diff options
| -rwxr-xr-x | create-ssl-certificate | 56 | ||||
| -rw-r--r-- | rpm-helper.macros.in | 4 |
2 files changed, 60 insertions, 0 deletions
diff --git a/create-ssl-certificate b/create-ssl-certificate new file mode 100755 index 0000000..595a439 --- /dev/null +++ b/create-ssl-certificate @@ -0,0 +1,56 @@ +#!/bin/sh +# $Id$ +# helper script for creating ssl certificates + +if [ $# -lt 3 ]; then + echo "usage: $0 <pkg name> <num installed> <service> <bundle> <group>" 1>&2 + exit 1 +fi + +pkg=$1 # name of the package +num=$2 # number of packages installed +srv=$3 # name of the service +bundle=$4 # bundle mode +group=$5 # group with read access on key + +if [ $num = 1 ]; then + host=$(hostname) + conffile=/tmp/$$ + keyfile=/etc/pki/tls/private/$pkg.pem + if [ "$bundle" == true ]; then + certfile=$keyfile + else + certfile=/etc/pki/tls/certs/$pkg.pem + fi + + # create a temporary configuration file + cat > $conffile <<EOF +default_bits = 1024 +encrypt_key = no +prompt = no +distinguished_name = req_dn +req_extensions = req_ext + +[ req_dn ] +commonName = $host +organizationalUnitName = default $srv cert for $host +emailAddress = root@$host + +[ req_ext ] +basicConstraints = CA:FALSE +EOF + + # generate certificates + openssl req -new -x509 -days 365 \ + -config $conffile \ + -keyout $keyfile \ + -out $certfile >/dev/null 2>&1 + + # enforce strict perms on key + if [ -n "$group" ]; then + chmod 640 $keyfile + chgrp $group $keyfile + else + chmod 600 $keyfile + fi +fi diff --git a/rpm-helper.macros.in b/rpm-helper.macros.in index 409f474..7922349 100644 --- a/rpm-helper.macros.in +++ b/rpm-helper.macros.in @@ -12,6 +12,10 @@ %create_ghostfile() %_create_ghostfile_helper %{name} $1 %{1} %{2} %{3} %{4} \ %{nil} +%_create_ssl_certificate_helper %_rpm_helper_dir/create_ssl_certificate +%create_ssl_certificate() %_create_ssl_certificate_helper %{name} $1 %{1} %{2} %{3} \ +%{nil} + # initscripts macros %_add_service_helper %_rpm_helper_dir/add-service %_post_service() %_add_service_helper %{name} $1 %{1} \ |