[openwsman/f13/master] Moved the cert generation from init
Praveen K Paladugu
praveenp at fedoraproject.org
Tue Aug 10 15:25:03 UTC 2010
commit 2d0b84a016916a7272fef30e3de2e9ed0c37ab16
Author: Praveen K Paladugu <praveenp at praveenp-dell.us.dell.com>
Date: Tue Aug 10 10:25:55 2010 -0500
Moved the cert generation from init
openwsman-initscript.patch | 100 ++++++++++++++++++++++++++++++++++++-------
openwsman.spec | 6 ++-
2 files changed, 88 insertions(+), 18 deletions(-)
---
diff --git a/openwsman-initscript.patch b/openwsman-initscript.patch
index 8d5b16f..1a17eae 100644
--- a/openwsman-initscript.patch
+++ b/openwsman-initscript.patch
@@ -1,6 +1,6 @@
-diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init/openwsmand.sh.in
---- openwsman-2.2.3/etc/init/openwsmand.sh.in.orig 2010-04-22 09:36:29.186800378 -0500
-+++ openwsman-2.2.3/etc/init/openwsmand.sh.in 2010-04-22 09:38:15.507820659 -0500
+diff -up ./etc/init/openwsmand.sh.in.old ./etc/init/openwsmand.sh.in
+--- ./etc/init/openwsmand.sh.in.old 2010-08-04 16:43:40.212100948 -0500
++++ ./etc/init/openwsmand.sh.in 2010-08-04 17:26:20.013849220 -0500
@@ -4,15 +4,15 @@
# Provides: openwsmand
# Required-Start: $remote_fs
@@ -20,27 +20,93 @@ diff -up openwsman-2.2.3/etc/init/openwsmand.sh.in.orig openwsman-2.2.3/etc/init
# description: Openwsman Daemon
# processname: openwsmand
-@@ -61,7 +61,7 @@ start()
- if [ "x${FQDN}" = "x" ]; then
- FQDN=localhost.localdomain
- fi
+@@ -56,20 +56,16 @@ start()
+ echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
+ ln -s /etc/ssl/servercerts/server{cert,key}.pem @SYSCONFDIR@
+ else
+- echo "Generating Openwsman server public certificate and private key"
+- FQDN=`hostname --fqdn`
+- if [ "x${FQDN}" = "x" ]; then
+- FQDN=localhost.localdomain
+- fi
-cat << EOF | sh @SYSCONFDIR@/owsmangencert.sh > /dev/null 2>&1
-+cat << EOF | sh @libexecdir@/openwsman/owsmangencert.sh > /dev/null 2>&1
- --
- SomeState
- SomeCity
-@@ -145,8 +145,13 @@ case "$1" in
+---
+-SomeState
+-SomeCity
+-SomeOrganization
+-SomeOrganizationalUnit
+-${FQDN}
+-root@${FQDN}
+-EOF
++ echo "FAILED: Starting openwsman server"
++ echo "There is no ssl server key available for openwsman server to use."
++ echo -e "Please generate one with the following script and start the openwsman service again:\n"
++ echo "##################################"
++ echo "/etc/openwsman/owsmangencert.sh"
++ echo "================================="
++
++ echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
++ echo " If this takes too long, you can replace the value of \"RANDFILE\" in @SYSCONFDIR@/ssleay.cnf with /dev/urandom."
++
+ fi
+ fi
+
+@@ -145,6 +141,10 @@ case "$1" in
fi
;;
-+
+ condrestart)
+ [ -e $lockfile ] && restart
-+
++ ;;
+
*)
-- echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
-+ echo "Usage: $0 {restart|start|stop|reload|force-reload|status|condrestart}"
+ echo "Usage: $0 {restart|start|stop|reload|force-reload|status}"
esac
+diff -up ./etc/owsmangencert.sh.in.old ./etc/owsmangencert.sh.in
+--- ./etc/owsmangencert.sh.in.old 2010-08-04 17:14:31.241100874 -0500
++++ ./etc/owsmangencert.sh.in 2010-08-04 17:21:02.944850958 -0500
+@@ -1,7 +1,5 @@
+ #!/bin/sh
+
+-#!/bin/sh -e
+-
+ CERTFILE=@SYSCONFDIR@/servercert.pem
+ KEYFILE=@SYSCONFDIR@/serverkey.pem
+ CNFFILE=@SYSCONFDIR@/ssleay.cnf
+@@ -15,19 +13,33 @@ if [ "$1" = "--force" ]; then
+ shift
+ fi
+
++FQDN=`hostname --fqdn`
++ if [ "x${FQDN}" = "x" ]; then
++ FQDN=localhost.localdomain
++ fi
+ echo
+ echo creating selfsingned certificate
+ echo "replace it with one signed by a certification authority (CA)"
+ echo
+-echo enter your ServerName at the Common Name prompt
++#echo enter your ServerName at the Common Name prompt
+ echo
+
+ # use special .cnf, because with normal one no valid selfsigned
+ # certificate is created
+
+-export RANDFILE=/dev/random
+-openssl req -days 365 $@ -config $CNFFILE \
++#export RANDFILE=/dev/random
++cat <<EOF |openssl req -days 365 $@ -config $CNFFILE \
+ -new -x509 -nodes -out $CERTFILE \
+ -keyout $KEYFILE
++--
++SomeState
++SomeCity
++SomeOrganization
++SomeOrganizationalUnit
++${FQDN}
++root@${FQDN}
++EOF
++
++
+ chmod 600 $KEYFILE
- if [ $lsb -ne 0 ]; then
diff --git a/openwsman.spec b/openwsman.spec
index 10045e6..829ea2e 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -16,7 +16,7 @@ BuildRequires: perl-devel pkgconfig openssl-devel
BuildRequires: libtool
Requires: net-tools
Version: 2.2.3
-Release: 2%{?dist}
+Release: 3%{?dist}
Url: http://www.openwsman.org/
License: BSD
Group: Applications/System
@@ -261,6 +261,10 @@ fi
%changelog
+* Tue Aug 10 2010 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.3-3
+- Moved the certificate generation from the init script. The user has to
+- manually generate on before starting the service.
+
* Thu Apr 22 2010 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.3-2
- authors.patch: Moved all the AUTHORS info to AUTHORS file.
- Corrected the Source tag.
More information about the scm-commits
mailing list