Alon Bar-Lev has uploaded a new change for review.
Change subject: pki: update POSIX sh compatibility
......................................................................
pki: update POSIX sh compatibility
Change-Id: I3ae7b6a9d88b87d134676acbd216a075bbad76f8
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M backend/manager/conf/ca/CreateCA.sh
M backend/manager/conf/ca/SignReq.sh
M backend/manager/conf/ca/installCA.sh
3 files changed, 88 insertions(+), 89 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/01/13901/1
diff --git a/backend/manager/conf/ca/CreateCA.sh
b/backend/manager/conf/ca/CreateCA.sh
index d0383cd..b4c61d9 100755
--- a/backend/manager/conf/ca/CreateCA.sh
+++ b/backend/manager/conf/ca/CreateCA.sh
@@ -1,31 +1,31 @@
#!/bin/sh
-die () {
- printf >&2 "$@"
- exit 1
+die() {
+ local m="$1"
+ echo "$m" >&2
+ exit 1
}
-usage () {
- printf "CreateCA.sh - Creates Certificate Authority certificate and
keys\n"
- printf "USAGE:\n"
- printf "\tCreateCA [Country] [Organization] [Name] [startdate]\n"
- printf "Where:\n"
- printf "\tCountry = 2 Letters country code\n"
- printf "\tOrganization = Organization name string\n"
- printf "\tName = CA Subject Name\n"
- printf "\tstartdate = in YYMMDDHHMMSSZ ASN1 format\n"
- return 0
+usage() {
+ cat << __EOF__
+CreateCA.sh - Creates Certificate Authority certificate and keys
+USAGE:
+ $0 [Country] [Organization] [Name] [startdate]
+Where:
+ Country = 2 Letters country code
+ Organization = Organization name string
+ Name = CA Subject Name
+ startdate = in YYMMDDHHMMSSZ ASN1 format
+__EOF__
+ exit 1
}
-if [ ! "$#" -eq 4 ]; then
- usage
- die "Error: wrong argument number: $#.\n"
-fi
+[ "$#" -eq 4 ] || usage
cp cacert.template cacert.conf
-echo C = $1 >> cacert.conf
-echo O = $2 >> cacert.conf
-echo CN = $3 >> cacert.conf
+echo "C = $1" >> cacert.conf
+echo "O = $2" >> cacert.conf
+echo "CN = $3" >> cacert.conf
cp cert.template cert.conf
#
@@ -44,10 +44,7 @@
openssl req -new -key private/ca.pem \
-config cacert.conf -out requests/ca.csr && \
openssl ca -selfsign -out ca.pem -in requests/ca.csr \
- -keyfile private/ca.pem -days 3650 -startdate $4 \
+ -keyfile private/ca.pem -days 3650 -startdate "$4" \
-config openssl.conf -extfile cacert.conf \
-extensions v3_ca -batch && \
openssl x509 -in ca.pem -out certs/ca.der
-
-exit $?
-
diff --git a/backend/manager/conf/ca/SignReq.sh
b/backend/manager/conf/ca/SignReq.sh
index f008f5a..9c537ed 100755
--- a/backend/manager/conf/ca/SignReq.sh
+++ b/backend/manager/conf/ca/SignReq.sh
@@ -1,55 +1,55 @@
#!/bin/sh
-die () {
- printf >&2 "$@"
+die() {
+ local m="$1"
+ echo "$m" >&2
exit 1
}
-usage () {
- printf "SignReq.sh - Sign a certificate request (with ca key)\n"
- printf "USAGE:\n"
- printf "\tSignReq [Request Filename] [Output certificate filename]
[days to expire] [CA Directory] [startdate] [lock file] [locking timeout]\n"
- printf "Where:\n"
- printf "\tRequest Filename = Filename of request file. must
reside under requests directory.\n"
- printf "\tOutput certificate filename = Filename of output file. will
reside under certs directory.\n"
- printf "\tdays to expire = Amount of days until
certificate expires.\n"
- printf "\tCA Directory = Full path to CA directory\n"
- printf "\tstartdate = in YYMMDDHHMMSSZ ANS1 format\n"
- printf "\tPass = Certificate password\n"
- printf "\tHost = CN\n"
- printf "\tOrganization = O\n"
- printf "\tlocking timeout = Amount of seconds to wait for
locking\n"
+usage() {
+ cat << __EOF__
+SignReq.sh - Sign a certificate request (with ca key)
+USAGE:
+ SignReq [Request Filename] [Output certificate filename] [days to expire]
[CA Directory] [startdate] [lock file] [locking timeout]
+Where:
+ Request Filename = Filename of request file. must reside under
requests directory.
+ Output certificate filename = Filename of output file. will reside under
certs directory.
+ days to expire = Amount of days until certificate expires.
+ CA Directory = Full path to CA directory
+ startdate = in YYMMDDHHMMSSZ ANS1 format
+ Pass = Certificate password
+ Host = CN
+ Organization = O
+ locking timeout = Amount of seconds to wait for locking
+__EOF__
return 0
}
sign () {
- cd $ca_dir
+ cd "$ca_dir"
if openssl x509 -text -in ca.pem | grep "Subject Key Identifier" >
/dev/null; then
EXTRA_COMMAND="-extfile cert.conf -extensions v3_ca"
fi
openssl ca \
-batch -policy policy_match -config openssl.conf -cert ca.pem \
- -in requests/$req_file -keyfile private/ca.pem -passin pass:$cert_pass
\
- -days $exp_time -out certs/$out_file -startdate $start_time \
+ -in "requests/$req_file" -keyfile private/ca.pem -passin
"pass:$cert_pass" \
+ -days "$exp_time" -out "certs/$out_file" -startdate "$start_time" \
${req_name:+-subj "/O=$req_org/CN=$req_name"} \
${EXTRA_COMMAND}
}
-if [ "$#" -lt 6 ]; then
- usage
- die "Error: wrong argument number: $#.\n"
-fi
-
result=9
-req_file=$1
-out_file=$2
-exp_time=$3
-ca_dir=$4
-start_time=$5
-cert_pass=$6
-req_name=$7
-req_org=$8
+req_file="$1"
+out_file="$2"
+exp_time="$3"
+ca_dir="$4"
+start_time="$5"
+cert_pass="$6"
+req_name="$7"
+req_org="$8"
+
+[ -n "${req_org}" ] || usage
lock_file="$(dirname "$0")/SignReq.lock"
shift
@@ -58,12 +58,11 @@
timeout=20
fi
-{
- # Wait for lock on $lock_file (fd 200) for $timeout seconds
- flock -e -w $timeout 200 || die "Timeout waiting for lock. Giving up"
+# Wait for lock on $lock_file (fd 200) for $timeout seconds
+(
+ flock -e -w $timeout 9 || die "Timeout waiting for lock. Giving up"
sign
- result=$?
-
-} 200< $lock_file
+) 9< "$lock_file"
+result=$?
exit $result
diff --git a/backend/manager/conf/ca/installCA.sh
b/backend/manager/conf/ca/installCA.sh
index a5b0aa7..cf8f2a0 100755
--- a/backend/manager/conf/ca/installCA.sh
+++ b/backend/manager/conf/ca/installCA.sh
@@ -6,19 +6,22 @@
}
trap cleanup 0
-die () {
- printf >&2 "$@"
- exit 1
+die() {
+ local m="$1"
+ echo "$m" >&2
+ exit 1
}
-usage () {
- DATE=`date --utc --date "now -1 days" +"%y%m%d%H%M%S%z"`
- echo "Usage:"
- echo " $0 [Subject] [Country] [Organization] [Alias] [Password] [ANSI
Start Date] [Working Directory] [CA Subject]"
- echo "e.g.:"
- echo " $0 hostname.fqdn US oVirt engine NoSoup4U $DATE"
+usage() {
+ DATE=`date --utc --date "now -1 days" +"%y%m%d%H%M%S%z"`
+ cat << __EOF__
+Usage:
+ $0 [Subject] [Country] [Organization] [Alias] [Password] [ANSI Start Date]
[Working Directory] [CA Subject]
+e.g.:
+ $0 hostname.fqdn US oVirt engine NoSoup4U $DATE
+__EOF__
- exit 1
+ exit 1
}
enroll_certificate() {
@@ -32,7 +35,7 @@
echo " "
echo "}} Signing certificate request..."
- ./SignReq.sh "${name}.req" "${name}.cer" 1800 `pwd` "${DATE}" "${pass}"
+ ./SignReq.sh "${name}.req" "${name}.cer" 1800 "$(pwd)" "${DATE}"
"${pass}"
[ -s "certs/${name}.cer" ] || die "file 'certs/${name}.cer' does not
exist!"
echo " "
@@ -40,29 +43,29 @@
openssl pkcs12 -export -in "certs/${name}.cer" -inkey "${ENGINE_KEY}"
-passin "pass:${pass}" -out "keys/${name}.p12" -passout "pass:${pass}" || die
"Cannot createPKCS#12"
}
-# Check Args
-[ "$#" -ge 3 ] || usage
-
# Set var's
-SUBJECT=$1
-COUNTRY=$2
-ORG=$3
-ALIAS=$4
-PASS=$5
-DATE=$6
-WORKDIR=$7
-CA_SUBJECT=$8
+SUBJECT="$1"
+COUNTRY="$2"
+ORG="$3"
+ALIAS="$4"
+PASS="$5"
+DATE="$6"
+WORKDIR="$7"
+CA_SUBJECT="$8"
+
+[ -n "${CA_SUBJECT}" ] || usage
+
[ -d "$7" ] || die "Directory $7 does not exists"
echo " "
echo "} Creating CA..."
# Move to scripts location
-cd $WORKDIR
+cd "$WORKDIR"
# Create CA
-./CreateCA.sh $COUNTRY "$ORG" "CA-$CA_SUBJECT" "$DATE"
-[ $? == 0 ] || die "CreateCA.sh exited with errors"
+./CreateCA.sh "$COUNTRY" "$ORG" "CA-$CA_SUBJECT" "$DATE" \
+ || die "CreateCA.sh exited with errors"
[ -s private/ca.pem ] || die "file private/ca.pem does not exist!"
[ -s ca.pem ] || die "file ca.pem does not exist!"
[ -s certs/ca.der ] || die "file certs/ca.der does not exist!"
@@ -71,8 +74,8 @@
echo " "
echo "> Importing CA certificate..."
# Generate truststore
-keytool -delete -noprompt -alias cacert -keystore ./.truststore -storepass
$PASS > /dev/null 2>&1
-keytool -import -noprompt -trustcacerts -alias cacert -keypass $PASS -file
certs/ca.der -keystore ./.truststore -storepass $PASS
+keytool -delete -noprompt -alias cacert -keystore ./.truststore -storepass
"$PASS" > /dev/null 2>&1
+keytool -import -noprompt -trustcacerts -alias cacert -keypass "$PASS" -file
certs/ca.der -keystore ./.truststore -storepass "$PASS"
echo " "
echo "} Creating client certificates for oVirt..."
--
To view, visit http://gerrit.ovirt.org/13901
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3ae7b6a9d88b87d134676acbd216a075bbad76f8
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
