HCoop
/
hcoop
/
domtool2.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix all domtool scripts for modern Debian and HCoop practices
[hcoop/domtool2.git]
/
scripts
/
domtool-addcert
diff --git
a/scripts/domtool-addcert
b/scripts/domtool-addcert
index
535d825
..
6e58197
100755
(executable)
--- a/
scripts/domtool-addcert
+++ b/
scripts/domtool-addcert
@@
-1,23
+1,29
@@
#!/bin/sh -e
#!/bin/sh -e
- KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+USER="$1"
+if test -z "$USER"; then
+ echo Usage: domtool-addcert USERNAME
+ exit 1
+fi
+
+ KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$USER
KEYFILE=$KEYDIR/key.pem
KEYFILE=$KEYDIR/key.pem
-CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$
1
.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$
USER
.pem
NEWREQ=~/.newreq.pem
NEW=~/.new.pem
KEYIN=~/.keyin
NEWREQ=~/.newreq.pem
NEW=~/.new.pem
KEYIN=~/.keyin
-mkdir $KEYDIR || echo
Already exists
+mkdir $KEYDIR || echo
Key directory already exists.
openssl genrsa -out $KEYFILE
openssl genrsa -out $KEYFILE
-chown -R domtool.
domtool
$KEYDIR
-fs sa $KEYDIR $
1 read
+chown -R domtool.
nogroup
$KEYDIR
+fs sa $KEYDIR $
USER read || echo This must be a server principal.
echo "." >$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
-echo "$
1
" >>$KEYIN
-echo "$
1
@hcoop.net" >>$KEYIN
+echo "$
USER
" >>$KEYIN
+echo "$
USER
@hcoop.net" >>$KEYIN
echo "" >>$KEYIN
echo "" >>$KEYIN
openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
echo "" >>$KEYIN
echo "" >>$KEYIN
openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
@@
-26,4
+32,4
@@
cat $NEWREQ $KEYFILE >$NEW
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
-chown domtool.
domtool
$CERTFILE
+chown domtool.
nogroup
$CERTFILE