/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.10 Revision 1.15
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.10 2007/12/07 22:41:04 ulm Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
4# 4#
5# Author: Max Kalika <max@gentoo.org> 5# Author: Max Kalika <max@gentoo.org>
6# 6#
7# This eclass implements standard installation procedure for installing 7# This eclass implements standard installation procedure for installing
8# self-signed SSL certificates. 8# self-signed SSL certificates.
24 # Location of some random files OpenSSL can use: don't use 24 # Location of some random files OpenSSL can use: don't use
25 # /dev/u?random here -- doesn't work properly on all platforms 25 # /dev/u?random here -- doesn't work properly on all platforms
26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" 26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf"
27 27
28 # These can be overridden in the ebuild 28 # These can be overridden in the ebuild
29 SSL_DAYS="${SSL_BITS:-730}" 29 SSL_DAYS="${SSL_DAYS:-730}"
30 SSL_BITS="${SSL_BITS:-1024}" 30 SSL_BITS="${SSL_BITS:-1024}"
31 SSL_COUNTRY="${SSL_COUNTRY:-US}" 31 SSL_COUNTRY="${SSL_COUNTRY:-US}"
32 SSL_STATE="${SSL_STATE:-California}" 32 SSL_STATE="${SSL_STATE:-California}"
33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" 33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" 34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}"
136 eend $? 136 eend $?
137 137
138 return $? 138 return $?
139} 139}
140 140
141# Removed due to bug 174759
142docert() {
143 eerror "Function \"docert\" has been removed for security reasons."
144 eerror "\"install_cert\" should be used instead. See bug 174759."
145 die
146}
147
141# Uses all the private functions above to generate 148# Uses all the private functions above to generate
142# and install the requested certificates 149# and install the requested certificates
143# Note: This function is deprecated, use install_cert instead
144# 150#
145# Access: public 151# Usage: install_cert <certificates>
146docert() { 152# where <certificates> are full pathnames relative to ROOT, without extension.
147 if [ $# -lt 1 ] ; then 153#
148 eerror "At least one argument needed" 154# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
149 return 1;
150 fi
151
152 # Initialize configuration
153 gen_cnf || return 1
154 echo
155
156 # Generate a CA environment
157 gen_key 1 || return 1
158 gen_csr 1 || return 1
159 gen_crt 1 || return 1
160 echo
161
162 local count=0
163 for cert in "$@" ; do
164 # Sanitize and check the requested certificate
165 cert="`/usr/bin/basename "${cert}"`"
166 if [ -z "${cert}" ] ; then
167 ewarn "Invalid certification requested, skipping"
168 continue
169 fi
170
171 # Check for previous existence of generated files
172 for type in key crt pem ; do
173 if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
174 ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
175 continue 2
176 fi
177 done
178
179 # Generate the requested files
180 gen_key || continue
181 gen_csr || continue
182 gen_crt || continue
183 gen_pem || continue
184 echo
185
186 # Install the generated files and set sane permissions
187 local base=`get_base`
188 newins "${base}.key" "${cert}.key"
189 fperms 0400 "${INSDESTTREE}/${cert}.key"
190 newins "${base}.csr" "${cert}.csr"
191 fperms 0444 "${INSDESTTREE}/${cert}.csr"
192 newins "${base}.crt" "${cert}.crt"
193 fperms 0444 "${INSDESTTREE}/${cert}.crt"
194 newins "${base}.pem" "${cert}.pem"
195 fperms 0400 "${INSDESTTREE}/${cert}.pem"
196 count=$((${count}+1))
197 done
198
199 # Resulting status
200 if [ ! ${count} ] ; then
201 eerror "No certificates were generated"
202 return 1
203 elif [ ${count} != ${#} ] ; then
204 ewarn "Some requested certificates were not generated"
205 fi
206}
207
208# Uses all the private functions above to generate
209# and install the requested certificates
210# 155#
211# Access: public 156# Access: public
212install_cert() { 157install_cert() {
213 if [ $# -lt 1 ] ; then 158 if [ $# -lt 1 ] ; then
214 eerror "At least one argument needed" 159 eerror "At least one argument needed"

Legend:
Removed from v.1.10  
changed lines
  Added in v.1.15

  ViewVC Help
Powered by ViewVC 1.1.20