HCoop
/
hcoop
/
domtool2.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fix domtool-addcert for when user running is not in `wheel'
[hcoop/domtool2.git]
/
scripts
/
domtool-addcert
diff --git
a/scripts/domtool-addcert
b/scripts/domtool-addcert
index
25533b1
..
9b5495b
100755
(executable)
--- a/
scripts/domtool-addcert
+++ b/
scripts/domtool-addcert
@@
-6,14
+6,20
@@
if test -z "$USER"; then
exit 1
fi
exit 1
fi
+umask 0066 # Prevent others from reading any files creating on local fs
+
+ WORKDIR=/tmp/domtool-keyreq
KEYDIR=`domtool-config -path cert keys`/$USER
KEYFILE=$KEYDIR/key.pem
CERTFILE=`domtool-config -path cert certs`/$USER.pem
KEYDIR=`domtool-config -path cert keys`/$USER
KEYFILE=$KEYDIR/key.pem
CERTFILE=`domtool-config -path cert certs`/$USER.pem
- NEWREQ=~/.newreq.pem
- NEW=~/.new.pem
- KEYIN=~/.keyin
+ NEWREQ=$WORKDIR/.newreq.pem
+ NEW=$WORKDIR/.new.pem
+ KEYIN=$WORKDIR/.keyin
+ NEWCERT=$WORKDIR/.cert
CACONF=`domtool-config -path cert ca`/domtool-openssl.conf
CACONF=`domtool-config -path cert ca`/domtool-openssl.conf
+mkdir $WORKDIR && chmod 700 $WORKDIR || (echo Cannot create work dir ; exit 1)
+
mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE 4096
# chown -R domtool.nogroup $KEYDIR
mkdir $KEYDIR || echo Key directory already exists.
openssl genrsa -out $KEYFILE 4096
# chown -R domtool.nogroup $KEYDIR
@@
-52,6
+58,9
@@
if [ ! -r $CACONF ]; then
ROOTCMD=sudo
fi
ROOTCMD=sudo
fi
-$ROOTCMD openssl ca -batch -config `domtool-config -path cert ca`/domtool-openssl.conf -out $CERTFILE -infiles $NEW
+$ROOTCMD openssl ca -batch -config `domtool-config -path cert ca`/domtool-openssl.conf -out $NEWCERT -infiles $NEW
+$ROOTCMD chown `whoami` $NEWCERT
+mv $NEWCERT $CERTFILE
rm $NEW
rm $NEW
+rm $WORKDIR -rf
#chown domtool.nogroup $CERTFILE
#chown domtool.nogroup $CERTFILE