[openwsman/el5/master] Moved the cert generation
Praveen K Paladugu
praveenp at fedoraproject.org
Tue Aug 10 16:01:29 UTC 2010
commit 300467cdce13fddc786db2f4780c266b5b483aad
Author: Praveen K Paladugu <praveenp at praveenp-dell.us.dell.com>
Date: Tue Aug 10 11:02:27 2010 -0500
Moved the cert generation
openwsman-initscript.patch | 80 +++++++++++++++++++++++++++++++++++++++++---
openwsman.spec | 5 ++-
2 files changed, 79 insertions(+), 6 deletions(-)
---
diff --git a/openwsman-initscript.patch b/openwsman-initscript.patch
index f74477e..85f8ba7 100644
--- a/openwsman-initscript.patch
+++ b/openwsman-initscript.patch
@@ -1,6 +1,6 @@
-diff -up ./etc/init/openwsmand.sh.in.new ./etc/init/openwsmand.sh.in
---- ./etc/init/openwsmand.sh.in.new 2009-12-16 18:16:06.000000000 -0600
-+++ ./etc/init/openwsmand.sh.in 2009-12-16 18:16:18.000000000 -0600
+diff -up ./etc/init/openwsmand.sh.in.bak ./etc/init/openwsmand.sh.in
+--- ./etc/init/openwsmand.sh.in.bak 2010-08-10 10:43:50.158889277 -0500
++++ ./etc/init/openwsmand.sh.in 2010-08-10 10:46:19.345860143 -0500
@@ -4,21 +4,21 @@
# Provides: openwsmand
# Required-Start: $remote_fs
@@ -46,7 +46,36 @@ diff -up ./etc/init/openwsmand.sh.in.new ./etc/init/openwsmand.sh.in
case "$1" in
start)
-@@ -71,16 +73,28 @@ EOF
+@@ -52,35 +54,43 @@ case "$1" in
+ echo "Using common server certificate /etc/ssl/servercerts/servercert.pem"
+ ln -s /etc/ssl/servercerts/server{cert,key}.pem /etc/openwsman/
+ else
+- echo "Generating Openwsman server public certificate and private key"
+- FQDN=`hostname --fqdn`
+- if [ "x${FQDN}" = "x" ]; then
+- FQDN=localhost.localdomain
+- fi
+-cat << EOF | sh @SYSCONFDIR@/owsmangencert.sh > /dev/null 2>&1
+---
+-SomeState
+-SomeCity
+-SomeOrganization
+-SomeOrganizationalUnit
+-${FQDN}
+-root@${FQDN}
+-EOF
++ echo "FAILED: Starting openwsman server"
++ echo "There is no ssl server key available for openwsman server to use."
++ echo -e "Please generate one with the following script and start the openwsman service again:\n"
++ echo "##################################"
++ echo "/etc/openwsman/owsmangencert.sh"
++ echo "================================="
++
++ echo "NOTE: The script uses /dev/random device for generating some random bits while generating the server key."
++ echo -e " If this takes too long, you can replace the value of \"RANDFILE\" in @SYSCONFDIR@/ssleay.cnf with /dev/urandom.\n Please understand the implications of doing so."
++
+ fi
+ fi
# Start daemons.
echo -n "Starting the $DESCRIPTIVE"
@@ -79,7 +108,7 @@ diff -up ./etc/init/openwsmand.sh.in.new ./etc/init/openwsmand.sh.in
rm -f $lockfile
;;
-@@ -91,19 +105,40 @@ EOF
+@@ -91,19 +101,40 @@ EOF
;;
reload)
@@ -126,3 +155,44 @@ diff -up ./etc/init/openwsmand.sh.in.new ./etc/init/openwsmand.sh.in
+elif [ -f "/etc/redhat-release" ]; then
+exit 0
+fi
+diff -up ./etc/owsmangencert.sh.in.bak ./etc/owsmangencert.sh.in
+--- ./etc/owsmangencert.sh.in.bak 2010-08-10 10:46:36.554862986 -0500
++++ ./etc/owsmangencert.sh.in 2010-08-10 10:50:45.843859853 -0500
+@@ -15,19 +15,34 @@ if [ "$1" = "--force" ]; then
+ shift
+ fi
+
++FQDN=`hostname --fqdn`
++ if [ "x${FQDN}" = "x" ]; then
++ FQDN=localhost.localdomain
++ fi
++
++
+ echo
+ echo creating selfsingned certificate
+ echo "replace it with one signed by a certification authority (CA)"
+ echo
+-echo enter your ServerName at the Common Name prompt
++#echo enter your ServerName at the Common Name prompt
+ echo
+
+ # use special .cnf, because with normal one no valid selfsigned
+ # certificate is created
+
+-export RANDFILE=/dev/random
+-openssl req -days 365 $@ -config $CNFFILE \
++#export RANDFILE=/dev/random
++cat <<EOF |openssl req -days 365 $@ -config $CNFFILE \
+ -new -x509 -nodes -out $CERTFILE \
+ -keyout $KEYFILE
++--
++SomeState
++SomeCity
++SomeOrganization
++SomeOrganizationalUnit
++${FQDN}
++root@${FQDN}
++EOF
++
+ chmod 600 $KEYFILE
+
diff --git a/openwsman.spec b/openwsman.spec
index 4381fae..d6c636c 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -5,7 +5,7 @@
Name: openwsman
Version: 2.2.0
-Release: 5%{?dist}
+Release: 6%{?dist}
License: BSD
Url: http://www.openwsman.org/
Source: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.bz2
@@ -230,6 +230,9 @@ rm -f /var/log/wsmand.log
%doc AUTHORS COPYING ChangeLog README
%changelog
+* Tue Aug 10 2010 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.0-6
+- Moved the cert generation from the the init script.
+
* Tue Dec 29 2009 Praveen K Paladugu <praveen_paladugu at dell.com> - 2.2.0-5
- Updating the spec file to follow the upstream packaging format.
More information about the scm-commits
mailing list