mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
release/dist/cli: add gen-key command (#9023)
Add a new subcommand to generate a Ed25519 key pair for release signing. The same command can be used to generate both root and signing keys. Updates #8760 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
This commit is contained in:
parent
e1c7e9b736
commit
05523bdcdd
36
release/dist/cli/cli.go
vendored
36
release/dist/cli/cli.go
vendored
@ -18,6 +18,7 @@
|
||||
"time"
|
||||
|
||||
"github.com/peterbourgon/ff/v3/ffcli"
|
||||
"tailscale.com/clientupdate/distsign"
|
||||
"tailscale.com/release/dist"
|
||||
"tailscale.com/release/dist/unixpkgs"
|
||||
)
|
||||
@ -78,6 +79,20 @@ func CLI(getTargets func(unixpkgs.Signers) ([]dist.Target, error)) *ffcli.Comman
|
||||
Filters can use glob patterns (* and ?).
|
||||
`),
|
||||
},
|
||||
{
|
||||
Name: "gen-key",
|
||||
Exec: func(ctx context.Context, args []string) error {
|
||||
return runGenKey(ctx)
|
||||
},
|
||||
ShortUsage: "dist gen-key",
|
||||
ShortHelp: "Generate root or signing key pair",
|
||||
FlagSet: (func() *flag.FlagSet {
|
||||
fs := flag.NewFlagSet("gen-key", flag.ExitOnError)
|
||||
fs.StringVar(&genKeyArgs.privPath, "priv-path", "private-key.pem", "output path for the private key")
|
||||
fs.StringVar(&genKeyArgs.pubPath, "pub-path", "public-key.pem", "output path for the public key")
|
||||
return fs
|
||||
})(),
|
||||
},
|
||||
},
|
||||
Exec: func(context.Context, []string) error { return flag.ErrHelp },
|
||||
}
|
||||
@ -173,3 +188,24 @@ func parseSigningKey(path string) (crypto.Signer, error) {
|
||||
}
|
||||
return x509.ParseECPrivateKey(b.Bytes)
|
||||
}
|
||||
|
||||
var genKeyArgs struct {
|
||||
privPath string
|
||||
pubPath string
|
||||
}
|
||||
|
||||
func runGenKey(ctx context.Context) error {
|
||||
priv, pub, err := distsign.GenerateKey()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := os.WriteFile(genKeyArgs.privPath, priv, 0400); err != nil {
|
||||
return fmt.Errorf("failed writing private key: %w", err)
|
||||
}
|
||||
fmt.Println("wrote private key to", genKeyArgs.privPath)
|
||||
if err := os.WriteFile(genKeyArgs.pubPath, pub, 0400); err != nil {
|
||||
return fmt.Errorf("failed writing public key: %w", err)
|
||||
}
|
||||
fmt.Println("wrote public key to", genKeyArgs.pubPath)
|
||||
return nil
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user