pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/apache2 Install mkcert to help with certificate cr...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/57cf5f927f72
branches:  trunk
changeset: 492393:57cf5f927f72
user:      martti <martti%pkgsrc.org@localhost>
date:      Mon Apr 11 18:56:05 2005 +0000

description:
Install mkcert to help with certificate creation. The script was
taken from the ap-ssl package (which is for apache 1.3.x).

diffstat:

 www/apache2/Makefile        |   10 +-
 www/apache2/PLIST           |    3 +-
 www/apache2/files/mkcert.sh |  908 ++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 918 insertions(+), 3 deletions(-)

diffs (truncated from 967 to 300 lines):

diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/Makefile
--- a/www/apache2/Makefile      Mon Apr 11 18:44:54 2005 +0000
+++ b/www/apache2/Makefile      Mon Apr 11 18:56:05 2005 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.66 2005/02/09 14:57:52 tron Exp $
+# $NetBSD: Makefile,v 1.67 2005/04/11 18:56:05 martti Exp $
 
 .include "Makefile.common"
 
@@ -85,7 +85,7 @@
 OWN_DIRS=              ${VARBASE}/log/httpd
 OWN_DIRS+=             ${VARBASE}/db/httpd
 OWN_DIRS_PERMS+=       ${VARBASE}/db/httpd/proxy ${APACHE_USER} ${APACHE_GROUP} 0755
-FIX_PERMS=             apachectl apxs dbmmanage envvars-std
+FIX_PERMS=             apachectl apxs dbmmanage envvars-std mkcert
 
 SUBST_CLASSES+=                paths
 SUBST_STAGE.paths=     pre-configure
@@ -145,6 +145,10 @@
 post-extract:
        ${TOUCH} ${WRKSRC}/libtool
 
+post-build:
+       ${SED} "s#@PKG_SYSCONFDIR@#${PKG_SYSCONFDIR}#g" \
+               < ${FILESDIR}/mkcert.sh > ${WRKDIR}/mkcert
+
 pre-install:
        @cd ${WRKSRC}; ${SETENV} ${MAKE_ENV}                            \
                ${MAKE_PROGRAM} install-conf sysconfdir="${EGDIR}"
@@ -176,6 +180,8 @@
        @${INSTALL_DATA_DIR} ${PREFIX}/share/httpd/manual
        @cd ${WRKSRC}/docs/manual && ${PAX} -rw . ${PREFIX}/share/httpd/manual
 
+       @${INSTALL_SCRIPT} ${WRKDIR}/mkcert ${PREFIX}/sbin
+
        for file in ${FIX_PERMS}; do \
                ${CHOWN} ${BINOWN}:${BINGRP} ${PREFIX}/sbin/$$file && \
                ${CHMOD} ${BINMODE} ${PREFIX}/sbin/$$file; \
diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/PLIST
--- a/www/apache2/PLIST Mon Apr 11 18:44:54 2005 +0000
+++ b/www/apache2/PLIST Mon Apr 11 18:56:05 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.27 2005/02/09 14:57:52 tron Exp $
+@comment $NetBSD: PLIST,v 1.28 2005/04/11 18:56:05 martti Exp $
 include/httpd/ap_compat.h
 include/httpd/ap_config.h
 include/httpd/ap_config_auto.h
@@ -72,6 +72,7 @@
 sbin/htdigest
 sbin/htpasswd
 sbin/httpd
+sbin/mkcert
 sbin/logresolve
 sbin/rotatelogs
 ${SUEXEC_COMMENT}sbin/suexec
diff -r 21ae499ed9b6 -r 57cf5f927f72 www/apache2/files/mkcert.sh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/apache2/files/mkcert.sh       Mon Apr 11 18:56:05 2005 +0000
@@ -0,0 +1,908 @@
+#!/bin/sh
+##
+##  mkcert.sh -- SSL Certificate Generation Utility
+##  Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved. 
+##
+
+#   parameters
+parameters=`getopt a:c:t:k:v $*`
+if [ $# = 0 ]; then
+    cat << EOF
+Usage:
+        mkcert.sh [-t type] [-a algo] [-c crtfile ] [-k keyfile] [-v]
+
+Options:
+        -t type                Type of certificates to generate.  Valid types are:
+                            dummy      self-signed Snake Oil cert
+                            test       test cert signed by Snake Oil CA
+                            custom     custom cert signed by own CA
+                            existing   existing cert
+
+        -a algo         Signature algorithm for generated certificate.  Valid
+                        algorithms are RSA or DSA.
+
+        -c crtfile      Path to an existing certificate
+
+        -k keyfile      Path to an existing key file
+
+        -v              Display the certificate and key, then exit.
+
+EOF
+    exit 2
+fi
+
+set -- $parameters
+for param; do
+    case $param in
+        -a) algo=$2 ;;
+        -c) crt=$2 ;;
+        -t) type=$2 ;;
+        -k) key=$2 ;;
+        -v) view=1 ;;
+        --) break ;;
+    esac
+    shift
+done
+
+openssl="openssl"
+confdir=@PKG_SYSCONFDIR@
+
+#   configuration
+sslcrtdir="$confdir/ssl.crt"
+sslcsrdir="$confdir/ssl.csr"
+sslkeydir="$confdir/ssl.key"
+sslprmdir="$confdir/ssl.prm"
+
+if [ ! -d "${sslcrtdir}" ]; then
+    echo "Creating ${sslcrtdir}"
+    mkdir "${sslcrtdir}" || exit 1
+fi
+if [ ! -d "${sslcsrdir}" ]; then
+    echo "Creating ${sslcsrdir}"
+    mkdir "${sslcsrdir}" || exit 1
+fi
+if [ ! -d "${sslkeydir}" ]; then
+    echo "Creating ${sslkeydir}"
+    mkdir "${sslkeydir}" || exit 1
+fi
+if [ ! -d "${sslprmdir}" ]; then
+    echo "Creating ${sslprmdir}"
+    mkdir "${sslprmdir}" || exit 1
+fi
+
+#   some optional terminal sequences
+case $TERM in
+    xterm|xterm*|vt220|vt220*)
+        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+        ;;
+    vt100|vt100*)
+        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+        ;;
+    default)
+        T_MD=''
+        T_ME=''
+        ;;
+esac
+
+#   display header
+echo "${T_MD}SSL Certificate Generation Utility${T_ME} (mkcert.sh)"
+echo "Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved."
+
+#   on request view certificates only
+if [ ".$view" != . ]; then
+    if [ -f "$sslcrtdir/ca.crt" -a -f "$sslkeydir/ca.key" ]; then
+        echo ""
+        echo "${T_MD}CA X.509 Certificate${T_ME} [ca.crt]"
+        echo "______________________________________________________________________"
+        $openssl x509 -noout -text -in $sslcrtdir/ca.crt
+        echo ""
+        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/ca.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
+            echo "${T_MD}CA RSA Private Key${T_ME} [ca.key]"
+            echo "______________________________________________________________________"
+            $openssl rsa -noout -text -in $sslkeydir/ca.key
+        else
+            echo "${T_MD}CA DSA Private Key${T_ME} [ca.key]"
+            echo "______________________________________________________________________"
+            $openssl dsa -noout -text -in $sslkeydir/ca.key
+        fi
+    fi
+    if [ -f "$sslcrtdir/server.crt" -a -f "$sslkeydir/server.key" ]; then
+        echo ""
+        echo "${T_MD}Server X.509 Certificate${T_ME} [server.crt]"
+        echo "______________________________________________________________________"
+        $openssl x509 -noout -text -in $sslcrtdir/server.crt
+        echo ""
+        if [ ".`$openssl x509 -noout -text -in $sslcrtdir/server.crt | grep 'Signature Algorithm' | grep -i RSA`" != . ]; then
+            echo "${T_MD}Server RSA Private Key${T_ME} [server.key]"
+            echo "______________________________________________________________________"
+            $openssl rsa -noout -text -in $sslkeydir/server.key
+        else
+            echo "${T_MD}Server DSA Private Key${T_ME} [server.key]"
+            echo "______________________________________________________________________"
+            $openssl dsa -noout -text -in $sslkeydir/server.key
+        fi
+    fi
+    exit 0
+fi
+
+#   find some random files
+#   We will always generate a /tmp/randfile using /dev/urandom
+#   before passing $randfile to openssl.
+randfiles='/tmp/randfile'
+for file in /var/log/messages /var/adm/messages /var/log/system.log /var/wtmp \
+            /kernel /kernel/genunix /vmunix /vmlinuz /mach /netbsd \
+            /etc/hosts /etc/group /etc/resolv.conf /bin/ls; do
+    if [ -r $file ]; then
+        if [ ".$randfiles" = . ]; then
+            randfiles="$file"
+        else
+            randfiles="${randfiles}:$file"
+        fi
+    fi
+done
+
+#   initialize random file
+if [ -f $HOME/.rnd ]; then
+    RANDFILE="$HOME/.rnd"
+else
+    RANDFILE="/tmp/.mkcert.rnd"
+    (ps; date) >$RANDFILE
+fi
+export RANDFILE
+
+#   canonicalize parameters
+case "x$type" in
+    x ) type=test ;;
+esac
+case "x$algo" in
+    xRSA|xrsa ) 
+        algo=RSA
+        ;;
+    xDSA|xdsa ) 
+        algo=DSA 
+        ;;
+    x ) 
+        algo=choose
+        ;;
+    * ) echo "Unknown algorithm \'$algo' (use RSA or DSA!)" 1>&2
+        exit 1
+        ;;
+esac
+
+#   processing
+case $type in
+
+    dummy)
+        echo ""
+        echo "${T_MD}Generating self-signed Snake Oil certificate [DUMMY]${T_ME}"
+        echo "______________________________________________________________________"
+        echo ""
+        if [ ".$algo" = .choose ]; then
+            algo=RSA
+        fi
+        if [ ".$algo" = .RSA ]; then
+            cp $sslcrtdir/snakeoil-rsa.crt $sslcrtdir/server.crt
+            (umask 077; cp $sslkeydir/snakeoil-rsa.key $sslkeydir/server.key)
+        else
+            cp $sslcrtdir/snakeoil-dsa.crt $sslcrtdir/server.crt
+            (umask 077; cp $sslkeydir/snakeoil-dsa.key $sslkeydir/server.key)
+        fi
+        echo "${T_MD}RESULT: Server Certification Files${T_ME}"
+        echo ""
+        echo "o  ${T_MD}$confdir/ssl.key/server.key${T_ME}"
+        echo "   The PEM-encoded $algo private key file which you configure"
+        echo "   with the 'SSLCertificateKeyFile' directive (automatically done"
+        echo "   when you install via APACI). ${T_MD}KEEP THIS FILE PRIVATE!${T_ME}"
+        echo ""
+        echo "o  ${T_MD}$confdir/ssl.crt/server.crt${T_ME}"
+        echo "   The PEM-encoded X.509 certificate file which you configure"
+        echo "   with the 'SSLCertificateFile' directive (automatically done"
+        echo "   when you install via APACI)."
+        echo ""
+        echo "WARNING: Do not use this for real-life/production systems"
+        echo ""
+        ;;
+
+    test)
+        echo ""
+        echo "${T_MD}Generating test certificate signed by Snake Oil CA [TEST]${T_ME}"
+        echo "WARNING: Do not use this for real-life/production systems"
+        if [ ".$algo" = .choose ]; then
+            echo "______________________________________________________________________"
+            echo ""
+            echo "${T_MD}STEP 0: Decide the signature algorithm used for certificate${T_ME}"
+            echo "The generated X.509 CA certificate can contain either"
+            echo "RSA or DSA based ingredients. Select the one you want to use."
+            def1=R def2=r def=RSA
+            prompt="Signature Algorithm ((R)SA or (D)SA) [$def1]:"
+            while [ 1 ]; do
+                echo dummy | awk '{ printf("%s", prompt); }' "prompt=$prompt"
+                read algo
+                if [ ".$algo" = ".$def1" -o ".$algo" = ".$def2" -o ".$algo" = . ]; then
+                    algo=$def
+                    break
+                elif [ ".$algo" = ".R" -o ".$algo" = ".r" ]; then
+                    algo=RSA
+                    break
+                elif [ ".$algo" = ".D" -o ".$algo" = ".d" ]; then
+                    algo=DSA
+                    break
+                else
+                    echo "mkcert.sh:Warning: Invalid selection" 1>&2
+                fi
+            done
+        fi
+        if [ ".$algo" = ".DSA" ]; then
+            echo ""
+            echo "${T_MD}WARNING!${T_ME} You're generating a DSA based certificate/key pair."
+            echo "         This implies that RSA based ciphers won't be available later,"
+            echo "         which for your web server currently still means that mostly all"



Home | Main Index | Thread Index | Old Index