Move key generation to the post-install stage
Don't package any keys. Generate the keys only if they are missing. Keep the keys on uninstall. For TLS keys, increase validity to 10 years. No need to have xrdp stop working in one year.
This commit is contained in:
parent
85247383dc
commit
1ab54b8592
24
xrdp.spec
24
xrdp.spec
@ -29,6 +29,7 @@ Requires: tigervnc-server-minimal
|
|||||||
|
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
Requires(post): systemd-sysv
|
Requires(post): systemd-sysv
|
||||||
|
Requires(post): openssl
|
||||||
Requires(preun): systemd
|
Requires(preun): systemd
|
||||||
Requires(postun): systemd
|
Requires(postun): systemd
|
||||||
|
|
||||||
@ -60,6 +61,9 @@ echo '#!/bin/bash -l
|
|||||||
#install logrotate /etc/logrotate.d/xrdp
|
#install logrotate /etc/logrotate.d/xrdp
|
||||||
%{__install} -Dp -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/xrdp
|
%{__install} -Dp -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/xrdp
|
||||||
|
|
||||||
|
#install openssl.conf /etc/xrdp
|
||||||
|
%{__install} -Dp -m 644 keygen/openssl.conf %{buildroot}%{_sysconfdir}/xrdp/openssl.conf
|
||||||
|
|
||||||
#install log file /var/log/xrdp-sesman.log
|
#install log file /var/log/xrdp-sesman.log
|
||||||
%{__mkdir} -p %{buildroot}%{_localstatedir}/log/
|
%{__mkdir} -p %{buildroot}%{_localstatedir}/log/
|
||||||
touch %{buildroot}%{_localstatedir}/log/xrdp-sesman.log
|
touch %{buildroot}%{_localstatedir}/log/xrdp-sesman.log
|
||||||
@ -75,8 +79,18 @@ touch %{buildroot}%{_sysconfdir}/xrdp/rsakeys.ini
|
|||||||
%post
|
%post
|
||||||
%systemd_post xrdp.service
|
%systemd_post xrdp.service
|
||||||
|
|
||||||
xrdp-keygen xrdp %{_sysconfdir}/xrdp/rsakeys.ini > /dev/null
|
if [ ! -f %{_sysconfdir}/xrdp/rsakeys.ini ]; then
|
||||||
%{__chmod} 0600 %{_sysconfdir}/xrdp/rsakeys.ini
|
xrdp-keygen xrdp %{_sysconfdir}/xrdp/rsakeys.ini > /dev/null
|
||||||
|
%{__chmod} 0600 %{_sysconfdir}/xrdp/rsakeys.ini
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f %{_sysconfdir}/xrdp/cert.pem ]; then
|
||||||
|
openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \
|
||||||
|
-keyout %{_sysconfdir}/xrdp/key.pem \
|
||||||
|
-out %{_sysconfdir}/xrdp/cert.pem \
|
||||||
|
-subj /C=US/ST=CA/L=Sunnyvale/O=xrdp/CN=www.xrdp.org \
|
||||||
|
-config %{_sysconfdir}/xrdp/openssl.conf
|
||||||
|
fi
|
||||||
|
|
||||||
%preun
|
%preun
|
||||||
%systemd_preun xrdp.service
|
%systemd_preun xrdp.service
|
||||||
@ -110,8 +124,12 @@ fi
|
|||||||
%config(noreplace) %{_sysconfdir}/sysconfig/xrdp
|
%config(noreplace) %{_sysconfdir}/sysconfig/xrdp
|
||||||
%config(noreplace) %{_sysconfdir}/xrdp/sesman.ini
|
%config(noreplace) %{_sysconfdir}/xrdp/sesman.ini
|
||||||
%{_sysconfdir}/xrdp/*.sh
|
%{_sysconfdir}/xrdp/*.sh
|
||||||
%{_sysconfdir}/xrdp/*.pem
|
%exclude %ghost %{_sysconfdir}/xrdp/*.pem
|
||||||
|
%exclude %ghost %{_sysconfdir}/xrdp/rsakeys.ini
|
||||||
%{_sysconfdir}/xrdp/km*.ini
|
%{_sysconfdir}/xrdp/km*.ini
|
||||||
|
%{_sysconfdir}/xrdp/openssl.conf
|
||||||
|
%{_sysconfdir}/xrdp/sesman.ini
|
||||||
|
%{_sysconfdir}/xrdp/xrdp.ini
|
||||||
%{_sysconfdir}/xrdp/xrdp_keyboard.ini
|
%{_sysconfdir}/xrdp/xrdp_keyboard.ini
|
||||||
%{_bindir}/xrdp-genkeymap
|
%{_bindir}/xrdp-genkeymap
|
||||||
%{_bindir}/xrdp-sesadmin
|
%{_bindir}/xrdp-sesadmin
|
||||||
|
Loading…
Reference in New Issue
Block a user