pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/apache2 Install mkcert to help with certificate cr...
details: https://anonhg.NetBSD.org/pkgsrc/rev/57cf5f927f72
branches: trunk
changeset: 492393:57cf5f927f72
user: martti <martti%pkgsrc.org@localhost>
date: Mon Apr 11 18:56:05 2005 +0000
description:
Install mkcert to help with certificate creation. The script was
taken from the ap-ssl package (which is for apache 1.3.x).
diffstat:
www/apache2/Makefile | 10 +-
www/apache2/PLIST | 3 +-
www/apache2/files/mkcert.sh | 908 ++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 918 insertions(+), 3 deletions(-)
diffs (truncated from 967 to 300 lines):
diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/Makefile
--- a/www/apache2/Makefile Mon Apr 11 18:44:54 2005 +0000
+++ b/www/apache2/Makefile Mon Apr 11 18:56:05 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.66 2005/02/09 14:57:52 tron Exp $
+# $NetBSD: Makefile,v 1.67 2005/04/11 18:56:05 martti Exp $
.include "Makefile.common"
@@ -85,7 +85,7 @@
OWN_DIRS= ${VARBASE}/log/httpd
OWN_DIRS+= ${VARBASE}/db/httpd
OWN_DIRS_PERMS+= ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
-FIX_PERMS= apachectl apxs dbmmanage envvars-std
+FIX_PERMS= apachectl apxs dbmmanage envvars-std mkcert
SUBST_CLASSES+= paths
SUBST_STAGE.paths= pre-configure
@@ -145,6 +145,10 @@
post-extract:
${TOUCH} ${WRKSRC}/libtool
+post-build:
+ ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
+ < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
+
pre-install:
@cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} \
${MAKE_PROGRAM} install-conf sysconfdir="${EGDIR}"
@@ -176,6 +180,8 @@
@${INSTALL_DATA_DIR} ${PREFIX}/share/httpd/manual
@cd ${WRKSRC}/docs/manual && ${PAX} -rw . ${PREFIX}/share/httpd/manual
+ @${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${PREFIX}/sbin
+
for file in ${FIX_PERMS}; do \
${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/sbin/$$file && \
${CHMOD} ${BINMODE} ${PREFIX}/sbin/$$file; \
diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/PLIST
--- a/www/apache2/PLIST Mon Apr 11 18:44:54 2005 +0000
+++ b/www/apache2/PLIST Mon Apr 11 18:56:05 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.27 2005/02/09 14:57:52 tron Exp $
+@comment $NetBSD: PLIST,v 1.28 2005/04/11 18:56:05 martti Exp $
include/httpd/ap_compat.h
include/httpd/ap_config.h
include/httpd/ap_config_auto.h
@@ -72,6 +72,7 @@
sbin/htdigest
sbin/htpasswd
sbin/httpd
+sbin/mkcert
sbin/logresolve
sbin/rotatelogs
${SUEXEC_COMMENT}sbin/suexec
diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/files/mkcert.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/files/mkcert.sh Mon Apr 11 18:56:05 2005 +0000
@@ -0,0 +1,908 @@
+#!/bin/sh
+##
+## mkcert.sh -- SSL Certificate Generation Utility
+## Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.
+##
+
+# parameters
+parameters=`getopt a:c:t:k:v $*`
+if [ $# = 0 ]; then
+ cat << EOF
+Usage:
+ mkcert.sh [-t type] [-a algo] [-c crtfile ] [-k keyfile] [-v]
+
+Options:
+ -t type Type of certificates to generate. Valid types are:
+ dummy self-signed Snake Oil cert
+ test test cert signed by Snake Oil CA
+ custom custom cert signed by own CA
+ existing existing cert
+
+ -a algo Signature algorithm for generated certificate. Valid
+ algorithms are RSA or DSA.
+
+ -c crtfile Path to an existing certificate
+
+ -k keyfile Path to an existing key file
+
+ -v Display the certificate and key, then exit.
+
+EOF
+ exit 2
+fi
+
+set -- $parameters
+for param; do
+ case $param in
+ -a) algo=$2 ;;
+ -c) crt=$2 ;;
+ -t) type=$2 ;;
+ -k) key=$2 ;;
+ -v) view=1 ;;
+ --) break ;;
+ esac
+ shift
+done
+
+openssl="openssl"
+confdir=@PKG_SYSCONFDIR@
+
+# configuration
+sslcrtdir="$confdir/ssl.crt"
+sslcsrdir="$confdir/ssl.csr"
+sslkeydir="$confdir/ssl.key"
+sslprmdir="$confdir/ssl.prm"
+
+if [ ! -d "${sslcrtdir}" ]; then
+ echo "Creating ${sslcrtdir}"
+ mkdir "${sslcrtdir}" || exit 1
+fi
+if [ ! -d "${sslcsrdir}" ]; then
+ echo "Creating ${sslcsrdir}"
+ mkdir "${sslcsrdir}" || exit 1
+fi
+if [ ! -d "${sslkeydir}" ]; then
+ echo "Creating ${sslkeydir}"
+ mkdir "${sslkeydir}" || exit 1
+fi
+if [ ! -d "${sslprmdir}" ]; then
+ echo "Creating ${sslprmdir}"
+ mkdir "${sslprmdir}" || exit 1
+fi
+
+# some optional terminal sequences
+case $TERM in
+ xterm|xterm*|vt220|vt220*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+ ;;
+ vt100|vt100*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+ ;;
+ default)
+ T_MD=''
+ T_ME=''
+ ;;
+esac
+
+# display header
+echo "${T_MD}SSL Certificate Generation Utility${T_ME} (mkcert.sh)"
+echo "Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved."
+
+# on request view certificates only
+if [ ".$view" != . ]; then
+ if [ -f "$sslcrtdir/ca.crt" -a -f "$sslkeydir/ca.key" ]; then
+ echo ""
+ echo "${T_MD}CA X.509 Certificate${T_ME} [ca.crt]"
+ echo "______________________________________________________________________"
+ $openssl x509 -noout -text -in $sslcrtdir/ca.crt
+ echo ""
+ if [ ".`$openssl x509 -noout -text -in $sslcrtdir/ca.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
+ echo "${T_MD}CA RSA Private Key${T_ME} [ca.key]"
+ echo "______________________________________________________________________"
+ $openssl rsa -noout -text -in $sslkeydir/ca.key
+ else
+ echo "${T_MD}CA DSA Private Key${T_ME} [ca.key]"
+ echo "______________________________________________________________________"
+ $openssl dsa -noout -text -in $sslkeydir/ca.key
+ fi
+ fi
+ if [ -f "$sslcrtdir/server.crt" -a -f "$sslkeydir/server.key" ]; then
+ echo ""
+ echo "${T_MD}Server X.509 Certificate${T_ME} [server.crt]"
+ echo "______________________________________________________________________"
+ $openssl x509 -noout -text -in $sslcrtdir/server.crt
+ echo ""
+ if [ ".`$openssl x509 -noout -text -in $sslcrtdir/server.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
+ echo "${T_MD}Server RSA Private Key${T_ME} [server.key]"
+ echo "______________________________________________________________________"
+ $openssl rsa -noout -text -in $sslkeydir/server.key
+ else
+ echo "${T_MD}Server DSA Private Key${T_ME} [server.key]"
+ echo "______________________________________________________________________"
+ $openssl dsa -noout -text -in $sslkeydir/server.key
+ fi
+ fi
+ exit 0
+fi
+
+# find some random files
+# We will always generate a /tmp/randfile using /dev/urandom
+# before passing $randfile to openssl.
+randfiles='/tmp/randfile'
+for file in /var/log/messages /var/adm/messages /var/log/system.log /var/wtmp \
+ /kernel /kernel/genunix /vmunix /vmlinuz /mach /netbsd \
+ /etc/hosts /etc/group /etc/resolv.conf /bin/ls; do
+ if [ -r $file ]; then
+ if [ ".$randfiles" = . ]; then
+ randfiles="$file"
+ else
+ randfiles="${randfiles}:$file"
+ fi
+ fi
+done
+
+# initialize random file
+if [ -f $HOME/.rnd ]; then
+ RANDFILE="$HOME/.rnd"
+else
+ RANDFILE="/tmp/.mkcert.rnd"
+ (ps; date) >$RANDFILE
+fi
+export RANDFILE
+
+# canonicalize parameters
+case "x$type" in
+ x ) type=test ;;
+esac
+case "x$algo" in
+ xRSA|xrsa )
+ algo=RSA
+ ;;
+ xDSA|xdsa )
+ algo=DSA
+ ;;
+ x )
+ algo=choose
+ ;;
+ * ) echo "Unknown algorithm \'$algo' (use RSA or DSA!)" 1>&2
+ exit 1
+ ;;
+esac
+
+# processing
+case $type in
+
+ dummy)
+ echo ""
+ echo "${T_MD}Generating self-signed Snake Oil certificate [DUMMY]${T_ME}"
+ echo "______________________________________________________________________"
+ echo ""
+ if [ ".$algo" = .choose ]; then
+ algo=RSA
+ fi
+ if [ ".$algo" = .RSA ]; then
+ cp $sslcrtdir/snakeoil-rsa.crt $sslcrtdir/server.crt
+ (umask 077; cp $sslkeydir/snakeoil-rsa.key $sslkeydir/server.key)
+ else
+ cp $sslcrtdir/snakeoil-dsa.crt $sslcrtdir/server.crt
+ (umask 077; cp $sslkeydir/snakeoil-dsa.key $sslkeydir/server.key)
+ fi
+ echo "${T_MD}RESULT: Server Certification Files${T_ME}"
+ echo ""
+ echo "o ${T_MD}$confdir/ssl.key/server.key${T_ME}"
+ echo " The PEM-encoded $algo private key file which you configure"
+ echo " with the 'SSLCertificateKeyFile' directive (automatically done"
+ echo " when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
+ echo ""
+ echo "o ${T_MD}$confdir/ssl.crt/server.crt${T_ME}"
+ echo " The PEM-encoded X.509 certificate file which you configure"
+ echo " with the 'SSLCertificateFile' directive (automatically done"
+ echo " when you install via APACI)."
+ echo ""
+ echo "WARNING: Do not use this for real-life/production systems"
+ echo ""
+ ;;
+
+ test)
+ echo ""
+ echo "${T_MD}Generating test certificate signed by Snake Oil CA [TEST]${T_ME}"
+ echo "WARNING: Do not use this for real-life/production systems"
+ if [ ".$algo" = .choose ]; then
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 0: Decide the signature algorithm used for certificate${T_ME}"
+ echo "The generated X.509 CA certificate can contain either"
+ echo "RSA or DSA based ingredients. Select the one you want to use."
+ def1=R def2=r def=RSA
+ prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
+ while [ 1 ]; do
+ echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
+ read algo
+ if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
+ algo=$def
+ break
+ elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
+ algo=RSA
+ break
+ elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
+ algo=DSA
+ break
+ else
+ echo "mkcert.sh:Warning: Invalid selection" 1>&2
+ fi
+ done
+ fi
+ if [ ".$algo" = ".DSA" ]; then
+ echo ""
+ echo "${T_MD}WARNING!${T_ME} You're generating a DSA based certificate/key pair."
+ echo " This implies that RSA based ciphers won't be available later,"
+ echo " which for your web server currently still means that mostly all"
Home |
Main Index |
Thread Index |
Old Index