[prev in list] [next in list] [prev in thread] [next in thread]
List: lon-capa-cvs
Subject: [LON-CAPA-cvs] cvs: loncom / request_ssl_key.sh
From: raeburn <raeburn () source ! lon-capa ! org>
Date: 2009-01-27 1:23:26
Message-ID: cvsraeburn1233019406 () cvsserver
[Download RAW message or body]
raeburn Tue Jan 27 01:23:26 2009 EDT
Modified files:
/loncom request_ssl_key.sh
Log:
- Need to check for the existence (an ownership) of /home/httpd/lonCerts if run as \
www.
- If the script is actually run from within /home/httpd/lonCerts, lonKey.pem \
doesn't need to be copied (and shouldn't be removed).
Index: loncom/request_ssl_key.sh
diff -u loncom/request_ssl_key.sh:1.1 loncom/request_ssl_key.sh:1.2
--- loncom/request_ssl_key.sh:1.1 Thu Nov 18 23:25:10 2004
+++ loncom/request_ssl_key.sh Tue Jan 27 01:23:26 2009
@@ -3,7 +3,28 @@
MAILADDR=certificate@lon-capa.org # Email the cert request here.
DESTDIR=/home/httpd/lonCerts # Destination for the key file.
DESTUID=www # Who will own the private key.
-DESTGROUP=www # Gropu that owns the private key.
+DESTGROUP=www # Group that will own the private key.
+
+if [ $(whoami) != "$DESTUID" ] && [ $(whoami) != "root" ]; then
+ echo "This script needs to be run either as $DESTUID or root"
+ exit
+fi
+
+if [ $(whoami) != "root" ] ; then
+ if [ -d "$DESTDIR" ] ; then
+ CURROWNER=`stat -c %U $DESTDIR`
+ if [ -L "$DESTDIR" ] ; then
+ echo "$DESTDIR is a symbolic link. You need to remove the link and (as \
root) create $DESTDIR as a directory owned by $DESTUID:$DESTGROUP." + exit
+ elif [ $CURROWNER != $DESTUID ] ; then
+ echo "$DESTUID is not the owner of $DESTDIR. As root you need to change \
ownership of this directory to $DESTUID:$DESTGROUP." + exit
+ fi
+ else
+ echo "You need to create a directory: $DESTDIR (as root) and then change \
ownership of this directory so it is owned by $DESTUID:$DESTGROUP." + exit
+ fi
+fi
openssl req -newkey rsa:1024 -passout pass:loncapa \
-keyout lonKey.enc -keyform PEM \
@@ -11,9 +32,18 @@
openssl rsa -passin pass:loncapa -in lonKey.enc -out lonKey.pem
-install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
-install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
-rm lonKey.{enc,pem}
+if [ $(pwd) != "$DESTDIR" ] ; then
+ if [ !-d "$DESTDIR" ] ; then
+ install -d -m 0750 -o $DESTUID -g $DESTGROUP $DESTDIR
+ fi
+ install -m 0400 -o $DESTUID -g $DESTGROUP lonKey.pem $DESTDIR
+ rm lonKey.pem
+else
+ chmod 0400 lonKey.pem
+fi
+
+rm lonKey.enc
+
mail <CertRequest.pem -s "Certificate Request" $MAILADDR
rm CertRequest.pem
_______________________________________________
LON-CAPA-cvs mailing list
LON-CAPA-cvs@mail.lon-capa.org
http://mail.lon-capa.org/mailman/listinfo/lon-capa-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic