Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 836380 Details for
Bug 1041555
Pegasus should generate self-signed certificates at first startup rather than rpm %post
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Move certificate generation to service startup
0002-Move-SSL-certificate-generation-into-the-systemd-ser.patch (text/plain), 4.87 KB, created by
Stephen Gallagher
on 2013-12-13 16:27:21 UTC
(
hide
)
Description:
Move certificate generation to service startup
Filename:
MIME Type:
Creator:
Stephen Gallagher
Created:
2013-12-13 16:27:21 UTC
Size:
4.87 KB
patch
obsolete
>From 81b8aa6a5efcc3a7b7b37b5552e028f36b5fccc8 Mon Sep 17 00:00:00 2001 >From: Stephen Gallagher <sgallagh@redhat.com> >Date: Fri, 13 Dec 2013 11:16:16 -0500 >Subject: [PATCH 2/2] Move SSL certificate generation into the systemd service > file > >--- > generate-certs | 14 ++++++++++++++ > tog-pegasus.service | 1 + > tog-pegasus.spec | 29 ++++++++++++----------------- > 3 files changed, 27 insertions(+), 17 deletions(-) > create mode 100755 generate-certs > >diff --git a/generate-certs b/generate-certs >new file mode 100755 >index 0000000000000000000000000000000000000000..a69922b1f69752a5d189ac02af65d2d5249bc914 >--- /dev/null >+++ b/generate-certs >@@ -0,0 +1,14 @@ >+#!/bin/bash >+cd /etc/Pegasus >+ >+if [ ! -e /etc/Pegasus/ssl.cnf ] || [ ! -e /etc/Pegasus/server.pem ] || >+ [ ! -e /etc/Pegasus/file.pem ] || [ ! -e /etc/Pegasus/client.pem ]; then >+ if [ -x /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts ]; then >+ # Create self-signed certificates for initial usage >+ /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts >+ # Add the self-signed certificate to the local trust store >+ cp /etc/Pegasus/ca.crt \ >+ /etc/pki/ca-trust/source/anchors/localhost-pegasus.pem >+ /usr/bin/update-ca-trust extract >+ fi; >+ fi; >diff --git a/tog-pegasus.service b/tog-pegasus.service >index 3381679d88571c0ef88787799be74adb0553cce9..66d6911c0e5a5da8c1534c62c1d530d58965e319 100644 >--- a/tog-pegasus.service >+++ b/tog-pegasus.service >@@ -4,6 +4,7 @@ After=syslog.target > > [Service] > Type=forking >+ExecStartPre=/usr/share/Pegasus/scripts/generate-certs > ExecStart=/usr/sbin/cimserver > PIDFile=/var/run/tog-pegasus/cimserver.pid > >diff --git a/tog-pegasus.spec b/tog-pegasus.spec >index c9223d77117194ecaec37ebb830774c5ad677af7..55e97d3ba588e0e8163ebbd7d53ee079f2d60c0c 100644 >--- a/tog-pegasus.spec >+++ b/tog-pegasus.spec >@@ -8,7 +8,7 @@ > > Name: tog-pegasus > Version: %{major_ver}.0 >-Release: 6%{?dist} >+Release: 7%{?dist} > Epoch: 2 > Summary: OpenPegasus WBEM Services for Linux > >@@ -32,6 +32,9 @@ Source7: cimprovagt-wrapper.sh > Source8: cmpiOSBase_OperatingSystemProvider-cimprovagt.example > # 9: DMTF CIM schema > Source9: cim_schema_2.38.0Experimental-MOFs.zip >+# 10: Fedora/RHEL script for adding self-signed certificates to the local CA >+# trust store >+Source10: generate-certs > > # 1: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5011 > # Removing insecure -rpath >@@ -86,10 +89,9 @@ BuildRequires: net-snmp-devel, openslp-devel > BuildRequires: systemd-units > Requires: net-snmp-libs > Requires: %{name}-libs = %{epoch}:%{version}-%{release} >+Requires: openssl > Requires: ca-certificates > Provides: cim-server = 1 >-Requires(post): /usr/bin/update-ca-trust >-Requires(post): /usr/bin/openssl > Requires(post): /sbin/ldconfig > > %description >@@ -275,6 +277,10 @@ make -f $PEGASUS_ROOT/Makefile.Release stage \ > install -p -D -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_sysconfdir}/tmpfiles.d/tog-pegasus.conf > %endif > >+# Install script to generate SSL certificates at startup >+mkdir -p $RPM_BUILD_ROOT/usr/share/Pegasus/scripts >+install -p -m 755 %{SOURCE10} $RPM_BUILD_ROOT/usr/share/Pegasus/scripts/generate-certs >+ > # remove SysV initscript, install .service file > rm -f $RPM_BUILD_ROOT/etc/init.d/tog-pegasus > mkdir -p $RPM_BUILD_ROOT%{_unitdir} >@@ -401,20 +407,6 @@ restorecon /var/run/tog-pegasus > %systemd_post tog-pegasus.service > if [ $1 -ge 1 ]; then > echo `date` >> /var/lib/Pegasus/log/install.log 2>&1 || :; >- if [ $1 -eq 1 ] ; then >- # Initial installation >- if [ ! -e /etc/Pegasus/ssl.cnf ] || [ ! -e /etc/Pegasus/server.pem ] || >- [ ! -e /etc/Pegasus/file.pem ] || [ ! -e /etc/Pegasus/client.pem ]; then >- if [ -x /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts ]; then >- # Create self-signed certificates for initial usage >- /usr/share/Pegasus/scripts/genOpenPegasusSSLCerts >- # Add the self-signed certificate to the local trust store >- cp /etc/Pegasus/ca.crt \ >- /etc/pki/ca-trust/source/anchors/localhost-pegasus.pem >- /usr/bin/update-ca-trust extract >- fi; >- fi; >- fi > if [ $1 -gt 1 ]; then > if [ -d /var/lib/Pegasus/prev_repository ]; then > # The user's old repository was moved to /var/lib/Pegasus/prev_repository, which >@@ -496,6 +488,9 @@ fi > > > %changelog >+* Fri Dec 13 2013 Stephen Gallagher <sgallagh@redhat.com> - 2:2.13.0-7 >+- Move SSL certificate generation into the systemd service file >+ > * Tue Dec 10 2013 Stephen Gallagher <sgallagh@redhat.com> - 2:2.13.0-6 > - Generate SSL certificates with x509v3 and CA:FALSE > - Automatically import self-signed certificates into local trust-store >-- >1.8.4.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=836380">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
vcrhonek
: review+
Actions:
View
|
Diff
Attachments on
bug 1041555
: 836380