Commit b7183aec authored by Fabio M. Di Nitto's avatar Fabio M. Di Nitto

Cleanup the code a lot to be a bit more readable.

Add option generate-default-snakeoil.
Create default snakeoil in postinst.


git-svn-id: svn+ssh://svn.debian.org/svn/pkg-apache/apache2/trunk/ssl-cert@111 01b336ce-410b-0410-9a02-a0e7f243c266
parent 0a0640ec
ssl-cert (1.0-11ubuntu1) dapper; urgency=low
* Cleanup the code a lot to be a bit more readable.
* Add option generate-default-snakeoil.
* Create default snakeoil in postinst.
-- Fabio M. Di Nitto <fabbione@ubuntu.com> Fri, 03 Feb 2006 13:36:53 +0100
ssl-cert (1.0-11) unstable; urgency=low
* Depend on openssl (Closes: #288050)
......
#!/bin/sh
. /usr/share/debconf/confmodule
db_stop
# no need to perform any check. If the certificates are there
# it will exit 0.
make-ssl-cert generate-default-snakeoil
#DEBHELPER#
......@@ -2,99 +2,134 @@
# This is a mockup of a script to produce a snakeoil cert
# The aim is to have a debconfisable ssl-certificate script
# Takes two arguments, the base layout and the output cert.
if [ $# -lt 2 ]; then
printf "Usage: $0 template output [--force-overwrite]\n";
exit 1;
fi
template="$1"
output="$2"
if [ ! -f $template ]; then
printf "Could not open template file: $template!\n";
exit 1;
fi
# be a bit paranoid to avoid users overwriting existing certificates
# by mistake
if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
printf "$output file already exists!\n";
exit 1;
fi
# Now we source in debconf so ve can ask ze questions!
. /usr/share/debconf/confmodule
db_version 2.0
db_capb backup
db_settitle make-ssl-cert/title
templates="countryname statename localityname organisationname ouname hostname email"
ask_via_debconf() {
db_settitle make-ssl-cert/title
templates="countryname statename localityname organisationname ouname hostname email"
for i in $templates; do
RET=""
while [ "x$RET" = "x" ]; do
db_fset make-ssl-cert/$i seen false
db_input high make-ssl-cert/$i || true
db_go
db_get make-ssl-cert/$i
done
done
db_get make-ssl-cert/countryname
CountryName="$RET"
db_fset make-ssl-cert/countryname seen false
db_get make-ssl-cert/statename
StateName="$RET"
db_fset make-ssl-cert/statename seen false
db_get make-ssl-cert/localityname
LocalityName="$RET"
db_fset make-ssl-cert/localityname seen false
db_get make-ssl-cert/organisationname
OrganisationName="$RET"
db_fset make-ssl-cert/organisationname seen false
db_get make-ssl-cert/ouname
OUName="$RET"
db_fset make-ssl-cert/ouname seen false
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
db_get make-ssl-cert/email
Email="$RET"
db_fset make-ssl-cert/email seen false
}
make_snakeoil() {
CountryName="XX"
StateName="There is no such thing outside US"
LocalityName="Everywhere"
OrganisationName="OCOSA"
OUName="Office for Complication of Otherwise Simple Affairs"
HostName="$(hostname)"
Email="root@$HostName"
}
create_temporary_cnf() {
sed -e s#@CountryName@#"$CountryName"# \
-e s#@StateName@#"$StateName"# \
-e s#@LocalityName@#"$LocalityName"# \
-e s#@OrganisationName@#"$OrganisationName"# \
-e s#@OUName@#"$OUName"# \
-e s#@HostName@#"$HostName"# \
-e s#@Email@#"$Email"# \
$template > $TMPFILE
}
for i in $templates; do
RET=""
while [ "x$RET" = "x" ]; do
db_fset make-ssl-cert/$i seen false
db_input high make-ssl-cert/$i || true
db_go
db_get make-ssl-cert/$i
done
done
db_get make-ssl-cert/countryname
CountryName="$RET"
db_fset make-ssl-cert/countryname seen false
db_get make-ssl-cert/statename
StateName="$RET"
db_fset make-ssl-cert/statename seen false
db_get make-ssl-cert/localityname
LocalityName="$RET"
db_fset make-ssl-cert/localityname seen false
db_get make-ssl-cert/organisationname
OrganisationName="$RET"
db_fset make-ssl-cert/organisationname seen false
db_get make-ssl-cert/ouname
OUName="$RET"
db_fset make-ssl-cert/ouname seen false
# Takes two arguments, the base layout and the output cert.
db_get make-ssl-cert/hostname
HostName="$RET"
db_fset make-ssl-cert/hostname seen false
if [ $# -lt 2 ] && [ "$1" != "generate-default-snakeoil" ]; then
printf "Usage: $0 template output [--force-overwrite]\n";
printf "Usage: $0 generate-default-snakeoil [--force-overwrite]\n";
exit 1;
fi
db_get make-ssl-cert/email
Email="$RET"
db_fset make-ssl-cert/email seen false
if [ "$1" != "generate-default-snakeoil" ]; then
template="$1"
output="$2"
# be anal in manual mode.
if [ ! -f $template ]; then
printf "Could not open template file: $template!\n";
exit 1;
fi
if [ -f $output ] && [ "$3" != "--force-overwrite" ]; then
printf "$output file already exists!\n";
exit 1;
fi
ask_via_debconf
else
template="/usr/share/ssl-cert/ssleay.cnf"
if [ -f "/etc/ssl/certs/ssl-cert-snakeoil.pem" ] && [ -f "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then
if [ "$2" != "--force-overwrite" ]; then
exit 0
fi
fi
make_snakeoil
fi
# # should be a less common char
# problem is that openssl virtually accepts everything and we need to
# sacrifice one char.
TMPFILE=`mktemp` || exit 1
TMPFILE="$(mktemp)" || exit 1
sed -e s#@CountryName@#"$CountryName"# \
-e s#@StateName@#"$StateName"# \
-e s#@LocalityName@#"$LocalityName"# \
-e s#@OrganisationName@#"$OrganisationName"# \
-e s#@OUName@#"$OUName"# \
-e s#@HostName@#"$HostName"# \
-e s#@Email@#"$Email"# \
$template > $TMPFILE
create_temporary_cnf
# create the certiface.
export RANDFILE=/dev/random
openssl req -config $TMPFILE -new -x509 -nodes -out $output \
-keyout $output
chmod 600 $output
# hash symlink
cd `dirname $output`
ln -sf `basename $output` `openssl x509 -hash -noout -in $output`
if [ "$1" != "generate-default-snakeoil" ]; then
openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1
chmod 600 $output
# hash symlink
cd $(dirname $output)
ln -sf $(basename $output) $(openssl x509 -hash -noout -in $output)
else
openssl req -config $TMPFILE -new -x509 -nodes \
-out /etc/ssl/certs/ssl-cert-snakeoil.pem \
-keyout /etc/ssl/private/ssl-cert-snakeoil.key > /dev/null 2>&1
chmod 644 /etc/ssl/certs/ssl-cert-snakeoil.pem
chmod 600 /etc/ssl/private/ssl-cert-snakeoil.key
# hash symlink
cd /etc/ssl/certs/
ln -sf ssl-cert-snakeoil.pem $(openssl x509 -hash -noout -in ssl-cert-snakeoil.pem)
fi
# cleanup
rm -f $TMPFILE
db_stop
......@@ -5,6 +5,9 @@ make-ssl-cert - Debconf wrapper for openssl
.B make-ssl-cert
\fItemplate\fR \fIoutput-certificate\fR [\fI\-\-force\-overwrite\fR]
.br
.B make-ssl-cert
\fIgenerate-default-snakeoil\fR [\fI\-\-force\-overwrite\fR]
.br
.SH "DESCRIPTION"
make-ssl-cert is a simple debconf to openssl wrapper.
It requires a source template (Ex: /usr/share/ssl-cert/ssleay.cnf)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment