diff --git a/genOpenPegasusSSLCerts b/genOpenPegasusSSLCerts deleted file mode 100755 index 5e75567..0000000 --- a/genOpenPegasusSSLCerts +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash -# -PEGASUS_PEM_DIR=/etc/Pegasus -PEGASUS_CONFIG_DIR=/etc/Pegasus -PEGASUS_INSTALL_LOG=/var/lib/Pegasus/log/install.log -PEGASUS_SSL_CERT_FILE=server.pem -PEGASUS_SSL_KEY_FILE=file.pem -PEGASUS_SSL_TRUSTSTORE=client.pem -# -# Set up OpenSSL certificates for the tog-pegasus cimserver -# -# Creates a default ssl.cnf file. -# Generates a self-signed certificate for use by the cimserver. -# -cnfChanged=0; -if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then - mkdir -p ${PEGASUS_INSTALL_LOG%/*} - mkdir -p $PEGASUS_CONFIG_DIR - echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf - echo "distinguished_name = req_distinguished_name" >> \ - $PEGASUS_CONFIG_DIR/ssl.cnf - echo "prompt = no" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "C = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "ST = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "L = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "O = The Open Group" >> \ - $PEGASUS_CONFIG_DIR/ssl.cnf - echo "OU = The OpenPegasus Project" >> \ - $PEGASUS_CONFIG_DIR/ssl.cnf - DN=`hostname`; - if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then - DN='localhost.localdomain'; - fi; - FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } |\ - grep 'has address' | head -1 | sed 's/\ .*$//'`; - if [ -z "$FQDN" ] ; then - FQDN="$DN"; - fi; - # cannot use 'hostname --fqdn' because this can hang indefinitely - echo "CN = $FQDN" >> $PEGASUS_CONFIG_DIR/ssl.cnf - chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf - chown root $PEGASUS_CONFIG_DIR/ssl.cnf - chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf - cnfChanged=1; -fi -if [ $cnfChanged -eq 1 ] || \ - [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE ] || \ - [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE ]; then - /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \ - -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf \ - -keyout $PEGASUS_PEM_DIR/key.pem \ - -out $PEGASUS_PEM_DIR/cert.pem 2>>$PEGASUS_INSTALL_LOG - chmod 700 $PEGASUS_PEM_DIR/*.pem - cp -fp $PEGASUS_PEM_DIR/cert.pem \ - $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE - cp -fp $PEGASUS_PEM_DIR/key.pem \ - $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE - chmod 400 $PEGASUS_PEM_DIR/$PEGASUS_SSL_KEY_FILE - chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE - rm -f $PEGASUS_PEM_DIR/key.pem $PEGASUS_PEM_DIR/cert.pem -fi; -if [ ! -e $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE ]; then - cp -fp $PEGASUS_PEM_DIR/$PEGASUS_SSL_CERT_FILE \ - $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE - chmod 444 $PEGASUS_PEM_DIR/$PEGASUS_SSL_TRUSTSTORE; -fi; diff --git a/genSSLcerts b/genSSLcerts deleted file mode 100755 index 706a3d6..0000000 --- a/genSSLcerts +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# -# Set up the openssl certificates for the tog-pegasus cimserver -# -# Arguments: -# If a single host name argument is given that resolves to a host -# IP address, then the script will attempt to copy the certificate -# files from that host name. -# -# Without any arguments: -# -# Modify entries in ssl.cnf, then -# Generate a self signed node certificate -# -PEGASUS_CONFIG_DIR=${PEGASUS_CONFIG_DIR:=/etc/Pegasus} -INSTALL_LOG=${INSTALL_LOG:=/var/log/Pegasus/install.log} -PEGASUS_SSL_CERT_FILE=${PEGASUS_SSL_CERT_FILE:=server.pem} -PEGASUS_SSL_KEY_FILE=${PEGASUS_SSL_KEY_FILE:=file.pem} -PEGASUS_SSL_TRUSTSTORE=${PEGASUS_SSL_TRUSTSTORE:=client.pem} -cnfChanged=0; -if [ ! -e $PEGASUS_CONFIG_DIR/ssl.cnf ]; then - mkdir -p ${INSTALL_LOG%/*} - mkdir -p $PEGASUS_CONFIG_DIR - echo "[ req ]" > $PEGASUS_CONFIG_DIR/ssl.cnf - echo "distinguished_name = req_distinguished_name" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "prompt = no" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "[ req_distinguished_name ]" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "C = UK" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "ST = Berkshire" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "L = Reading" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "O = The Open Group" >> $PEGASUS_CONFIG_DIR/ssl.cnf - echo "OU = The OpenPegasus Project" >> $PEGASUS_CONFIG_DIR/ssl.cnf - DN=`hostname`; - if [ -z "$DN" ] || [ "$DN" = "(none)" ]; then - DN='localhost.localdomain'; - fi; - FQDN=`{ host -W1 $DN 2>/dev/null || echo "$DN has address "; } | grep 'has address' | head -1 | sed 's/\ .*$//'`; - if [ -z "$FQDN" ] ; then - FQDN="$DN"; - fi; - # cannot use 'hostname --fqdn' because this can hang indefinitely - echo "CN = $FQDN" >> $PEGASUS_CONFIG_DIR/ssl.cnf - chmod 400 $PEGASUS_CONFIG_DIR/ssl.cnf - chown root $PEGASUS_CONFIG_DIR/ssl.cnf - chgrp root $PEGASUS_CONFIG_DIR/ssl.cnf - cnfChanged=1; -fi -if [ $cnfChanged -eq 1 ] || [ ! -e /etc/Pegasus/$PEGASUS_SSL_CERT_FILE ] || [ ! -e /etc/Pegasus/$PEGASUS_SSL_KEY_FILE ] || [ ! -e /etc/Pegasus/$PEGASUS_SSL_TRUSTSTORE ]; then - /usr/bin/openssl req -x509 -days 3650 -newkey rsa:2048 \ - -nodes -config $PEGASUS_CONFIG_DIR/ssl.cnf \ - -keyout $PEGASUS_CONFIG_DIR/key.pem -out $PEGASUS_CONFIG_DIR/cert.pem 2>>$INSTALL_LOG - chmod 700 $PEGASUS_CONFIG_DIR/*.pem - cat $PEGASUS_CONFIG_DIR/key.pem > $PEGASUS_CONFIG_DIR/file_2048.pem - chmod 400 $PEGASUS_CONFIG_DIR/file_2048.pem - cat $PEGASUS_CONFIG_DIR/cert.pem > $PEGASUS_CONFIG_DIR/server_2048.pem - chmod 400 $PEGASUS_CONFIG_DIR/server_2048.pem - cat $PEGASUS_CONFIG_DIR/cert.pem > $PEGASUS_CONFIG_DIR/client_2048.pem - chmod 400 $PEGASUS_CONFIG_DIR/client_2048.pem - rm -f $PEGASUS_CONFIG_DIR/key.pem $PEGASUS_CONFIG_DIR/cert.pem - cp -fp $PEGASUS_CONFIG_DIR/server_2048.pem $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_CERT_FILE - cp -fp $PEGASUS_CONFIG_DIR/file_2048.pem $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_KEY_FILE - chmod 400 $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_KEY_FILE - chmod 444 $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_CERT_FILE - cp -fp $PEGASUS_CONFIG_DIR/client_2048.pem $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_TRUSTSTORE - chmod 444 $PEGASUS_CONFIG_DIR/$PEGASUS_SSL_TRUSTSTORE; -fi; diff --git a/tog-pegasus.spec b/tog-pegasus.spec index db31104..fd17fe0 100644 --- a/tog-pegasus.spec +++ b/tog-pegasus.spec @@ -18,8 +18,6 @@ URL: http://www.openpegasus.org Source0: https://collaboration.opengroup.org/pegasus/documents/27211/pegasus-%{version}.tar.gz # 1: Description of security enhacements Source1: README.RedHat.Security -# 2: Script for setting SSL certificates - used in init script when cimserver is started for the first time -Source2: genOpenPegasusSSLCerts # 3: Description of SSL settings Source3: README.RedHat.SSL # 4: /etc/tmpfiles.d configuration file @@ -216,7 +214,6 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0 %build cp -fp %SOURCE1 doc -cp -fp %SOURCE2 rpm cp -fp %SOURCE3 doc cp -fp %SOURCE6 rpm cp -fp %SOURCE8 doc