[Engine-patches] Change in ovirt-engine[master]: pki: always reset ca db owner after signature

Sun, 09 Jun 2013 06:53:50 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: always reset ca db owner after signature
......................................................................

pki: always reset ca db owner after signature

openssl always put the running user as owner, we need to have ovirt.

Change-Id: I0cf23c849d086da62e4896a0146205e528b603f1
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M packaging/etc/pki/CreateCA.sh
M packaging/etc/pki/SignReq.sh
2 files changed, 11 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/89/15489/1

diff --git a/packaging/etc/pki/CreateCA.sh b/packaging/etc/pki/CreateCA.sh
index 965cc3f..175874f 100755
--- a/packaging/etc/pki/CreateCA.sh
+++ b/packaging/etc/pki/CreateCA.sh
@@ -32,7 +32,7 @@
 echo 1000 > serial.txt
 rm -f database.txt
 touch database.txt
-chown --reference=. serial.txt database.txt
+chown --reference=. serial.txt* database.txt* .rnd*
 
 openssl genrsa -out private/ca.pem 2048 && \
        openssl req -new -key private/ca.pem \
diff --git a/packaging/etc/pki/SignReq.sh b/packaging/etc/pki/SignReq.sh
index 0518177..8ebebba 100755
--- a/packaging/etc/pki/SignReq.sh
+++ b/packaging/etc/pki/SignReq.sh
@@ -51,13 +51,22 @@
 
 [ -n "${cert_pass}" ] || usage
 
-lock_file="$(dirname "$0")/SignReq.lock"
+SCRIPTDIR="$(dirname "$0")"
+lock_file="${SCRIPTDIR}/SignReq.lock"
 shift
 timeout=$8
 if [ -z "$timeout" ]; then
         timeout=20
 fi
 
+cleanup() {
+        # openssl always reset ownership
+        # of these files, so we have to reset
+        # our defaults
+        chown --reference="${SCRIPTDIR}" "${SCRIPTDIR}"/serial.txt* 
"${SCRIPTDIR}"/database.txt* "${SCRIPTDIR}"/.rnd*
+}
+trap cleanup 0
+
 # Wait for lock on $lock_file (fd 200) for $timeout seconds
 (
         flock -e -w $timeout 9 || die "Timeout waiting for lock. Giving up"


-- 
To view, visit http://gerrit.ovirt.org/15489
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0cf23c849d086da62e4896a0146205e528b603f1
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to