[prev in list] [next in list] [prev in thread] [next in thread]
List: shibboleth-dev
Subject: [Shib-Dev] Patch 2 of 2: Support for -o and -u on keygen.sh script.
From: Steve Traylen <steve.traylen () cern ! ch>
Date: 2010-02-21 19:14:24
Message-ID: df7df9951002211114n3eb25584m208c906466b72037 () mail ! gmail ! com
[Download RAW message or body]
Again to shibboleth-sp-2.3.1.tar.gz
this adds a -u and -o option to the keygen script to set the
ownership of the generated keys or
set a different to default '.' for the output of the keys.
It also uses a mktemp for the CA file location rather than a hardcoded one.
Steve
--
Steve Traylen
["shibboleth-keygen-alt-location.patch" (application/octet-stream)]
diff -uNr shibboleth-2.3.1.ORIG/configs/keygen.sh shibboleth-2.3.1/configs/keygen.sh
--- shibboleth-2.3.1.ORIG/configs/keygen.sh 2010-02-21 19:58:15.442181706 +0100
+++ shibboleth-2.3.1/configs/keygen.sh 2010-02-21 19:58:39.379159272 +0100
@@ -1,23 +1,28 @@
#! /bin/sh
-while getopts h:e:y:bf c
+while getopts h:u:o:e:y:bf c
do
case $c in
+ u) USER=$OPTARG;;
+ o) OUT=$OPTARG;;
b) BATCH=1;;
f) FORCE=1;;
h) FQDN=$OPTARG;;
e) ENTITYID=$OPTARG;;
y) YEARS=$OPTARG;;
- \?) echo keygen [-h hostname for cert] [-y years to issue cert] \
[-e entityID to embed in cert] + \?) echo "keygen [-o output \
directory (default .)] [-u username to own certificates ] [-h hostname for cert] [-y \
years to issue cert] [-e entityID to embed in cert]" exit 1;;
esac
done
+if [ -z "$OUT" ] ; then
+ OUT=.
+fi
if [ -n "$FORCE" ] ; then
- rm sp-key.pem sp-cert.pem
+ rm $OUT/sp-key.pem $OUT/sp-cert.pem
fi
-if [ -s sp-key.pem -o -s sp-cert.pem ] ; then
+if [ -s $OUT/sp-key.pem -o -s $OUT/sp-cert.pem ] ; then
if [ -z "$BATCH" ] ; then
echo The files sp-key.pem and/or sp-cert.pem already exist!
echo Use -f option to force recreation of keypair.
@@ -42,7 +47,8 @@
ALTNAME=DNS:$FQDN,URI:$ENTITYID
fi
-cat >sp-cert.cnf <<EOF
+SSLCNF=`mktemp`
+cat >$SSLCNF <<EOF
# OpenSSL configuration file for creating sp-cert.pem
[req]
prompt=no
@@ -61,13 +67,18 @@
EOF
if [ -z "$BATCH" ] ; then
- openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out \
sp-cert.pem + openssl req -config $SSLCNF -new -x509 -days $DAYS -keyout \
$OUT/sp-key.pem -out $OUT/sp-cert.pem else
- openssl req -config sp-cert.cnf -new -x509 -days $DAYS -keyout sp-key.pem -out \
sp-cert.pem 2> /dev/null + openssl req -config $SSLCNF -new -x509 -days $DAYS \
-keyout $OUT/sp-key.pem -out $OUT/sp-cert.pem 2> /dev/null fi
-rm sp-cert.cnf
-if [ -s sp-key.pem ] ; then
- chmod 600 sp-key.pem
+
+if [ -s $OUT/sp-key.pem ] ; then
+ chmod 600 $OUT/sp-key.pem
+ if [ -n "$USER" ] ; then
+ chown $USER:$USER $OUT/sp-key.pem $OUT/sp-cert.pem
+ fi
fi
+
+rm $SSLCNF
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic