primatekuntech/triton-install
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(install): drop pubkey file from bundle — single license.lic is enough

Browse source 
Pubkey is now baked into the image at build time. Bundle is just license.lic.
TRITON_MANAGE_LICENSE_SERVER_PUBKEY in .env is optional (compiled-in default
used when empty).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
amir-climy 2026-05-20 00:08:17 +08:00
parent 9780ee3601
commit d2a19d4df7
3 changed files with 9 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -4,14 +4,14 @@ Production installer for the Triton Manage Server. Container-based (Docker or Po
## Install
Your vendor provides a licence bundle — a folder containing two files:
Your vendor provides a licence bundle — a single file:
```
triton-bundle/
├── license.lic # signed offline licence token
└── pubkey # vendor's Ed25519 public key
license.lic # signed offline licence token
```
The vendor's public key is baked into the image at build time — nothing else to configure.
Point the installer at the bundle:
```bash

4
manage-server/env.template
View file

@ -59,8 +59,8 @@ TRITON_MANAGE_SESSION_TTL=24h
# install.sh automatically — do not edit manually.
TRITON_LICENSE_KEY=
# Vendor's Ed25519 public key (64 hex chars). Set by install.sh from the
# pubkey file in your vendor bundle — do not edit manually.
# Vendor's Ed25519 public key (64 hex chars). Baked into the image at
# build time — leave empty unless you need to override the compiled-in key.
TRITON_MANAGE_LICENSE_SERVER_PUBKEY=
# Vendor's License Server URL. Optional — enables ongoing heartbeats and

16
manage-server/install.sh
View file

@ -7,10 +7,9 @@
# Usage:
# sudo bash install.sh --license-file /path/to/bundle/license.lic
#
# The license bundle (provided by your vendor) contains two files:
# The license bundle (provided by your vendor) is a single file:
# license.lic — signed offline licence token
# pubkey — vendor's Ed25519 public key (64 hex chars)
# Both files must be in the same directory.
# The vendor's public key is baked into the image at build time.
#
# Flags:
# --license-file PATH Path to license.lic from your vendor bundle. Required.
@ -56,13 +55,7 @@ done
[[ -n "$LICENSE_FILE" ]] || die "--license-file is required (path to license.lic from your vendor bundle)"
[[ -f "$LICENSE_FILE" ]] || die "license file not found: $LICENSE_FILE"
BUNDLE_DIR="$(cd -- "$(dirname -- "$LICENSE_FILE")" && pwd)"
PUBKEY_FILE="$BUNDLE_DIR/pubkey"
[[ -f "$PUBKEY_FILE" ]] || die "pubkey file not found: $PUBKEY_FILE (must be in the same directory as license.lic)"
LICENSE_TOKEN="$(cat "$LICENSE_FILE")"
LICENSE_PUBKEY="$(cat "$PUBKEY_FILE" | tr -d '[:space:]')"
[[ ${#LICENSE_PUBKEY} -eq 64 ]] || die "pubkey file must contain a 64 hex-char Ed25519 public key"
# ── runtime detection ────────────────────────────────────────────────────
if command -v podman-compose >/dev/null 2>&1; then
@ -99,10 +92,7 @@ if [[ ! -f "$ENV_FILE" ]]; then
"$ENV_FILE"
info "secrets generated"
sed -i \
-e "s|^TRITON_MANAGE_LICENSE_SERVER_PUBKEY=.*|TRITON_MANAGE_LICENSE_SERVER_PUBKEY=$LICENSE_PUBKEY|" \
-e "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" \
"$ENV_FILE"
sed -i "s|^TRITON_LICENSE_KEY=.*|TRITON_LICENSE_KEY=$LICENSE_TOKEN|" "$ENV_FILE"
info "licence configured"
[[ -n "$LICENSE_SERVER_URL" ]] && sed -i "s|^TRITON_LICENSE_SERVER_URL=.*|TRITON_LICENSE_SERVER_URL=$LICENSE_SERVER_URL|" "$ENV_FILE"