cp scripts/domtool-reset-local /usr/local/sbin/
cp scripts/domtool-adduser /usr/local/bin/
cp scripts/domtool-addcert /usr/local/bin/
+ cp scripts/domtool-addcert-daemon /usr/local/bin/
cp scripts/domtool-addacl /usr/local/bin/
cp scripts/domtool-rmuser /usr/local/bin/
cp scripts/domtool-admin-sudo /usr/local/bin/
--- /dev/null
+#!/bin/sh -e
+
+ KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
+ KEYFILE=$KEYDIR/key.pem
+CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
+ NEWREQ=~/.newreq.pem
+ NEW=~/.new.pem
+ KEYIN=~/.keyin
+
+mkdir $KEYDIR || echo Already exists
+openssl genrsa -out $KEYFILE
+chown -R domtool.domtool $KEYDIR
+echo "." >$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "." >>$KEYIN
+echo "$1" >>$KEYIN
+echo "$1@hcoop.net" >>$KEYIN
+echo "" >>$KEYIN
+echo "" >>$KEYIN
+openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
+rm $KEYIN
+cat $NEWREQ $KEYFILE >$NEW
+rm $NEWREQ
+openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
+rm $NEW
+chown domtool.domtool $CERTFILE
fun context x =
(OpenSSL.context false x)
- handle e as OpenSSL.OpenSSL _ =>
+ handle e as OpenSSL.OpenSSL s =>
(print "Couldn't find your certificate.\nYou probably haven't been given any Domtool privileges.\n";
+ print ("Additional information: " ^ s ^ "\n");
raise e)
fun setupUser () =