| 1 | # Copyright 1999-2004 Gentoo Foundation |
1 | # Copyright 1999-2004 Gentoo Foundation |
| 2 | # Distributed under the terms of the GNU General Public License v2 |
2 | # Distributed under the terms of the GNU General Public License v2 |
| 3 | # $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.8 2005/07/06 21:01:21 agriffis Exp $ |
3 | # $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $ |
| 4 | # |
4 | # |
| 5 | # Author: Max Kalika <max@gentoo.org> |
5 | # Author: Max Kalika <max@gentoo.org> |
| 6 | # |
6 | # |
| 7 | # This eclass implements standard installation procedure for installing |
7 | # This eclass implements standard installation procedure for installing |
| 8 | # self-signed SSL certificates. |
8 | # self-signed SSL certificates. |
| … | |
… | |
| 10 | # Conditionally depend on OpenSSL: allows inheretence |
10 | # Conditionally depend on OpenSSL: allows inheretence |
| 11 | # without pulling extra packages if not needed |
11 | # without pulling extra packages if not needed |
| 12 | DEPEND="ssl? ( dev-libs/openssl )" |
12 | DEPEND="ssl? ( dev-libs/openssl )" |
| 13 | IUSE="ssl" |
13 | IUSE="ssl" |
| 14 | |
14 | |
| 15 | # Initializes variables and generates the needed |
15 | # Initializes variables and generates the needed |
| 16 | # OpenSSL configuration file and a CA serial file |
16 | # OpenSSL configuration file and a CA serial file |
| 17 | # |
17 | # |
| 18 | # Access: private |
18 | # Access: private |
| 19 | gen_cnf() { |
19 | gen_cnf() { |
| 20 | # Location of the config file |
20 | # Location of the config file |
| … | |
… | |
| 24 | # Location of some random files OpenSSL can use: don't use |
24 | # Location of some random files OpenSSL can use: don't use |
| 25 | # /dev/u?random here -- doesn't work properly on all platforms |
25 | # /dev/u?random here -- doesn't work properly on all platforms |
| 26 | SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" |
26 | SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf" |
| 27 | |
27 | |
| 28 | # These can be overridden in the ebuild |
28 | # These can be overridden in the ebuild |
| 29 | SSL_DAYS="${SSL_BITS:-730}" |
29 | SSL_DAYS="${SSL_DAYS:-730}" |
| 30 | SSL_BITS="${SSL_BITS:-1024}" |
30 | SSL_BITS="${SSL_BITS:-1024}" |
| 31 | SSL_COUNTRY="${SSL_COUNTRY:-US}" |
31 | SSL_COUNTRY="${SSL_COUNTRY:-US}" |
| 32 | SSL_STATE="${SSL_STATE:-California}" |
32 | SSL_STATE="${SSL_STATE:-California}" |
| 33 | SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
33 | SSL_LOCALITY="${SSL_LOCALITY:-Santa Barbara}" |
| 34 | SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" |
34 | SSL_ORGANIZATION="${SSL_ORGANIZATION:-SSL Server}" |
| … | |
… | |
| 54 | OU = ${SSL_UNIT} |
54 | OU = ${SSL_UNIT} |
| 55 | CN = ${SSL_COMMONNAME} |
55 | CN = ${SSL_COMMONNAME} |
| 56 | emailAddress = ${SSL_EMAIL} |
56 | emailAddress = ${SSL_EMAIL} |
| 57 | EOF |
57 | EOF |
| 58 | eend $? |
58 | eend $? |
| 59 | |
59 | |
| 60 | return $? |
60 | return $? |
| 61 | } |
61 | } |
| 62 | |
62 | |
| 63 | # Simple function to determine whether we're creating |
63 | # Simple function to determine whether we're creating |
| 64 | # a CA (which should only be done once) or final part |
64 | # a CA (which should only be done once) or final part |
| … | |
… | |
| 136 | eend $? |
136 | eend $? |
| 137 | |
137 | |
| 138 | return $? |
138 | return $? |
| 139 | } |
139 | } |
| 140 | |
140 | |
|
|
141 | # Removed due to bug 174759 |
|
|
142 | docert() { |
|
|
143 | eerror "Function \"docert\" has been removed for security reasons." |
|
|
144 | eerror "\"install_cert\" should be used instead. See bug 174759." |
|
|
145 | die |
|
|
146 | } |
|
|
147 | |
| 141 | # Uses all the private functions above to generate |
148 | # Uses all the private functions above to generate |
| 142 | # and install the requested certificates |
149 | # and install the requested certificates |
| 143 | # |
150 | # |
|
|
151 | # Usage: install_cert <certificates> |
|
|
152 | # where <certificates> are full pathnames relative to ROOT, without extension. |
|
|
153 | # |
|
|
154 | # Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} |
|
|
155 | # |
| 144 | # Access: public |
156 | # Access: public |
| 145 | docert() { |
157 | install_cert() { |
| 146 | if [ $# -lt 1 ] ; then |
158 | if [ $# -lt 1 ] ; then |
| 147 | eerror "At least one argument needed" |
159 | eerror "At least one argument needed" |
| 148 | return 1; |
160 | return 1; |
| 149 | fi |
161 | fi |
|
|
162 | |
|
|
163 | case ${EBUILD_PHASE} in |
|
|
164 | unpack|compile|test|install) |
|
|
165 | eerror "install_cert cannot be called in ${EBUILD_PHASE}" |
|
|
166 | return 1 ;; |
|
|
167 | esac |
| 150 | |
168 | |
| 151 | # Initialize configuration |
169 | # Initialize configuration |
| 152 | gen_cnf || return 1 |
170 | gen_cnf || return 1 |
| 153 | echo |
171 | echo |
| 154 | |
172 | |
| … | |
… | |
| 158 | gen_crt 1 || return 1 |
176 | gen_crt 1 || return 1 |
| 159 | echo |
177 | echo |
| 160 | |
178 | |
| 161 | local count=0 |
179 | local count=0 |
| 162 | for cert in "$@" ; do |
180 | for cert in "$@" ; do |
| 163 | # Sanitize and check the requested certificate |
181 | # Check the requested certificate |
| 164 | cert="`/usr/bin/basename "${cert}"`" |
|
|
| 165 | if [ -z "${cert}" ] ; then |
182 | if [ -z "${cert##*/}" ] ; then |
| 166 | ewarn "Invalid certification requested, skipping" |
183 | ewarn "Invalid certification requested, skipping" |
| 167 | continue |
184 | continue |
| 168 | fi |
185 | fi |
| 169 | |
186 | |
| 170 | # Check for previous existence of generated files |
187 | # Check for previous existence of generated files |
| 171 | for type in key crt pem ; do |
188 | for type in key csr crt pem ; do |
| 172 | if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then |
189 | if [ -e "${ROOT}${cert}.${type}" ] ; then |
| 173 | ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping" |
190 | ewarn "${ROOT}${cert}.${type}: exists, skipping" |
| 174 | continue 2 |
191 | continue 2 |
| 175 | fi |
192 | fi |
| 176 | done |
193 | done |
| 177 | |
194 | |
| 178 | # Generate the requested files |
195 | # Generate the requested files |
| … | |
… | |
| 181 | gen_crt || continue |
198 | gen_crt || continue |
| 182 | gen_pem || continue |
199 | gen_pem || continue |
| 183 | echo |
200 | echo |
| 184 | |
201 | |
| 185 | # Install the generated files and set sane permissions |
202 | # Install the generated files and set sane permissions |
| 186 | local base=`get_base` |
203 | local base=$(get_base) |
|
|
204 | install -d "${ROOT}${cert%/*}" |
| 187 | newins "${base}.key" "${cert}.key" |
205 | install -m0400 "${base}.key" "${ROOT}${cert}.key" |
| 188 | fperms 0400 "${INSDESTTREE}/${cert}.key" |
|
|
| 189 | newins "${base}.csr" "${cert}.csr" |
206 | install -m0444 "${base}.csr" "${ROOT}${cert}.csr" |
| 190 | fperms 0444 "${INSDESTTREE}/${cert}.csr" |
|
|
| 191 | newins "${base}.crt" "${cert}.crt" |
207 | install -m0444 "${base}.crt" "${ROOT}${cert}.crt" |
| 192 | fperms 0444 "${INSDESTTREE}/${cert}.crt" |
|
|
| 193 | newins "${base}.pem" "${cert}.pem" |
208 | install -m0400 "${base}.pem" "${ROOT}${cert}.pem" |
| 194 | fperms 0400 "${INSDESTTREE}/${cert}.pem" |
|
|
| 195 | count=$((${count}+1)) |
209 | count=$((${count}+1)) |
| 196 | done |
210 | done |
| 197 | |
211 | |
| 198 | # Resulting status |
212 | # Resulting status |
| 199 | if [ ! ${count} ] ; then |
213 | if [ ! ${count} ] ; then |
Parent Directory
| 
Revision Log
| 
Patch