#!/bin/bash

default_macaroon_secret=/etc/xrootd/macaroon-secret

prog=${0##*/}

fail () {
    echo "$prog:" "$@" >&2
    exit 1
}

macaroon_secret_file=$default_macaroon_secret

if [[ -e $macaroon_secret_file ]]; then
    fail "'$macaroon_secret_file' already exists!  Delete the file before creating a new one."
fi

(
    umask 377 && \
    openssl rand -base64 -out $macaroon_secret_file 64
) || fail "Couldn't create '$macaroon_secret_file'."

[[ `id -u` -eq 0 ]] && chown xrootd:xrootd $macaroon_secret_file
