Shell script for key generation.

Try and run keygen during various installations.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2724 cb58f699-b61c-0410-a6fe-9272a202ed29

diff --git a/configs/Makefile.am b/configs/Makefile.am
index 167b0d5..8ffb862 100644 (file)
--- a/configs/Makefile.am
+++ b/configs/Makefile.am
@@ -15,7 +15,8 @@ pkgsysconf_DATA = \
        shibd-osx.plist \
        apache.config \
        apache2.config \
-       apache22.config
+       apache22.config \
+       keygen.sh
 
 # The config files are installed "special".  Unlike the entries in
 # pkgsysconf_DATA, these files are installed as "foo.dist" and only
@@ -104,6 +105,10 @@ install-data-local:        all-data-local
                fi; \
                $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)${pkgsysconfdir}/$$f.dist; \
         done
+    if test -z $NOKEYGEN ; then
+        cd $(DESTDIR)$(pkgsysconfdir)
+        sh ./keygen.sh -b
+    fi
 
 CLEANFILES = \
        apache.config \

diff --git a/configs/keygen.bat b/configs/keygen.bat
index 49d30a7..f974205 100644 (file)
--- a/configs/keygen.bat
+++ b/configs/keygen.bat
@@ -12,8 +12,8 @@ set PARAM=
 :opt_start\r
 set PARAM=%1\r
 if not defined PARAM goto opt_end\r
-if %1==-cn goto opt_fqdn\r
-if %1==-years goto opt_years\r
+if %1==-h goto opt_fqdn\r
+if %1==-y goto opt_years\r
 goto usage\r
 :opt_end\r
 \r
@@ -44,7 +44,7 @@ shift
 goto opt_start\r
 \r
 :usage\r
-echo usage: keygen [-cn cert common name to use] [-years years to issue cert]\r
+echo usage: keygen [-h hostname/cn for cert] [-y years to issue cert]\r
 exit /b\r
 \r
 :guess_fqdn\r

diff --git a/configs/keygen.sh b/configs/keygen.sh
new file mode 100755 (executable)
index 0000000..0096d42
--- /dev/null
+++ b/configs/keygen.sh
@@ -0,0 +1,32 @@
+#! /bin/sh\r
+\r
+while getopts h:y:b c\r
+     do\r
+         case $c in\r
+           b)         BATCH=1;;\r
+           h)         FQDN=$OPTARG;;\r
+           y)         DAYS=$OPTARG;;\r
+           \?)        echo keygen [-h hostname/cn for cert] [-y years to issue cert]\r
+                      exit 1;;\r
+         esac\r
+     done\r
+\r
+if  [ -e sp-key.pem ] || [ -e sp-cert.pem ] ; then\r
+    if [ -z $BATCH ] ; then  \r
+        echo The files sp-key.pem and/or sp-cert.pem already exist!\r
+        exit 2\r
+    fi\r
+    exit 0\r
+fi\r
+\r
+if [ -z $FQDN ] ; then\r
+    FQDN=`hostname`\r
+fi\r
+\r
+if [ -z $DAYS ] ; then\r
+    DAYS=10\r
+fi\r
+\r
+DAYS=$(($DAYS*365))\r
+\r
+openssl req -x509 -days $DAYS -newkey rsa:2048 -nodes -keyout sp-key.pem -out sp-cert.pem -subj /CN=$FQDN -extensions usr_cert -set_serial 0\r

diff --git a/postinstall b/postinstall
index a75356c..7de6d91 100644 (file)
--- a/postinstall
+++ b/postinstall
@@ -24,4 +24,6 @@ for f in $CONFIGFILES; do
     fi;
     done
 
+sh ./keygen.sh -b
+
 exit 0

diff --git a/shibboleth.spec.in b/shibboleth.spec.in
index 8edd2a8..b37c6b6 100644 (file)
--- a/shibboleth.spec.in
+++ b/shibboleth.spec.in
@@ -66,7 +66,7 @@ Shibboleth Library API documentation generated by doxygen.
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT
-%{__make} install DESTDIR=$RPM_BUILD_ROOT
+%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT
 
 %if "%{_vendor}" == "suse"
        %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \
@@ -130,6 +130,10 @@ fi
        fi
 %endif
 
+# Key generation
+cd %{_sysconfdir}/%{name}
+sh ./keygen.sh -b
+
 %postun
 %ifnos solaris2.8 solaris2.9 solaris2.10
 /sbin/ldconfig
@@ -172,6 +176,7 @@ fi
 %{_sysconfdir}/%{name}/shibd-redhat
 %{_sysconfdir}/%{name}/shibd-debian
 %{_sysconfdir}/%{name}/shibd-osx.plist
+%{_sysconfdir}/%{name}/keygen.sh
 %docdir %{_datadir}/doc/%{name}
 %{_datadir}/doc/%{name}/CREDITS.txt
 %{_datadir}/doc/%{name}/FASTCGI.LICENSE