[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated: gnunet-gns-proxy-setup-ca:
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated: gnunet-gns-proxy-setup-ca: conditionally sed openssl and certutil location, use variable for locations, check for openssl and certutil in configure phase. |
|
Date: |
Tue, 19 Feb 2019 13:42:52 +0100 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 2f9e78d0d gnunet-gns-proxy-setup-ca: conditionally sed openssl and
certutil location, use variable for locations, check for openssl and certutil
in configure phase.
2f9e78d0d is described below
commit 2f9e78d0db73fa953f4f542f3fbc9ddf2c9e260f
Author: ng0 <address@hidden>
AuthorDate: Tue Feb 19 12:40:36 2019 +0000
gnunet-gns-proxy-setup-ca: conditionally sed openssl and certutil location,
use variable for locations, check for openssl and certutil in configure
phase.
---
configure.ac | 3 +++
src/gns/Makefile.am | 23 +++++++++++++++++++----
src/gns/gnunet-gns-proxy-setup-ca.in | 17 ++++++++++-------
3 files changed, 32 insertions(+), 11 deletions(-)
diff --git a/configure.ac b/configure.ac
index 40890ad1a..b3caee676 100644
--- a/configure.ac
+++ b/configure.ac
@@ -377,6 +377,9 @@ AC_ARG_ENABLE(gcc-hardening,
LDFLAGS="$LDFLAGS -pie"
fi])
+# gnunet-gns-proxy-setup-ca requires openssl and certutil (nss)
+AC_CHECK_PROG(have_openssl, [openssl], [yes], [no])
+AC_CHECK_PROG(have_certutil, [certutil], [yes], [no])
# Linker hardening options
# Currently these options are ELF specific - you can't use this with MacOSX
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am
index 13f6a6e52..7d343e7ff 100644
--- a/src/gns/Makefile.am
+++ b/src/gns/Makefile.am
@@ -88,21 +88,36 @@ bin_PROGRAMS += gnunet-bcd
endif
endif
-bin_SCRIPTS = gnunet-gns-proxy-setup-ca
-
plugin_LTLIBRARIES = \
libgnunet_plugin_block_gns.la \
libgnunet_plugin_gnsrecord_gns.la
-xPFX=$(pkgdatadir)/openssl.cnf
+if HAVE_OPENSSL
+xOPENSSL=$(shell which openssl)
+do_subst_openssl = $(SED) -e 's,address@hidden@],${xOPENSSL},g'
+endif
+
+if HAVE_NSS
+xCERTUTIL=$(shell which certutil)
+do_subst_certutil = $(SED) -e 's,address@hidden@],${xCERTUTIL},g'
+endif
+
+xPFX=$(pkgdatadir)/openssl.cnf
do_subst = $(SED) -e 's,address@hidden@],${xPFX},g'
gnunet-gns-proxy-setup-ca: gnunet-gns-proxy-setup-ca.in
$(do_subst) < $(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca.in >
gnunet-gns-proxy-setup-ca
+ ifeq ($(HAVE_OPENSSL), 1)
+ $(do_subst_openssl) <
$(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca
+ endif
+ ifeq ($(HAVE_OPENSSL), 1)
+ $(do_subst_certutil) <
$(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca
+ endif
chmod +x gnunet-gns-proxy-setup-ca
+else:
-
+bin_SCRIPTS = gnunet-gns-proxy-setup-ca
libgnunet_plugin_gnsrecord_gns_la_SOURCES = \
plugin_gnsrecord_gns.c
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in
b/src/gns/gnunet-gns-proxy-setup-ca.in
index d3753b074..cd3be5cea 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -11,6 +11,8 @@ then
exit 1
fi
address@hidden@
address@hidden@
echo "Generating CA"
options=''
@@ -36,17 +38,18 @@ GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
mkdir -p `dirname $GNS_CA_CERT_PEM`
-openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca
-keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS
Proxy CA/address@hidden" -passout pass:"GNU Name System"
+OPENSSLBIN req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca
-keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS
Proxy CA/address@hidden" -passout pass:"GNU Name System"
echo "Removing passphrase from key"
-openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+OPENSSLBIN rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
echo "Making private key available to gnunet-gns-proxy"
cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
if ! which certutil > /dev/null
then
- echo "'certutil' command not found. Not importing into browsers."
+ echo "The 'certutil' command was not found. Not importing into browsers."
+ echo "For 'certutil' install nss."
else
echo "Importing CA into browsers"
for f in ~/.mozilla/firefox/*.*/
@@ -54,18 +57,18 @@ else
if [ -d $f ]; then
echo "Importing CA info Firefox at $f"
# delete old certificate (if any)
- certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
+ @CERTUTILBIN@ -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
# add new certificate
- certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
+ @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
fi
done
if [ -d ~/.pki/nssdb/ ]; then
echo "Importing CA into Chrome at ~/.pki/nssdb/"
# delete old certificate (if any)
- certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
+ @CERTUTILBIN@ -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
# add new certificate
- certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
+ @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
fi
fi
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [gnunet] branch master updated: gnunet-gns-proxy-setup-ca: conditionally sed openssl and certutil location, use variable for locations, check for openssl and certutil in configure phase.,
gnunet <=