#!/bin/bash

default_macaroon_secret=/etc/xrootd/macaroon-secret

prog=${0##*/}

fail () {
    echo "$prog:" "$@" >&2
    exit 1
}

[[ `id -u` -eq 0 ]] || fail "Permission denied.  This must be run as root."

macaroon_secret_file=$default_macaroon_secret

if [[ -e $macaroon_secret_file ]]; then
    fail "'$macaroon_secret_file' already exists!  Delete the file before creating a new one."
fi

(
    umask 377 && \
    openssl rand -base64 -out $macaroon_secret_file 64 && \
    chown xrootd:xrootd $macaroon_secret_file
) || fail "Couldn't create '$macaroon_secret_file'."
