[Astlinux-commits] SF.net SVN: astlinux:[7084] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 7084
          http://sourceforge.net/p/astlinux/code/7084
Author:   abelbeck
Date:     2015-05-29 15:03:10 +0000 (Fri, 29 May 2015)
Log Message:
-----------
/etc/ssl/default_https.pem file, is now auto-generated and ultimately stored in /mnt/kd/ssl/default_https.pem, a symlink for /etc/ssl/mini_httpd.pem to default_https.pem is also provided for backward compatibility

Modified Paths:
--------------
    branches/1.0/package/lighttpd/lighttpd.init
    branches/1.0/package/stunnel/stunnel.init
    branches/1.0/project/astlinux/target_skeleton/etc/init.d/misc
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Added Paths:
-----------
    branches/1.0/project/astlinux/target_skeleton/etc/ssl/default_https.pem
    branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem

Removed Paths:
-------------
    branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem

Modified: branches/1.0/package/lighttpd/lighttpd.init
===================================================================

--- branches/1.0/package/lighttpd/lighttpd.init	2015-05-28 16:56:19 UTC (rev 7083)
+++ branches/1.0/package/lighttpd/lighttpd.init	2015-05-29 15:03:10 UTC (rev 7084)
@@ -54,7 +54,7 @@
   else
     httpdir="/dev/null"
   fi
-  httpscert="${HTTPSCERT:-/etc/ssl/mini_httpd.pem}"
+  httpscert="${HTTPSCERT:-/etc/ssl/default_https.pem}"
   if [ "$HTTP_LISTING" = "no" ]; then
     http_listing="disable"
   else

Modified: branches/1.0/package/stunnel/stunnel.init
===================================================================
--- branches/1.0/package/stunnel/stunnel.init	2015-05-28 16:56:19 UTC (rev 7083)
+++ branches/1.0/package/stunnel/stunnel.init	2015-05-29 15:03:10 UTC (rev 7084)
@@ -71,7 +71,7 @@
       elif [ -n "$HTTPSCERT" ]; then
         SCERT="$HTTPSCERT"
       else
-        SCERT="/etc/ssl/mini_httpd.pem"
+        SCERT="/etc/ssl/default_https.pem"
       fi
 
       gen_stunnel_config server "$STUNNEL_SERVERS" > /tmp/etc/stunnel/server.conf

Modified: branches/1.0/project/astlinux/target_skeleton/etc/init.d/misc
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/init.d/misc	2015-05-28 16:56:19 UTC (rev 7083)
+++ branches/1.0/project/astlinux/target_skeleton/etc/init.d/misc	2015-05-29 15:03:10 UTC (rev 7084)
@@ -5,11 +5,88 @@
 
 . /etc/rc.conf
 
+gen_httpd_cert()
+{
+  local fname="$1"
+
+  openssl req \
+    -new -batch \
+    -newkey rsa:1024 \
+    -days 36500 \
+    -nodes \
+    -x509 \
+    -subj '/C=US/ST=Nebraska/L=Omaha/O=AstLinux Management/OU=Web Interface/CN=*/ema...@as...' \
+    -keyout "$fname" \
+    -out "$fname"
+
+  chmod 600 "$fname"
+}
+
+fat16_file()
+{
+  local cmd="$1" src="$2" dst="$3"
+
+  if ! mount | grep -q "/oldroot/cdrom"; then
+    return 1
+  fi
+  if ! mount -o rw,remount /oldroot/cdrom >/dev/null; then
+    return 1
+  fi
+
+  case $cmd in
+    remove)
+      rm "$src"
+      ;;
+    copy)
+      cp "$src" "$dst"
+      ;;
+  esac
+
+  mount -o ro,remount /oldroot/cdrom >/dev/null
+  return 0
+}
+
+install_httpd_cert()
+{
+  local perm="$1" save="$2"
+  local fat16="/oldroot/cdrom/os/default_https.pem"
+
+  if [ $perm -eq 1 ]; then
+    if [ -f "$fat16" ]; then
+      cp "$fat16" "$save"
+      chmod 600 "$save"
+      fat16_file remove "$fat16"
+    else
+      gen_httpd_cert "$save"
+    fi
+  else
+    if [ -f "$fat16" ]; then
+      cp "$fat16" "$save"
+      chmod 600 "$save"
+    else
+      gen_httpd_cert "$save"
+      fat16_file copy "$save" "$fat16"
+    fi
+  fi
+}
+
 init () {
 
   # Setup Hostname
   hostname "$HOSTNAME"
 
+  # Setup /etc/ssl/default_https.pem
+  mkdir -p /tmp/etc/ssl
+  if [ -f /mnt/kd/ssl/default_https.pem ]; then
+    ln -sf /mnt/kd/ssl/default_https.pem /tmp/etc/ssl/default_https.pem
+  elif [ -d /mnt/kd/rc.conf.d -o -f /mnt/kd/rc.conf ]; then
+    mkdir -p /mnt/kd/ssl
+    install_httpd_cert 1 /mnt/kd/ssl/default_https.pem
+    ln -sf /mnt/kd/ssl/default_https.pem /tmp/etc/ssl/default_https.pem
+  else
+    install_httpd_cert 0 /tmp/etc/ssl/default_https.pem
+  fi
+
   if [ -n "$VI_EDITOR_OPTIONS" ]; then
     echo -e "$VI_EDITOR_OPTIONS" > /root/.exrc
   fi

Added: branches/1.0/project/astlinux/target_skeleton/etc/ssl/default_https.pem
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/ssl/default_https.pem	                        (rev 0)
+++ branches/1.0/project/astlinux/target_skeleton/etc/ssl/default_https.pem	2015-05-29 15:03:10 UTC (rev 7084)
@@ -0,0 +1 @@
+link /tmp/etc/ssl/default_https.pem
\ No newline at end of file


Property changes on: branches/1.0/project/astlinux/target_skeleton/etc/ssl/default_https.pem
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Deleted: branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem	2015-05-28 16:56:19 UTC (rev 7083)
+++ branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem	2015-05-29 15:03:10 UTC (rev 7084)
@@ -1,37 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDHQWuGVMfK/+OIik1ekOxMVzGFBBoBkVXxR+kJv16kXpeLsCjI
-1mk6MtzHVwv8mG9Z23/a5SeIveIkVRnHqAyudVv4+3D23AeHiCJl/l1pJd9Bl4BG
-CsHBtF69IpuKoWZmF6B30NSvxL+2wFMTHyrTjk37AhTUjlb2erdHcYsWXwIDAQAB
-AoGAepDSTGIwN72pv56bMvVgdSEZc+HvAVHeFLoQLg/Kbr9E5wcoP0oslkEdL31r
-ASjfLd3oSsS0yddLmN/EKN1FVp+Yib8l50SujrV1cSW7rrCLw80V69VCd5eUl54F
-g7e6obJB1xNq2dQMOjGYO/7lyLXPCN6eaOt/vrRIGT88n/ECQQD7yAwX/zYxaM1m
-cC32OzxgPGsIxuqNvuo9oTxsb/SHmU/5YHk0ZW1MthSkaItwqTmPBIVhD7i82/7u
-cUlxV5HpAkEAypgThpYEPiUpH0nXYqOhLZZ3K6RWn3JpQqDhdGSWnrX7NM2I1Ivh
-AUe3+wtRuoW+k9xC+Yqe2EO8r8+c26SxBwJANAuPDGrR3fbG9pTbu1lVSqNSkLbl
-hzVeoCyzG8sspdb4JBlgFIeex0ugCrgdksU4Q6rwkza3vjpPgSRjxQ0P+QJATclE
-PfmdmWrVNjE45KOlAAb0rKoFpGTea3mv9uukNT30PNrpvYoTk1VBG7/F2pL9kHIS
-uRNzV9/yM6LIPEEowwJAEgsFDktqE7ldGr5DUdYXWq5PO4I5weLJ+Wxh37OHcv01
-YQ2eIF3siE12+d3QoP1xzSsojrwjsEBi9dVYzibymg==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDmDCCAwGgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlTELMAkGA1UEBhMCVVMx
-EDAOBgNVBAgTB0Zsb3JpZGExETAPBgNVBAcTCFNhcmFzb3RhMSEwHwYDVQQKExhT
-dGFyMlN0YXIgQ29tbXVuaWNhdGlvbnMxDDAKBgNVBAsTA0VuZzEKMAgGA1UEAxQB
-KjEkMCIGCSqGSIb3DQEJARYVc2VydmljZUBzdGFyMnN0YXIuY29tMB4XDTA3MDgx
-NjIxMDI1MVoXDTE3MDgxMzIxMDI1MVowgZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQI
-EwdGbG9yaWRhMREwDwYDVQQHEwhTYXJhc290YTEhMB8GA1UEChMYU3RhcjJTdGFy
-IENvbW11bmljYXRpb25zMQwwCgYDVQQLEwNFbmcxCjAIBgNVBAMUASoxJDAiBgkq
-hkiG9w0BCQEWFXNlcnZpY2VAc3RhcjJzdGFyLmNvbTCBnzANBgkqhkiG9w0BAQEF
-AAOBjQAwgYkCgYEAx0FrhlTHyv/jiIpNXpDsTFcxhQQaAZFV8UfpCb9epF6Xi7Ao
-yNZpOjLcx1cL/JhvWdt/2uUniL3iJFUZx6gMrnVb+Ptw9twHh4giZf5daSXfQZeA
-RgrBwbRevSKbiqFmZhegd9DUr8S/tsBTEx8q045N+wIU1I5W9nq3R3GLFl8CAwEA
-AaOB9TCB8jAdBgNVHQ4EFgQUo+jknbwRSKSbWFb/EJ/33T/Dpt0wgcIGA1UdIwSB
-ujCBt4AUo+jknbwRSKSbWFb/EJ/33T/Dpt2hgZukgZgwgZUxCzAJBgNVBAYTAlVT
-MRAwDgYDVQQIEwdGbG9yaWRhMREwDwYDVQQHEwhTYXJhc290YTEhMB8GA1UEChMY
-U3RhcjJTdGFyIENvbW11bmljYXRpb25zMQwwCgYDVQQLEwNFbmcxCjAIBgNVBAMU
-ASoxJDAiBgkqhkiG9w0BCQEWFXNlcnZpY2VAc3RhcjJzdGFyLmNvbYIBADAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAD/GKj39hulJXNy8Vo1iFuAfBdCu
-fDoIAGIAaeC7HZMvlVNBY8gMbgCuEPKPtn5Tr0+ySUQO3aS0suXpAcdOujSSKrTe
-U5ARmM++P1rCQ6VFjdQYWKIQ9yAGUOn+zmb3yhxws8k/8e9rvNwKiOkwcWLNmaqN
-612HZw89BeKRyvJ2
------END CERTIFICATE-----

Added: branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem	                        (rev 0)
+++ branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem	2015-05-29 15:03:10 UTC (rev 7084)
@@ -0,0 +1 @@
+link default_https.pem
\ No newline at end of file


Property changes on: branches/1.0/project/astlinux/target_skeleton/etc/ssl/mini_httpd.pem
___________________________________________________________________
Added: svn:special
## -0,0 +1 ##
+*
\ No newline at end of property
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2015-05-28 16:56:19 UTC (rev 7083)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2015-05-29 15:03:10 UTC (rev 7084)
@@ -336,7 +336,7 @@
 HTTPS_LISTING="yes"        # Allow directory listing if no index.* file exists
 HTTPS_ACCESSLOG="no"       # Enable access logging in /var/log/lighttpd/ssl-access.log
 HTTPSCGI="yes"             # Define yes|no to enable CGI
-HTTPSCERT="/etc/ssl/mini_httpd.pem"    # Path to the https certificate
+HTTPSCERT="/etc/ssl/default_https.pem"    # Path to the https certificate
 
 ## HTTP Server
 ## If you set HTTPDIR, serve files from that directory.

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



