/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.8 Revision 1.15
1# Copyright 1999-2004 Gentoo Foundation 1# Copyright 1999-2004 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.8 2005/07/06 21:01:21 agriffis Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
4# 4#
5# Author: Max Kalika <max@gentoo.org> 5# Author: Max Kalika <max@gentoo.org>
6# 6#
7# This eclass implements standard installation procedure for installing 7# This eclass implements standard installation procedure for installing
8# self-signed SSL certificates. 8# self-signed SSL certificates.
10# Conditionally depend on OpenSSL: allows inheretence 10# Conditionally depend on OpenSSL: allows inheretence
11# without pulling extra packages if not needed 11# without pulling extra packages if not needed
12DEPEND="ssl? ( dev-libs/openssl )" 12DEPEND="ssl? ( dev-libs/openssl )"
13IUSE="ssl" 13IUSE="ssl"
14 14
15# Initializes variables and generates the needed 15# Initializes variables and generates the needed
16# OpenSSL configuration file and a CA serial file 16# OpenSSL configuration file and a CA serial file
17# 17#
18# Access: private 18# Access: private
19gen_cnf() { 19gen_cnf() {
20 # Location of the config file 20 # Location of the config file
24 # Location of some random files OpenSSL can use: don't use 24 # Location of some random files OpenSSL can use: don't use
25 # /dev/u?random here -- doesn't work properly on all platforms 25 # /dev/u?random here -- doesn't work properly on all platforms
26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" 26 SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf"
27 27
28 # These can be overridden in the ebuild 28 # These can be overridden in the ebuild
29 SSL_DAYS="${SSL_BITS:-730}" 29 SSL_DAYS="${SSL_DAYS:-730}"
30 SSL_BITS="${SSL_BITS:-1024}" 30 SSL_BITS="${SSL_BITS:-1024}"
31 SSL_COUNTRY="${SSL_COUNTRY:-US}" 31 SSL_COUNTRY="${SSL_COUNTRY:-US}"
32 SSL_STATE="${SSL_STATE:-California}" 32 SSL_STATE="${SSL_STATE:-California}"
33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" 33 SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}"
34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" 34 SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}"
54 OU = ${SSL_UNIT} 54 OU = ${SSL_UNIT}
55 CN = ${SSL_COMMONNAME} 55 CN = ${SSL_COMMONNAME}
56 emailAddress = ${SSL_EMAIL} 56 emailAddress = ${SSL_EMAIL}
57 EOF 57 EOF
58 eend $? 58 eend $?
59 59
60 return $? 60 return $?
61} 61}
62 62
63# Simple function to determine whether we're creating 63# Simple function to determine whether we're creating
64# a CA (which should only be done once) or final part 64# a CA (which should only be done once) or final part
136 eend $? 136 eend $?
137 137
138 return $? 138 return $?
139} 139}
140 140
141# Removed due to bug 174759
142docert() {
143 eerror "Function \"docert\" has been removed for security reasons."
144 eerror "\"install_cert\" should be used instead. See bug 174759."
145 die
146}
147
141# Uses all the private functions above to generate 148# Uses all the private functions above to generate
142# and install the requested certificates 149# and install the requested certificates
143# 150#
151# Usage: install_cert <certificates>
152# where <certificates> are full pathnames relative to ROOT, without extension.
153#
154# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
155#
144# Access: public 156# Access: public
145docert() { 157install_cert() {
146 if [ $# -lt 1 ] ; then 158 if [ $# -lt 1 ] ; then
147 eerror "At least one argument needed" 159 eerror "At least one argument needed"
148 return 1; 160 return 1;
149 fi 161 fi
162
163 case ${EBUILD_PHASE} in
164 unpack|compile|test|install)
165 eerror "install_cert cannot be called in ${EBUILD_PHASE}"
166 return 1 ;;
167 esac
150 168
151 # Initialize configuration 169 # Initialize configuration
152 gen_cnf || return 1 170 gen_cnf || return 1
153 echo 171 echo
154 172
158 gen_crt 1 || return 1 176 gen_crt 1 || return 1
159 echo 177 echo
160 178
161 local count=0 179 local count=0
162 for cert in "$@" ; do 180 for cert in "$@" ; do
163 # Sanitize and check the requested certificate 181 # Check the requested certificate
164 cert="`/usr/bin/basename "${cert}"`"
165 if [ -z "${cert}" ] ; then 182 if [ -z "${cert##*/}" ] ; then
166 ewarn "Invalid certification requested, skipping" 183 ewarn "Invalid certification requested, skipping"
167 continue 184 continue
168 fi 185 fi
169 186
170 # Check for previous existence of generated files 187 # Check for previous existence of generated files
171 for type in key crt pem ; do 188 for type in key csr crt pem ; do
172 if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then 189 if [ -e "${ROOT}${cert}.${type}" ] ; then
173 ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping" 190 ewarn "${ROOT}${cert}.${type}: exists, skipping"
174 continue 2 191 continue 2
175 fi 192 fi
176 done 193 done
177 194
178 # Generate the requested files 195 # Generate the requested files
181 gen_crt || continue 198 gen_crt || continue
182 gen_pem || continue 199 gen_pem || continue
183 echo 200 echo
184 201
185 # Install the generated files and set sane permissions 202 # Install the generated files and set sane permissions
186 local base=`get_base` 203 local base=$(get_base)
204 install -d "${ROOT}${cert%/*}"
187 newins "${base}.key" "${cert}.key" 205 install -m0400 "${base}.key" "${ROOT}${cert}.key"
188 fperms 0400 "${INSDESTTREE}/${cert}.key"
189 newins "${base}.csr" "${cert}.csr" 206 install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
190 fperms 0444 "${INSDESTTREE}/${cert}.csr"
191 newins "${base}.crt" "${cert}.crt" 207 install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
192 fperms 0444 "${INSDESTTREE}/${cert}.crt"
193 newins "${base}.pem" "${cert}.pem" 208 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
194 fperms 0400 "${INSDESTTREE}/${cert}.pem"
195 count=$((${count}+1)) 209 count=$((${count}+1))
196 done 210 done
197 211
198 # Resulting status 212 # Resulting status
199 if [ ! ${count} ] ; then 213 if [ ! ${count} ] ; then

Legend:
Removed from v.1.8  
changed lines
  Added in v.1.15

  ViewVC Help
Powered by ViewVC 1.1.20