From 5a6319ff56649119ea40940baa9fc75d246ad55d Mon Sep 17 00:00:00 2001 From: cantor Date: Wed, 6 Feb 2008 18:33:51 +0000 Subject: [PATCH] Shell script for key generation. Try and run keygen during various installations. git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2724 cb58f699-b61c-0410-a6fe-9272a202ed29 --- configs/Makefile.am | 7 ++++++- configs/keygen.bat | 6 +++--- configs/keygen.sh | 32 ++++++++++++++++++++++++++++++++ postinstall | 2 ++ shibboleth.spec.in | 7 ++++++- 5 files changed, 49 insertions(+), 5 deletions(-) create mode 100755 configs/keygen.sh diff --git a/configs/Makefile.am b/configs/Makefile.am index 167b0d5..8ffb862 100644 --- a/configs/Makefile.am +++ b/configs/Makefile.am @@ -15,7 +15,8 @@ pkgsysconf_DATA = \ shibd-osx.plist \ apache.config \ apache2.config \ - apache22.config + apache22.config \ + keygen.sh # The config files are installed "special". Unlike the entries in # pkgsysconf_DATA, these files are installed as "foo.dist" and only @@ -104,6 +105,10 @@ install-data-local: all-data-local fi; \ $(INSTALL_DATA) $(srcdir)/$$f $(DESTDIR)${pkgsysconfdir}/$$f.dist; \ done + if test -z $NOKEYGEN ; then + cd $(DESTDIR)$(pkgsysconfdir) + sh ./keygen.sh -b + fi CLEANFILES = \ apache.config \ diff --git a/configs/keygen.bat b/configs/keygen.bat index 49d30a7..f974205 100644 --- a/configs/keygen.bat +++ b/configs/keygen.bat @@ -12,8 +12,8 @@ set PARAM= :opt_start set PARAM=%1 if not defined PARAM goto opt_end -if %1==-cn goto opt_fqdn -if %1==-years goto opt_years +if %1==-h goto opt_fqdn +if %1==-y goto opt_years goto usage :opt_end @@ -44,7 +44,7 @@ shift goto opt_start :usage -echo usage: keygen [-cn cert common name to use] [-years years to issue cert] +echo usage: keygen [-h hostname/cn for cert] [-y years to issue cert] exit /b :guess_fqdn diff --git a/configs/keygen.sh b/configs/keygen.sh new file mode 100755 index 0000000..0096d42 --- /dev/null +++ b/configs/keygen.sh @@ -0,0 +1,32 @@ +#! /bin/sh + +while getopts h:y:b c + do + case $c in + b) BATCH=1;; + h) FQDN=$OPTARG;; + y) DAYS=$OPTARG;; + \?) echo keygen [-h hostname/cn for cert] [-y years to issue cert] + exit 1;; + esac + done + +if [ -e sp-key.pem ] || [ -e sp-cert.pem ] ; then + if [ -z $BATCH ] ; then + echo The files sp-key.pem and/or sp-cert.pem already exist! + exit 2 + fi + exit 0 +fi + +if [ -z $FQDN ] ; then + FQDN=`hostname` +fi + +if [ -z $DAYS ] ; then + DAYS=10 +fi + +DAYS=$(($DAYS*365)) + +openssl req -x509 -days $DAYS -newkey rsa:2048 -nodes -keyout sp-key.pem -out sp-cert.pem -subj /CN=$FQDN -extensions usr_cert -set_serial 0 diff --git a/postinstall b/postinstall index a75356c..7de6d91 100644 --- a/postinstall +++ b/postinstall @@ -24,4 +24,6 @@ for f in $CONFIGFILES; do fi; done +sh ./keygen.sh -b + exit 0 diff --git a/shibboleth.spec.in b/shibboleth.spec.in index 8edd2a8..b37c6b6 100644 --- a/shibboleth.spec.in +++ b/shibboleth.spec.in @@ -66,7 +66,7 @@ Shibboleth Library API documentation generated by doxygen. %install [ "$RPM_BUILD_ROOT" != "/" ] && %{__rm} -rf $RPM_BUILD_ROOT -%{__make} install DESTDIR=$RPM_BUILD_ROOT +%{__make} install NOKEYGEN=1 DESTDIR=$RPM_BUILD_ROOT %if "%{_vendor}" == "suse" %{__sed} -i "s/\/var\/log\/httpd/\/var\/log\/apache2/g" \ @@ -130,6 +130,10 @@ fi fi %endif +# Key generation +cd %{_sysconfdir}/%{name} +sh ./keygen.sh -b + %postun %ifnos solaris2.8 solaris2.9 solaris2.10 /sbin/ldconfig @@ -172,6 +176,7 @@ fi %{_sysconfdir}/%{name}/shibd-redhat %{_sysconfdir}/%{name}/shibd-debian %{_sysconfdir}/%{name}/shibd-osx.plist +%{_sysconfdir}/%{name}/keygen.sh %docdir %{_datadir}/doc/%{name} %{_datadir}/doc/%{name}/CREDITS.txt %{_datadir}/doc/%{name}/FASTCGI.LICENSE -- 2.1.4