[openwsman/f13/master] Moved the cert generation from init

Praveen K Paladugu praveenp at fedoraproject.org
Tue Aug 10 15:25:03 UTC 2010 

commit 2d0b84a016916a7272fef30e3de2e9ed0c37ab16
Author: Praveen K Paladugu <praveenp at praveenp-dell.us.dell.com>
Date:   Tue Aug 10 10:25:55 2010 -0500

    Moved the cert generation from init

 openwsman-initscript.patch |  100 ++++++++++++++++++++++++++++++++++++-------
 openwsman.spec             |    6 ++-
 2 files changed, 88 insertions(+), 18 deletions(-)
---
diff --git a/openwsman-initscript.patch b/openwsman-initscript.patch
index 8d5b16f..1a17eae 100644
--- a/openwsman-initscript.patch
+++ b/openwsman-initscript.patch
@@ -1,6 +1,6 @@
-diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init/openwsmand.sh.in
---- openwsman-2.2.3/etc/init/openwsmand.sh.in.orig	2010-04-22 09:36:29.186800378 -0500
-+++ openwsman-2.2.3/etc/init/openwsmand.sh.in	2010-04-22 09:38:15.507820659 -0500
+diff -up ./etc/init/openwsmand.sh.in.old ./etc/init/openwsmand.sh.in
+--- ./etc/init/openwsmand.sh.in.old	2010-08-04 16:43:40.212100948 -0500
++++ ./etc/init/openwsmand.sh.in	2010-08-04 17:26:20.013849220 -0500
 @@ -4,15 +4,15 @@
  # Provides: openwsmand
  # Required-Start: $remote_fs
@@ -20,27 +20,93 @@ diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init
  # description: Openwsman Daemon
  # processname: openwsmand
  
-@@ -61,7 +61,7 @@ start()
- 	if [ "x${FQDN}" = "x" ]; then
- 	  FQDN=localhost.localdomain
- 	fi
+@@ -56,20 +56,16 @@ start()
+ 	echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
+ 	ln -s /etc/ssl/servercerts/server{cert,key}.pem @SYSCONFDIR@
+       else
+-        echo "Generating Openwsman server public certificate and private key"
+-	FQDN=`hostname --fqdn`
+-	if [ "x${FQDN}" = "x" ]; then
+-	  FQDN=localhost.localdomain
+-	fi
 -cat << EOF | sh @SYSCONFDIR@/owsmangencert.sh > /dev/null 2>&1
-+cat << EOF | sh @libexecdir@/openwsman/owsmangencert.sh > /dev/null 2>&1
- --
- SomeState
- SomeCity
-@@ -145,8 +145,13 @@ case "$1" in
+---
+-SomeState
+-SomeCity
+-SomeOrganization
+-SomeOrganizationalUnit
+-${FQDN}
+-root@${FQDN}
+-EOF
++	echo "FAILED: Starting openwsman server"
++        echo "There is no ssl server key available for openwsman server to use."
++	echo -e "Please generate one with the following script and start the openwsman service again:\n"
++	echo "##################################"
++        echo "/etc/openwsman/owsmangencert.sh"
++	echo "================================="
++
++	echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
++	echo "      If this takes too long, you can replace the value of \"RANDFILE\" in @SYSCONFDIR@/ssleay.cnf with /dev/urandom."
++		
+       fi
+     fi
+ 
+@@ -145,6 +141,10 @@ case "$1" in
      fi
      ;;
  
-+
 +   condrestart)
 +      [ -e $lockfile ] && restart
-+       
++    ;;
 +
      *)
--    echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
-+    echo "Usage: $0 {restart|start|stop|reload|force-reload|status|condrestart}"
+     echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
  esac
+diff -up ./etc/owsmangencert.sh.in.old ./etc/owsmangencert.sh.in
+--- ./etc/owsmangencert.sh.in.old	2010-08-04 17:14:31.241100874 -0500
++++ ./etc/owsmangencert.sh.in	2010-08-04 17:21:02.944850958 -0500
+@@ -1,7 +1,5 @@
+ #!/bin/sh
+ 
+-#!/bin/sh -e
+-
+ CERTFILE=@SYSCONFDIR@/servercert.pem
+ KEYFILE=@SYSCONFDIR@/serverkey.pem
+ CNFFILE=@SYSCONFDIR@/ssleay.cnf
+@@ -15,19 +13,33 @@ if [ "$1" = "--force" ]; then
+   shift
+ fi
+ 
++FQDN=`hostname --fqdn`
++        if [ "x${FQDN}" = "x" ]; then
++          FQDN=localhost.localdomain
++        fi
+ echo
+ echo creating selfsingned certificate
+ echo "replace it with one signed by a certification authority (CA)"
+ echo
+-echo enter your ServerName at the Common Name prompt
++#echo enter your ServerName at the Common Name prompt
+ echo
+ 
+ # use special .cnf, because with normal one no valid selfsigned
+ # certificate is created
+ 
+-export RANDFILE=/dev/random
+-openssl req -days 365 $@ -config $CNFFILE \
++#export RANDFILE=/dev/random
++cat <<EOF  |openssl req -days 365 $@ -config $CNFFILE \
+   -new -x509 -nodes -out $CERTFILE \
+   -keyout $KEYFILE
++--
++SomeState
++SomeCity
++SomeOrganization
++SomeOrganizationalUnit
++${FQDN}
++root@${FQDN}
++EOF
++
++ 
+ chmod 600 $KEYFILE
  
- if [ $lsb -ne 0 ]; then
diff --git a/openwsman.spec b/openwsman.spec
index 10045e6..829ea2e 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -16,7 +16,7 @@ BuildRequires:  perl-devel pkgconfig openssl-devel
 BuildRequires:  libtool
 Requires:       net-tools
 Version:        2.2.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 Url:            http://www.openwsman.org/
 License:        BSD
 Group:          Applications/System
@@ -261,6 +261,10 @@ fi
 
 
 %changelog
+* Tue Aug 10 2010 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.3-3
+- Moved the certificate generation from the init script. The user has to 
+-   manually generate on before starting the service.
+
 * Thu Apr 22 2010 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.3-2
 - authors.patch: Moved all the AUTHORS info to AUTHORS file.
 - Corrected the Source tag.

More information about the scm-commits mailing list