/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1.1.1 Revision 1.14
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.1.1.1 2005/11/30 09:59:20 chriswhite Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.14 2007/12/28 17:51:03 ulm Exp $
4# 4#
5# Author: Max Kalika <max@gentoo.org> 5# Author: Max Kalika <max@gentoo.org>
6# 6#
7# This eclass implements standard installation procedure for installing 7# This eclass implements standard installation procedure for installing
8# self-signed SSL certificates. 8# self-signed SSL certificates.
24 # Location of some random files OpenSSL can use: don't use 24 # Location of some random files OpenSSL can use: don't use
25 # /dev/u?random here -- doesn't work properly on all platforms 25 # /dev/u?random here -- doesn't work properly on all platforms
26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" 26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf"
27 27
28 # These can be overridden in the ebuild 28 # These can be overridden in the ebuild
29 SSL_DAYS="${SSL_BITS:-730}" 29 SSL_DAYS="${SSL_DAYS:-730}"
30 SSL_BITS="${SSL_BITS:-1024}" 30 SSL_BITS="${SSL_BITS:-1024}"
31 SSL_COUNTRY="${SSL_COUNTRY:-US}" 31 SSL_COUNTRY="${SSL_COUNTRY:-US}"
32 SSL_STATE="${SSL_STATE:-California}" 32 SSL_STATE="${SSL_STATE:-California}"
33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" 33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" 34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}"
138 return $? 138 return $?
139} 139}
140 140
141# Uses all the private functions above to generate 141# Uses all the private functions above to generate
142# and install the requested certificates 142# and install the requested certificates
143# Note: This function is deprecated, use install_cert instead
143# 144#
144# Access: public 145# Access: public
145docert() { 146docert() {
147 ewarn "Function \"docert\" is deprecated for security reasons."
148 ewarn "\"install_cert\" should be used instead. See bug #174759."
149
146 if [ $# -lt 1 ] ; then 150 if [ $# -lt 1 ] ; then
147 eerror "At least one argument needed" 151 eerror "At least one argument needed"
148 return 1; 152 return 1;
149 fi 153 fi
150 154
201 return 1 205 return 1
202 elif [ ${count} != ${#} ] ; then 206 elif [ ${count} != ${#} ] ; then
203 ewarn "Some requested certificates were not generated" 207 ewarn "Some requested certificates were not generated"
204 fi 208 fi
205} 209}
210
211# Uses all the private functions above to generate
212# and install the requested certificates
213#
214# Usage: install_cert <certificates>
215# where <certificates> are full pathnames relative to ROOT, without extension.
216#
217# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
218#
219# Access: public
220install_cert() {
221 if [ $# -lt 1 ] ; then
222 eerror "At least one argument needed"
223 return 1;
224 fi
225
226 case ${EBUILD_PHASE} in
227 unpack|compile|test|install)
228 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
229 return 1 ;;
230 esac
231
232 # Initialize configuration
233 gen_cnf || return 1
234 echo
235
236 # Generate a CA environment
237 gen_key 1 || return 1
238 gen_csr 1 || return 1
239 gen_crt 1 || return 1
240 echo
241
242 local count=0
243 for cert in "$@" ; do
244 # Check the requested certificate
245 if [ -z "${cert##*/}" ] ; then
246 ewarn "Invalid certification requested, skipping"
247 continue
248 fi
249
250 # Check for previous existence of generated files
251 for type in key csr crt pem ; do
252 if [ -e "${ROOT}${cert}.${type}" ] ; then
253 ewarn "${ROOT}${cert}.${type}: exists, skipping"
254 continue 2
255 fi
256 done
257
258 # Generate the requested files
259 gen_key || continue
260 gen_csr || continue
261 gen_crt || continue
262 gen_pem || continue
263 echo
264
265 # Install the generated files and set sane permissions
266 local base=$(get_base)
267 install -d "${ROOT}${cert%/*}"
268 install -m0400 "${base}.key" "${ROOT}${cert}.key"
269 install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
270 install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
271 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
272 count=$((${count}+1))
273 done
274
275 # Resulting status
276 if [ ! ${count} ] ; then
277 eerror "No certificates were generated"
278 return 1
279 elif [ ${count} != ${#} ] ; then
280 ewarn "Some requested certificates were not generated"
281 fi
282}

Legend:
Removed from v.1.1.1.1  
changed lines
  Added in v.1.14

  ViewVC Help
Powered by ViewVC 1.1.20