|
Usage: "Creation date formatted as Jan 1 15:04:05 2011",
|
|
},
|
|
&cli.DurationFlag{
|
|
Name: "duration",
|
|
Value: 365 * 24 * time.Hour,
|
|
Usage: "Duration that certificate is valid for",
|
|
},
|
|
&cli.BoolFlag{
|
|
Name: "ca",
|
|
Usage: "whether this cert should be its own Certificate Authority",
|
|
},
|
|
},
|
|
}
|
|
|
|
func publicKey(priv any) any {
|
|
switch k := priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
return &k.PublicKey
|
|
case *ecdsa.PrivateKey:
|
|
return &k.PublicKey
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func pemBlockForKey(priv any) *pem.Block {
|
|
switch k := priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}
|
|
case *ecdsa.PrivateKey:
|
|
b, err := x509.MarshalECPrivateKey(k)
|
|
if err != nil {
|
|
log.Fatalf("Unable to marshal ECDSA private key: %v", err)
|
|
}
|
|
return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func runCert(c *cli.Context) error {
|
|
if err := argsSet(c, "host"); err != nil {
|
|
return err
|
|
}
|
|
|
|
var priv any
|
|
var err error
|
|
switch c.String("ecdsa-curve") {
|
|
case "":
|
|
priv, err = rsa.GenerateKey(rand.Reader, c.Int("rsa-bits"))
|
|
case "P224":
|
|
priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
|
|
case "P256":
|
|
priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
|
|
case "P384":
|
|
priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
|
|
case "P521":
|
|
priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
|
|
default:
|
|
log.Fatalf("Unrecognized elliptic curve: %q", c.String("ecdsa-curve"))
|
|
}
|
|
if err != nil {
|
|
log.Fatalf("Failed to generate private key: %v", err)
|
|
}
|
|
|
|
var notBefore time.Time
|
|
if startDate := c.String("start-date"); startDate != "" {
|
|
notBefore, err = time.Parse("Jan 2 15:04:05 2006", startDate)
|
|
if err != nil {
|
|
log.Fatalf("Failed to parse creation date: %v", err)
|
|
}
|
|
} else {
|
|
notBefore = time.Now()
|
|
}
|
|
|
|
notAfter := notBefore.Add(c.Duration("duration"))
|
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
if err != nil {
|
|
log.Fatalf("Failed to generate serial number: %v", err)
|
|
}
|
|
|
|
template := x509.Certificate{
|
|
SerialNumber: serialNumber,
|
|
Subject: pkix.Name{
|
|
Organization: []string{"Acme Co"},
|
|
CommonName: "Forgejo",
|
|
},
|
|
NotBefore: notBefore,
|
|
NotAfter: notAfter,
|
|
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
BasicConstraintsValid: true,
|
|
}
|
|
|
|
hosts := strings.Split(c.String("host"), ",")
|
|
for _, h := range hosts {
|
|
if ip := net.ParseIP(h); ip != nil {
|
|
template.IPAddresses = append(template.IPAddresses, ip)
|
|
} else {
|
|
template.DNSNames = append(template.DNSNames, h)
|
|
}
|
|
}
|
|
|
|
if c.Bool("ca") {
|
|
template.IsCA = true
|
|
template.KeyUsage |= x509.KeyUsageCertSign
|
|
}
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
|
|
if err != nil {
|
|
log.Fatalf("Failed to create certificate: %v", err)
|
|
}
|
|
|
|
certOut, err := os.Create("cert.pem")
|
|
if err != nil {
|
|
log.Fatalf("Failed to open cert.pem for writing: %v", err)
|
|
}
|
|
err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
if err != nil {
|
|
log.Fatalf("Failed to encode certificate: %v", err)
|
|
}
|
|
err = certOut.Close()
|
|
if err != nil {
|
|
log.Fatalf("Failed to write cert: %v", err)
|
|
}
|
|
log.Println("Written cert.pem")
|
|
|
|
keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
|
|
if err != nil {
|
|
log.Fatalf("Failed to open key.pem for writing: %v", err)
|
|
}
|
|
err = pem.Encode(keyOut, pemBlockForKey(priv))
|
|
if err != nil {
|
|
log.Fatalf("Failed to encode key: %v", err)
|
|
}
|
|
err = keyOut.Close()
|
|
if err != nil {
|
|
log.Fatalf("Failed to write key: %v", err)
|
|
}
|
|
log.Println("Written key.pem")
|
|
return nil
|
|
}
|