| 1 | # Copyright 1999-2003 Gentoo Technologies, Inc. |
1 | # Copyright 1999-2004 Gentoo Foundation |
| 2 | # Distributed under the terms of the GNU General Public License v2 |
2 | # Distributed under the terms of the GNU General Public License v2 |
| 3 | # $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.2 2004/04/01 22:08:35 vapier Exp $ |
3 | # $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.14 2007/12/28 17:51:03 ulm Exp $ |
| 4 | # |
4 | # |
| 5 | # Author: Max Kalika <max@gentoo.org> |
5 | # Author: Max Kalika <max@gentoo.org> |
| 6 | # |
6 | # |
| 7 | # This eclass implements standard installation procedure for installing |
7 | # This eclass implements standard installation procedure for installing |
| 8 | # self-signed SSL certificates. |
8 | # self-signed SSL certificates. |
| 9 | |
9 | |
| 10 | ECLASS=ssl-cert |
|
|
| 11 | INHERITED="$INHERITED $ECLASS" |
|
|
| 12 | |
|
|
| 13 | # Conditionally depend on OpenSSL: allows inheretence |
10 | # Conditionally depend on OpenSSL: allows inheretence |
| 14 | # without pulling extra packages if not needed |
11 | # without pulling extra packages if not needed |
| 15 | newdepend "ssl? ( dev-libs/openssl )" |
12 | DEPEND="ssl? ( dev-libs/openssl )" |
|
|
13 | IUSE="ssl" |
| 16 | |
14 | |
| 17 | # Initializes variables and generates the needed |
15 | # Initializes variables and generates the needed |
| 18 | # OpenSSL configuration file and a CA serial file |
16 | # OpenSSL configuration file and a CA serial file |
| 19 | # |
17 | # |
| 20 | # Access: private |
18 | # Access: private |
| 21 | gen_cnf() { |
19 | gen_cnf() { |
| 22 | # Location of the config file |
20 | # Location of the config file |
| 23 | SSL_CONF="${T}/${$}ssl.cnf" |
21 | SSL_CONF="${T}/${$}ssl.cnf" |
| 24 | # Location of the CA serial file |
22 | # Location of the CA serial file |
| 25 | SSL_SERIAL="${T}/${$}ca.ser" |
23 | SSL_SERIAL="${T}/${$}ca.ser" |
| 26 | # Location of some random files OpenSSL can use: don't use |
24 | # Location of some random files OpenSSL can use: don't use |
| 27 | # /dev/u?random here -- doesn't work properly on all platforms |
25 | # /dev/u?random here -- doesn't work properly on all platforms |
| 28 | SSL_RANDOM="${T}/evironment:${T}/eclass-debug.log:/etc/resolv.conf" |
26 | SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" |
| 29 | |
27 | |
| 30 | # These can be overridden in the ebuild |
28 | # These can be overridden in the ebuild |
| 31 | SSL_DAYS="${SSL_BITS:-730}" |
29 | SSL_DAYS="${SSL_DAYS:-730}" |
| 32 | SSL_BITS="${SSL_BITS:-1024}" |
30 | SSL_BITS="${SSL_BITS:-1024}" |
| 33 | SSL_COUNTRY="${SSL_COUNTRY:-US}" |
31 | SSL_COUNTRY="${SSL_COUNTRY:-US}" |
| 34 | SSL_STATE="${SSL_STATE:-California}" |
32 | SSL_STATE="${SSL_STATE:-California}" |
| 35 | SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
33 | SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
| 36 | SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" |
34 | SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" |
| … | |
… | |
| 56 | OU = ${SSL_UNIT} |
54 | OU = ${SSL_UNIT} |
| 57 | CN = ${SSL_COMMONNAME} |
55 | CN = ${SSL_COMMONNAME} |
| 58 | emailAddress = ${SSL_EMAIL} |
56 | emailAddress = ${SSL_EMAIL} |
| 59 | EOF |
57 | EOF |
| 60 | eend $? |
58 | eend $? |
| 61 | |
59 | |
| 62 | return $? |
60 | return $? |
| 63 | } |
61 | } |
| 64 | |
62 | |
| 65 | # Simple function to determine whether we're creating |
63 | # Simple function to determine whether we're creating |
| 66 | # a CA (which should only be done once) or final part |
64 | # a CA (which should only be done once) or final part |
| … | |
… | |
| 140 | return $? |
138 | return $? |
| 141 | } |
139 | } |
| 142 | |
140 | |
| 143 | # Uses all the private functions above to generate |
141 | # Uses all the private functions above to generate |
| 144 | # and install the requested certificates |
142 | # and install the requested certificates |
|
|
143 | # Note: This function is deprecated, use install_cert instead |
| 145 | # |
144 | # |
| 146 | # Access: public |
145 | # Access: public |
| 147 | docert() { |
146 | docert() { |
|
|
147 | ewarn "Function \"docert\" is deprecated for security reasons." |
|
|
148 | ewarn "\"install_cert\" should be used instead. See bug #174759." |
|
|
149 | |
| 148 | if [ $# -lt 1 ] ; then |
150 | if [ $# -lt 1 ] ; then |
| 149 | eerror "At least one argument needed" |
151 | eerror "At least one argument needed" |
| 150 | return 1; |
152 | return 1; |
| 151 | fi |
153 | fi |
| 152 | |
154 | |
| … | |
… | |
| 203 | return 1 |
205 | return 1 |
| 204 | elif [ ${count} != ${#} ] ; then |
206 | elif [ ${count} != ${#} ] ; then |
| 205 | ewarn "Some requested certificates were not generated" |
207 | ewarn "Some requested certificates were not generated" |
| 206 | fi |
208 | fi |
| 207 | } |
209 | } |
|
|
210 | |
|
|
211 | # Uses all the private functions above to generate |
|
|
212 | # and install the requested certificates |
|
|
213 | # |
|
|
214 | # Usage: install_cert <certificates> |
|
|
215 | # where <certificates> are full pathnames relative to ROOT, without extension. |
|
|
216 | # |
|
|
217 | # Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} |
|
|
218 | # |
|
|
219 | # Access: public |
|
|
220 | install_cert() { |
|
|
221 | if [ $# -lt 1 ] ; then |
|
|
222 | eerror "At least one argument needed" |
|
|
223 | return 1; |
|
|
224 | fi |
|
|
225 | |
|
|
226 | case ${EBUILD_PHASE} in |
|
|
227 | unpack|compile|test|install) |
|
|
228 | eerror "install_cert cannot be called in ${EBUILD_PHASE}" |
|
|
229 | return 1 ;; |
|
|
230 | esac |
|
|
231 | |
|
|
232 | # Initialize configuration |
|
|
233 | gen_cnf || return 1 |
|
|
234 | echo |
|
|
235 | |
|
|
236 | # Generate a CA environment |
|
|
237 | gen_key 1 || return 1 |
|
|
238 | gen_csr 1 || return 1 |
|
|
239 | gen_crt 1 || return 1 |
|
|
240 | echo |
|
|
241 | |
|
|
242 | local count=0 |
|
|
243 | for cert in "$@" ; do |
|
|
244 | # Check the requested certificate |
|
|
245 | if [ -z "${cert##*/}" ] ; then |
|
|
246 | ewarn "Invalid certification requested, skipping" |
|
|
247 | continue |
|
|
248 | fi |
|
|
249 | |
|
|
250 | # Check for previous existence of generated files |
|
|
251 | for type in key csr crt pem ; do |
|
|
252 | if [ -e "${ROOT}${cert}.${type}" ] ; then |
|
|
253 | ewarn "${ROOT}${cert}.${type}: exists, skipping" |
|
|
254 | continue 2 |
|
|
255 | fi |
|
|
256 | done |
|
|
257 | |
|
|
258 | # Generate the requested files |
|
|
259 | gen_key || continue |
|
|
260 | gen_csr || continue |
|
|
261 | gen_crt || continue |
|
|
262 | gen_pem || continue |
|
|
263 | echo |
|
|
264 | |
|
|
265 | # Install the generated files and set sane permissions |
|
|
266 | local base=$(get_base) |
|
|
267 | install -d "${ROOT}${cert%/*}" |
|
|
268 | install -m0400 "${base}.key" "${ROOT}${cert}.key" |
|
|
269 | install -m0444 "${base}.csr" "${ROOT}${cert}.csr" |
|
|
270 | install -m0444 "${base}.crt" "${ROOT}${cert}.crt" |
|
|
271 | install -m0400 "${base}.pem" "${ROOT}${cert}.pem" |
|
|
272 | count=$((${count}+1)) |
|
|
273 | done |
|
|
274 | |
|
|
275 | # Resulting status |
|
|
276 | if [ ! ${count} ] ; then |
|
|
277 | eerror "No certificates were generated" |
|
|
278 | return 1 |
|
|
279 | elif [ ${count} != ${#} ] ; then |
|
|
280 | ewarn "Some requested certificates were not generated" |
|
|
281 | fi |
|
|
282 | } |
Parent Directory
| 
Revision Log
| 
Patch