Move SSL certificate generation into the systemd service file

2013-12-13 11:16:16 -05:00 · 2013-12-13 11:16:16 -05:00 · 0946d29648
commit 0946d29648
parent d21c1baf70
3 changed files with 24 additions and 16 deletions
--- a/14
+++ b/14
@ -0,0 +1,14 @@
 #!/bin/bash
 cd /etc/Pegasus
 if [ ! -e /etc/Pegasus/ssl.cnf ] || [ ! -e /etc/Pegasus/server.pem ] ||
     [ ! -e /etc/Pegasus/file.pem ]  || [ ! -e /etc/Pegasus/client.pem ]; then
         if [ -x /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts ]; then
            # Create self-signed certificates for initial usage
            /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts
            # Add the self-signed certificate to the local trust store
            cp /etc/Pegasus/ca.crt \
               /etc/pki/ca-trust/source/anchors/localhost-pegasus.pem
            /usr/bin/update-ca-trust extract
         fi;
      fi;
--- a/tog-pegasus.service
+++ b/tog-pegasus.service
@ -4,6 +4,7 @@ After=syslog.target
 [Service]
 Type=forking
 ExecStartPre=/usr/share/Pegasus/scripts/generate-certs
 ExecStart=/usr/sbin/cimserver
 PIDFile=/var/run/tog-pegasus/cimserver.pid
--- a/tog-pegasus.spec
+++ b/tog-pegasus.spec
@ -32,6 +32,9 @@ Source7:        cimprovagt-wrapper.sh
 Source8:        cmpiOSBase_OperatingSystemProvider-cimprovagt.example
 #  9: DMTF CIM schema
 Source9:        cim_schema_2.38.0Experimental-MOFs.zip
 # 10: Fedora/RHEL script for adding self-signed certificates to the local CA
 #     trust store
 Source10:       generate-certs
 #  1: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5011
 #     Removing insecure -rpath
@ -91,10 +94,9 @@ BuildRequires:  net-snmp-devel, openslp-devel
 BuildRequires:  systemd-units
 Requires:       net-snmp-libs
 Requires:       %{name}-libs = %{epoch}:%{version}-%{release}
 Requires:       openssl
 Requires:       ca-certificates
 Provides:       cim-server = 1
 Requires(post): /usr/bin/update-ca-trust
 Requires(post): /usr/bin/openssl
 Requires(post): /sbin/ldconfig
 %description
@ -281,6 +283,10 @@ make -f $PEGASUS_ROOT/Makefile.Release stage \
    install -p -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/tmpfiles.d/tog-pegasus.conf
 %endif
 # Install script to generate SSL certificates at startup
 mkdir -p $RPM_BUILD_ROOT/usr/share/Pegasus/scripts
 install -p -m 755 %{SOURCE10} $RPM_BUILD_ROOT/usr/share/Pegasus/scripts/generate-certs
 # remove SysV initscript, install .service file
 rm -f $RPM_BUILD_ROOT/etc/init.d/tog-pegasus
 mkdir -p $RPM_BUILD_ROOT%{_unitdir}
@ -409,20 +415,6 @@ restorecon /var/run/tog-pegasus
 %systemd_post tog-pegasus.service
 if [ $1 -ge 1 ]; then
   echo `date` >>  /var/lib/Pegasus/log/install.log 2>&1 || :;
   if [ $1 -eq 1 ] ; then
      # Initial installation
      if [ ! -e /etc/Pegasus/ssl.cnf ] || [ ! -e /etc/Pegasus/server.pem ] ||                                                                                                                          
         [ ! -e /etc/Pegasus/file.pem ]  || [ ! -e /etc/Pegasus/client.pem ]; then
         if [ -x /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts ]; then
            # Create self-signed certificates for initial usage
            /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts
            # Add the self-signed certificate to the local trust store
            cp /etc/Pegasus/ca.crt \
               /etc/pki/ca-trust/source/anchors/localhost-pegasus.pem
            /usr/bin/update-ca-trust extract
         fi;
      fi;
   fi
   if [ $1 -gt 1 ]; then
      if [ -d /var/lib/Pegasus/prev_repository ]; then
      #  The user's old repository was moved to /var/lib/Pegasus/prev_repository, which 
@ -507,6 +499,7 @@ fi
 * Thu Mar 06 2014 Stephen Gallagher <sgallagh@redhat.com> - 2:2.13.0-8
 - Generate SSL certificates with x509v3 and CA:FALSE
 - Automatically import self-signed certificates into local trust-store
 - Move SSL certificate generation into the systemd service file
 * Thu Jan 30 2014 Vitezslav Crhonek <vcrhonek@redhat.com> - 2:2.13.0-7
 - Add Platform_LINUX_XSCALE_GNU.h to -devel because of lmiwbem on arm