version 1.1, 2005/03/22 08:57:42
|
version 1.9, 2006/01/30 16:16:25
|
|
|
|
#//%2006//////////////////////////////////////////////////////////////////////// |
# Create OpenSSL Configuration File (ssl.cnf) |
#// |
|
#// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
|
#// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
|
#// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
#// IBM Corp.; EMC Corporation, The Open Group. |
|
#// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
#// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
#// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
#// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
#// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
#// EMC Corporation; Symantec Corporation; The Open Group. |
|
#// |
|
#// Permission is hereby granted, free of charge, to any person obtaining a copy |
|
#// of this software and associated documentation files (the "Software"), to |
|
#// deal in the Software without restriction, including without limitation the |
|
#// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
|
#// sell copies of the Software, and to permit persons to whom the Software is |
|
#// furnished to do so, subject to the following conditions: |
|
#// |
|
#// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
#// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
#// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
#// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
#// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
#// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
#// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
#// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
#// |
|
#//============================================================================== |
|
# Start of section pegasus/rpm/tog-specfiles/tog-pegasus-post.spec |
# | # |
if [ -f %PEGASUS_CONFIG_DIR/ssl.cnf ] |
# install remove upgrade reinstall |
then |
# %post 1 - 2 2 |
echo "WARNING: %PEGASUS_CONFIG_DIR/ssl.cnf already exists." |
# |
else |
export PEGASUS_ARCH_LIB=%PEGASUS_ARCH_LIB |
echo " Generating SSL Certificate..." |
|
echo "[ req ]" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "distinguished_name = req_distinguished_name" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "prompt = no" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "[ req_distinguished_name ]" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "C = UK" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "ST = Berkshire" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "L = Reading" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "O = The Open Group" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "OU = The OpenPegasus Project" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
echo "CN = `uname -n`" >> %PEGASUS_CONFIG_DIR/ssl.cnf |
|
chmod 400 %PEGASUS_CONFIG_DIR/ssl.cnf |
|
chown root %PEGASUS_CONFIG_DIR/ssl.cnf |
|
fi |
|
|
|
%OPENSSL_BIN/openssl req -x509 -days 356 -newkey rsa:2048 \ |
|
-nodes -config %PEGASUS_CONFIG_DIR/ssl.cnf \ |
|
-keyout %PEGASUS_PEM_DIR/key.pem -out %PEGASUS_PEM_DIR/cert.pem \ |
|
2>>%INSTALL_LOG |
|
|
|
cat %PEGASUS_PEM_DIR/key.pem > %PEGASUS_PEM_DIR/key-2048.pem |
|
chmod 400 %PEGASUS_PEM_DIR/key-2048.pem |
|
cat %PEGASUS_PEM_DIR/cert.pem > %PEGASUS_PEM_DIR/cert-2048.pem |
|
chmod 400 %PEGASUS_PEM_DIR/cert-2048.pem |
|
cat %PEGASUS_PEM_DIR/cert.pem > %PEGASUS_PEM_DIR/truststore-2048.pem |
|
chmod 400 %PEGASUS_PEM_DIR/truststore-2048.pem |
|
rm -f %PEGASUS_PEM_DIR/key.pem %PEGASUS_PEM_DIR/cert.pem |
|
| |
if [ -f %PEGASUS_PEM_DIR/%PEGASUS_SSL_CERT_FILE ] |
if [ -d %PEGASUS_PREV_REPOSITORY_DIR ]; then |
then |
# Running Repository Upgrade utility |
echo "WARNING: %PEGASUS_PEM_DIR/%PEGASUS_SSL_CERT_FILE SSL Certificate file already exists." |
%PEGASUS_SBIN_DIR/repupgrade %PEGASUS_PREV_REPOSITORY_DIR \ |
else |
%PEGASUS_REPOSITORY_DIR 2>>%PEGASUS_INSTALL_LOG |
cp %PEGASUS_PEM_DIR/cert-2048.pem %PEGASUS_PEM_DIR/%PEGASUS_SSL_CERT_FILE |
/bin/tar -C %PEGASUS_REPOSITORY_PARENT_DIR -cf \ |
chmod 444 %PEGASUS_PEM_DIR/%PEGASUS_SSL_CERT_FILE |
%PEGASUS_PREV_REPOSITORY_DIR`date '+%Y-%m-%d-%s.%N'`.tar \ |
cp %PEGASUS_PEM_DIR/key-2048.pem %PEGASUS_PEM_DIR/%PEGASUS_SSL_KEY_FILE |
%PEGASUS_PREV_REPOSITORY_DIR_NAME |
chmod 400 %PEGASUS_PEM_DIR/%PEGASUS_SSL_KEY_FILE |
rm -rf %PEGASUS_PREV_REPOSITORY_DIR |
fi | fi |
|
if [ $1 -eq 1 ]; then |
if [ -f %PEGASUS_PEM_DIR/%PEGASUS_SSL_TRUSTSTORE ] |
%if %{AUTOSTART} |
then |
/sbin/chkconfig --add tog-pegasus |
echo "WARNING: %PEGASUS_PEM_DIR/%PEGASUS_SSL_TRUSTSTORE SSL Certificate trust store already exists." |
%endif |
else |
:; |
cp %PEGASUS_PEM_DIR/truststore-2048.pem %PEGASUS_PEM_DIR/%PEGASUS_SSL_TRUSTSTORE |
elif [ $1 -gt 0 ]; then |
chmod 444 %PEGASUS_PEM_DIR/%PEGASUS_SSL_TRUSTSTORE |
/etc/init.d/tog-pegasus condrestart |
|
:; |
fi | fi |
|
# |
echo " To start Pegasus manually:" |
# End of section pegasus/rpm/tog-specfiles/tog-pegasus-post.spec |
echo " /etc/init.d/tog-pegasus start" |
|
echo " Stop it:" |
|
echo " /etc/init.d/tog-pegasus stop" |
|
echo " To set up PATH and MANPATH in /etc/profile" |
|
echo " run /opt/tog-pegasus/sbin/settogpath." |
|