v1.0.2

Merge pull request #45 from roman-mazur/roman/fix-build
scripts: Handle missing coreutils on Mac
2025-06-24 18:25:16 +00:00 · 2019-04-18 15:30:38 +03:00 · 2019-04-18 15:28:19 +03:00 · 2019-04-16 18:05:16 +03:00 · 2019-03-20 11:24:21 +02:00 · 2019-03-20 09:22:11 +00:00
7 changed files with 45 additions and 15 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).

+# v1.0.2
+## (2019-04-17)
+
+* scripts: Handle missing coreutils on Mac [Roman Mazur]
+
+# v1.0.1
+## (2019-03-20)
+
+* vpn: Remove BALENA_ROOT_CA from the VPN trust chain [Rich Bayliss]
+
+# v1.0.0
+## (2019-03-15)
+
+* tags: Pin the image tags for the service stack [Rich Bayliss]
+
 # v0.2.2
 ## (2019-03-08)

--- a/2
+++ b/2
@ -1 +1 @@
-0.2.2
+1.0.2
--- a/compose/versions
+++ b/compose/versions
@ -0,0 +1,5 @@
+export OPENBALENA_API_VERSION_TAG=v0.11.8
+export OPENBALENA_DB_VERSION_TAG=v2.0.3
+export OPENBALENA_REGISTRY_VERSION_TAG=v2.5.0
+export OPENBALENA_S3_VERSION_TAG=v2.5.0
+export OPENBALENA_VPN_VERSION_TAG=v8.10.0
--- a/scripts/_realpath
+++ b/scripts/_realpath
@ -1,5 +1,11 @@
 #!/bin/bash -e

+echo_error() {
+    local RED=`tput setaf 1`
+    local RESET=`tput sgr0`
+    echo "${RED}ERROR: ${1}${RESET}"
+}
+
 REALPATH=
 REALPATHS=(
    'realpath'
@ -14,8 +20,13 @@ fi
 done

 if [ -z "${REALPATH}" ]; then
-    local RED=`tput setaf 1`
-    echo "${RED}ERROR: Unable to find suitable command for realpath."
+    echo_error 'Unable to find suitable command for realpath.'
+    if [ $(uname) == 'Darwin' ]; then
+        echo 'GNU coreutils are required to build openBalena on MacOS. To install with brew, run'
+        echo ''
+        echo '    brew install coreutils'
+        echo ''
+    fi
    exit 1
 fi

--- a/scripts/compose
+++ b/scripts/compose
@ -11,6 +11,12 @@ echo_bold() {
  printf "\\033[1m%s\\033[0m\\n" "$@"
 }

+VERSIONS_FILE="${BASE_DIR}/compose/versions"
+if [ ! -f "$VERSIONS_FILE" ]; then
+  echo_bold "No service versions defined in ${VERSIONS_FILE}"
+  exit 1
+fi
+
 ENV_FILE="${CONFIG_DIR}/activate"
 if [ ! -f "$ENV_FILE" ]; then
  echo_bold 'No configuration found; please create one first with: ./scripts/quickstart'
@ -19,7 +25,7 @@ if [ ! -f "$ENV_FILE" ]; then
 fi

 # shellcheck source=/dev/null
-source "${ENV_FILE}"; docker-compose \
+source "${VERSIONS_FILE}"; source "${ENV_FILE}"; docker-compose \
  --project-name 'openbalena' \
  -f "${BASE_DIR}/compose/services.yml" \
  -f "${CONFIG_DIR}/docker-compose.yml" \
--- a/scripts/gen-vpn-certs
+++ b/scripts/gen-vpn-certs
@ -32,14 +32,9 @@ if [ ! -f $VPN_CA ] || [ ! -f $VPN_CRT ] || [ ! -f $VPN_KEY ] || [ ! -f $VPN_DH

  rm -f $VPN_CA $VPN_CRT $VPN_DH $VPN_KEY

-  # generate VPN sub-CA
+  # generate VPN CA
  "$easyrsa_bin" --pki-dir="${VPN_PKI}" init-pki &>/dev/null
-  "$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass subca 2>/dev/null
-
-  # import sub-CA CSR into root PKI, sign, and copy back to vpn PKI
-  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" import-req "${VPN_PKI}/reqs/ca.req" "vpn-ca" 2>/dev/null
-  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" sign-req ca "vpn-ca" 2>/dev/null
-  cp "${ROOT_PKI}/issued/vpn-ca.crt" "${VPN_PKI}/ca.crt"
+  "$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CA_EXPIRY_DAYS}" --req-cn="vpn-ca.${CN}" build-ca nopass 2>/dev/null

  # generate and sign vpn server certificate
  "$easyrsa_bin" --pki-dir="${VPN_PKI}" --days="${CRT_EXPIRY_DAYS}" build-server-full "vpn.${CN}" nopass 2>/dev/null
@ -48,8 +43,6 @@ if [ ! -f $VPN_CA ] || [ ! -f $VPN_CRT ] || [ ! -f $VPN_KEY ] || [ ! -f $VPN_DH
  "$easyrsa_bin" --pki-dir="${VPN_PKI}" --keysize=2048 gen-dh 2>/dev/null

  # update indexes and generate CRLs
-  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" update-db 2>/dev/null
  "$easyrsa_bin" --pki-dir="${VPN_PKI}" update-db 2>/dev/null
-  "$easyrsa_bin" --pki-dir="${ROOT_PKI}" gen-crl 2>/dev/null
  "$easyrsa_bin" --pki-dir="${VPN_PKI}" gen-crl 2>/dev/null
 fi
--- a/scripts/make-env
+++ b/scripts/make-env
@ -12,7 +12,7 @@ usage() {
  echo "  JWT_CRT    Path to Token Auth certificate"
  echo "  JWT_KEY    Path to Token Auth private key"
  echo "  JWT_KID    Path to KeyID for the Token Auth certificate"
-  echo "  VPN_CA     Path to the VPN sub-CA certificate"
+  echo "  VPN_CA     Path to the VPN CA certificate"
  echo "  VPN_CRT    Path to the VPN server certificate"
  echo "  VPN_KEY    Path to the VPN server private key"
  echo "  VPN_DH     Path to the VPN server Diffie Hellman parameters"
@ -83,7 +83,7 @@ export OPENBALENA_TOKEN_AUTH_PUB=$(b64file "$JWT_CRT")
 export OPENBALENA_TOKEN_AUTH_KEY=$(b64file "$JWT_KEY")
 export OPENBALENA_TOKEN_AUTH_KID=$(b64file "$JWT_KID")
 export OPENBALENA_VPN_CA=$(b64file "$VPN_CA")
-export OPENBALENA_VPN_CA_CHAIN=$(b64file "$ROOT_CA" "$VPN_CA")
+export OPENBALENA_VPN_CA_CHAIN=$(b64file "$VPN_CA")
 export OPENBALENA_VPN_CONFIG=$(b64encode "$VPN_CONFIG")
 export OPENBALENA_VPN_SERVER_CRT=$(b64file "$VPN_CRT")
 export OPENBALENA_VPN_SERVER_KEY=$(b64file "$VPN_KEY")
Author	SHA1	Message	Date
Resin CI	290c90c262	v1.0.2	2019-04-18 15:30:38 +03:00
dfunckt	98b6100fed	Merge pull request #45 from roman-mazur/roman/fix-build scripts: Handle missing coreutils on Mac	2019-04-18 15:28:19 +03:00
Roman Mazur	e1bfb7f7b0	scripts: Handle missing coreutils on Mac For convenience, also add instructions what to install. Tha change also addresses invalid usage of 'local' outside of a function. Change-type: patch Signed-off-by: Roman Mazur <mazur.roman@gmail.com>	2019-04-16 18:05:16 +03:00
Resin CI	35ab5300e6	v1.0.1	2019-03-20 11:24:21 +02:00
Rich Bayliss	fd031ad3a4	Merge pull request #42 from balena-io/prevent-root-ca-signing-vpn-ca vpn: Remove BALENA_ROOT_CA from the VPN trust chain	2019-03-20 09:22:11 +00:00
Rich Bayliss	95d53993bc	vpn: Remove BALENA_ROOT_CA from the VPN trust chain The VPN CA shouldn't need to be signed by the same CA that the HAproxy service certificate is signed by. By removing this chain we are able to use a different CA for the HTTPS services without impacting on the VPN service. Change-type: patch Signed-off-by: Rich Bayliss <rich@balena.io>	2019-03-20 09:13:19 +00:00
Resin CI	1721728794	v1.0.0	2019-03-15 17:29:55 +02:00
Rich Bayliss	061440f109	Merge pull request #43 from balena-io/pin-service-tags tags: Pin the image tags for the service stack	2019-03-15 15:28:08 +00:00
Rich Bayliss	2f0fb27145	tags: Pin the image tags for the service stack In order to have concrete releases of openBalena we should pin each service to a given version. This PR is the start of this and marks the first version of openBalena with known service tags. Change-type: major Signed-off-by: Rich Bayliss <rich@balena.io>	2019-03-15 15:14:57 +00:00
 @ -1 +1 @@
 .2.2
 .0.2