primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(install): fetch license pubkey automatically from license server URL

Browse source 
Remove --license-server-pubkey flag. When --license-server-url is given,
the installer fetches the pubkey from GET /api/v1/license/pubkey on the
license server and writes it to .env — the key is never visible to the
operator on the command line.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
amir-climy 2026-05-19 23:21:05 +08:00
parent e0e887f97a
commit bbdc8aa292
2 changed files with 14 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -28,8 +28,7 @@ curl -fsSL https://raw.githubusercontent.com/primatekuntech/triton-install/main/
| Flag | Description | | Flag | Description |
|------|-------------| |------|-------------|
| `--license-server-pubkey HEX` | Vendor's Ed25519 public key (64 hex chars). Required to start. | | `--license-server-url URL` | Vendor's License Server URL. Public key is fetched automatically. |
| `--license-server-url URL` | Vendor's License Server URL. |
| `--gateway-hostname HOST` | Agent mTLS hostname (defaults to current FQDN). | | `--gateway-hostname HOST` | Agent mTLS hostname (defaults to current FQDN). |
| `--manage-host-ip IP` | Host LAN IP for "+ This machine" auto-registration. | | `--manage-host-ip IP` | Host LAN IP for "+ This machine" auto-registration. |
| `--port PORT` | Host port for the web UI (default: `8082`). | | `--port PORT` | Host port for the web UI (default: `8082`). |

19
manage-server/install.sh
View file

@ -8,8 +8,8 @@
# sudo bash install.sh # sudo bash install.sh
# #
# Flags (all optional): # Flags (all optional):
# --license-server-pubkey HEX Vendor's Ed25519 public key (64 hex chars). Required to start. # --license-server-url URL Vendor's License Server URL. The public key is
# --license-server-url URL Vendor's License Server URL. # fetched automatically from the license server.
# --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN). # --gateway-hostname HOST Agent mTLS hostname (defaults to current FQDN).
# --manage-host-ip IP Host LAN IP — used for "+ This machine". # --manage-host-ip IP Host LAN IP — used for "+ This machine".
# --port PORT Host port for the web UI (default: 8082). # --port PORT Host port for the web UI (default: 8082).
@ -24,7 +24,6 @@ info() { printf '[manage-server] %s\n' "$*"; }
die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; } die() { printf '[manage-server] error: %s\n' "$*" >&2; exit 1; }
# ── arg parsing ────────────────────────────────────────────────────────── # ── arg parsing ──────────────────────────────────────────────────────────
LICENSE_PUBKEY=""
LICENSE_SERVER_URL="" LICENSE_SERVER_URL=""
GATEWAY_HOST="" GATEWAY_HOST=""
HOST_IP="" HOST_IP=""
@ -33,7 +32,6 @@ IMAGE=""
NO_TLS=0 NO_TLS=0
while [[ $# -gt 0 ]]; do while [[ $# -gt 0 ]]; do
case "$1" in case "$1" in
--license-server-pubkey) LICENSE_PUBKEY="$2"; shift 2 ;;
--license-server-url) LICENSE_SERVER_URL="$2"; shift 2 ;; --license-server-url) LICENSE_SERVER_URL="$2"; shift 2 ;;
--gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;; --gateway-hostname) GATEWAY_HOST="$2"; shift 2 ;;
--manage-host-ip) HOST_IP="$2"; shift 2 ;; --manage-host-ip) HOST_IP="$2"; shift 2 ;;
@ -82,8 +80,17 @@ if [[ ! -f "$ENV_FILE" ]]; then
"$ENV_FILE" "$ENV_FILE"
info "vault key generated (PostgreSQL AES-256-GCM)" info "vault key generated (PostgreSQL AES-256-GCM)"
[[ -n "$LICENSE_PUBKEY" ]] && sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE" if [[ -n "$LICENSE_SERVER_URL" ]]; then
[[ -n "$LICENSE_SERVER_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LICENSE_SERVER_URL|" "$ENV_FILE" sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LICENSE_SERVER_URL|" "$ENV_FILE"
info "fetching public key from license server..."
LICENSE_PUBKEY=$(curl -fsSL "${LICENSE_SERVER_URL}/api/v1/license/pubkey" \
| grep -o '"pubkey":"[^"]*"' | cut -d'"' -f4) \
|| die "failed to fetch public key from ${LICENSE_SERVER_URL}"
[[ ${#LICENSE_PUBKEY} -eq 64 ]] \
|| die "license server returned an invalid public key (expected 64 hex chars)"
sed -i "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" "$ENV_FILE"
info "public key configured"
fi
[[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE" [[ -n "$GATEWAY_HOST" ]] && sed -i "s|^TRITON_MANAGE_GATEWAY_HOSTNAME=.*|TRITON_MANAGE_GATEWAY_HOSTNAME=$GATEWAY_HOST|" "$ENV_FILE"
[[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE" [[ -n "$HOST_IP" ]] && sed -i "s|^TRITON_MANAGE_HOST_IP=.*|TRITON_MANAGE_HOST_IP=$HOST_IP|" "$ENV_FILE"
[[ -n "$PORT" ]] && sed -i "s|^TRITON_MANAGE_HOST_PORT=.*|TRITON_MANAGE_HOST_PORT=$PORT|" "$ENV_FILE" [[ -n "$PORT" ]] && sed -i "s|^TRITON_MANAGE_HOST_PORT=.*|TRITON_MANAGE_HOST_PORT=$PORT|" "$ENV_FILE"