From f23808cc97270897acdd5b5bdf180c46b082946b Mon Sep 17 00:00:00 2001 From: Praveen K Paladugu Date: Tue, 10 Aug 2010 10:19:08 -0500 Subject: [PATCH] Moving the certificate generation from init script --- openwsman-initscript.patch | 100 ++++++++++++++++++++++++++++++------- openwsman.spec | 6 ++- 2 files changed, 88 insertions(+), 18 deletions(-) diff --git a/openwsman-initscript.patch b/openwsman-initscript.patch index 8d5b16f..c6f8aad 100644 --- a/openwsman-initscript.patch +++ b/openwsman-initscript.patch @@ -1,6 +1,6 @@ -diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init/openwsmand.sh.in ---- openwsman-2.2.3/etc/init/openwsmand.sh.in.orig 2010-04-22 09:36:29.186800378 -0500 -+++ openwsman-2.2.3/etc/init/openwsmand.sh.in 2010-04-22 09:38:15.507820659 -0500 +diff -up ./etc/init/openwsmand.sh.in.old ./etc/init/openwsmand.sh.in +--- ./etc/init/openwsmand.sh.in.old 2010-08-04 16:43:40.212100948 -0500 ++++ ./etc/init/openwsmand.sh.in 2010-08-04 17:26:20.013849220 -0500 @@ -4,15 +4,15 @@ # Provides: openwsmand # Required-Start: $remote_fs @@ -20,27 +20,93 @@ diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init # description: Openwsman Daemon # processname: openwsmand -@@ -61,7 +61,7 @@ start() - if [ "x${FQDN}" = "x" ]; then - FQDN=localhost.localdomain - fi +@@ -56,20 +56,16 @@ start() + echo "Using common server certificate /etc/ssl/servercerts/servercert.pem" + ln -s /etc/ssl/servercerts/server{cert,key}.pem @SYSCONFDIR@ + else +- echo "Generating Openwsman server public certificate and private key" +- FQDN=`hostname --fqdn` +- if [ "x${FQDN}" = "x" ]; then +- FQDN=localhost.localdomain +- fi -cat << EOF | sh @SYSCONFDIR@/owsmangencert.sh > /dev/null 2>&1 -+cat << EOF | sh @libexecdir@/openwsman/owsmangencert.sh > /dev/null 2>&1 - -- - SomeState - SomeCity -@@ -145,8 +145,13 @@ case "$1" in +--- +-SomeState +-SomeCity +-SomeOrganization +-SomeOrganizationalUnit +-${FQDN} +-root@${FQDN} +-EOF ++ echo "FAILED: Starting openwsman server" ++ echo "There is no ssl server key available for openwsman server to use." ++ echo -e "Please generate one with the following script and start the openwsman service again:\n" ++ echo "##################################" ++ echo "/etc/openwsman/owsmangencert.sh" ++ echo "=================================" ++ ++ echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key." ++ echo -e " If this takes too long, you can replace the value of \"RANDFILE\" in @SYSCONFDIR@/ssleay.cnf with /dev/urandom.\n Please understand the implications of doing do." ++ + fi + fi + +@@ -145,6 +141,10 @@ case "$1" in fi ;; -+ + condrestart) + [ -e $lockfile ] && restart -+ ++ ;; + *) -- echo "Usage: $0 {restart|start|stop|reload|force-reload|status}" -+ echo "Usage: $0 {restart|start|stop|reload|force-reload|status|condrestart}" + echo "Usage: $0 {restart|start|stop|reload|force-reload|status}" esac +diff -up ./etc/owsmangencert.sh.in.old ./etc/owsmangencert.sh.in +--- ./etc/owsmangencert.sh.in.old 2010-08-04 17:14:31.241100874 -0500 ++++ ./etc/owsmangencert.sh.in 2010-08-04 17:21:02.944850958 -0500 +@@ -1,7 +1,5 @@ + #!/bin/sh + +-#!/bin/sh -e +- + CERTFILE=@SYSCONFDIR@/servercert.pem + KEYFILE=@SYSCONFDIR@/serverkey.pem + CNFFILE=@SYSCONFDIR@/ssleay.cnf +@@ -15,19 +13,33 @@ if [ "$1" = "--force" ]; then + shift + fi + ++FQDN=`hostname --fqdn` ++ if [ "x${FQDN}" = "x" ]; then ++ FQDN=localhost.localdomain ++ fi + echo + echo creating selfsingned certificate + echo "replace it with one signed by a certification authority (CA)" + echo +-echo enter your ServerName at the Common Name prompt ++#echo enter your ServerName at the Common Name prompt + echo + + # use special .cnf, because with normal one no valid selfsigned + # certificate is created + +-export RANDFILE=/dev/random +-openssl req -days 365 $@ -config $CNFFILE \ ++#export RANDFILE=/dev/random ++cat < - 2.2.3-7 +- Moved the certificate generation from init script. The user will have to +- generate the certificate manually. + * Mon Aug 2 2010 Praveen K Paladugu - 2.2.3-6 - Fixed the version checking of swig and forced all the ruby files to be - installed into site{lib,arch} dirs