From d2a19d4df71f3b640d1ac1fb4ae8ed683fb15995 Mon Sep 17 00:00:00 2001 From: amir-climy Date: Wed, 20 May 2026 00:08:17 +0800 Subject: [PATCH] =?UTF-8?q?feat(install):=20drop=20pubkey=20file=20from=20?= =?UTF-8?q?bundle=20=E2=80=94=20single=20license.lic=20is=20enough?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pubkey is now baked into the image at build time. Bundle is just license.lic. TRITON_MANAGE_LICENSE_SERVER_PUBKEY in .env is optional (compiled-in default used when empty). Co-Authored-By: Claude Sonnet 4.6 --- README.md | 8 ++++---- manage-server/env.template | 4 ++-- manage-server/install.sh | 16 +++------------- 3 files changed, 9 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index bcbf651..6f53794 100644 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ Production installer for the Triton Manage Server. Container-based (Docker or Po ## Install -Your vendor provides a licence bundle — a folder containing two files: +Your vendor provides a licence bundle — a single file: ``` -triton-bundle/ -├── license.lic # signed offline licence token -└── pubkey # vendor's Ed25519 public key +license.lic # signed offline licence token ``` +The vendor's public key is baked into the image at build time — nothing else to configure. + Point the installer at the bundle: ```bash diff --git a/manage-server/env.template b/manage-server/env.template index 4b35b04..c99cffa 100644 --- a/manage-server/env.template +++ b/manage-server/env.template @@ -59,8 +59,8 @@ TRITON_MANAGE_SESSION_TTL=24h # install.sh automatically — do not edit manually. TRITON_LICENSE_KEY= -# Vendor's Ed25519 public key (64 hex chars). Set by install.sh from the -# pubkey file in your vendor bundle — do not edit manually. +# Vendor's Ed25519 public key (64 hex chars). Baked into the image at +# build time — leave empty unless you need to override the compiled-in key. TRITON_MANAGE_LICENSE_SERVER_PUBKEY= # Vendor's License Server URL. Optional — enables ongoing heartbeats and diff --git a/manage-server/install.sh b/manage-server/install.sh index 77660a0..4b9dcee 100755 --- a/manage-server/install.sh +++ b/manage-server/install.sh @@ -7,10 +7,9 @@ # Usage: # sudo bash install.sh --license-file /path/to/bundle/license.lic # -# The license bundle (provided by your vendor) contains two files: +# The license bundle (provided by your vendor) is a single file: # license.lic — signed offline licence token -# pubkey — vendor's Ed25519 public key (64 hex chars) -# Both files must be in the same directory. +# The vendor's public key is baked into the image at build time. # # Flags: # --license-file PATH Path to license.lic from your vendor bundle. Required. @@ -56,13 +55,7 @@ done [[ -n "$LICENSE_FILE" ]] || die "--license-file is required (path to license.lic from your vendor bundle)" [[ -f "$LICENSE_FILE" ]] || die "license file not found: $LICENSE_FILE" -BUNDLE_DIR="$(cd -- "$(dirname -- "$LICENSE_FILE")" && pwd)" -PUBKEY_FILE="$BUNDLE_DIR/pubkey" -[[ -f "$PUBKEY_FILE" ]] || die "pubkey file not found: $PUBKEY_FILE (must be in the same directory as license.lic)" - LICENSE_TOKEN="$(cat "$LICENSE_FILE")" -LICENSE_PUBKEY="$(cat "$PUBKEY_FILE" | tr -d '[:space:]')" -[[ ${#LICENSE_PUBKEY} -eq 64 ]] || die "pubkey file must contain a 64 hex-char Ed25519 public key" # ── runtime detection ──────────────────────────────────────────────────── if command -v podman-compose >/dev/null 2>&1; then @@ -99,10 +92,7 @@ if [[ ! -f "$ENV_FILE" ]]; then "$ENV_FILE" info "secrets generated" - sed -i \ - -e "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" \ - -e "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" \ - "$ENV_FILE" + sed -i "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" "$ENV_FILE" info "licence configured" [[ -n "$LICENSE_SERVER_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LICENSE_SERVER_URL|" "$ENV_FILE"