/[smeserver]/rpms/openldap/sme9/libexec-create-certdb.sh
ViewVC logotype

Annotation of /rpms/openldap/sme9/libexec-create-certdb.sh

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download) (as text)
Tue Nov 11 00:46:15 2014 UTC (9 years, 11 months ago) by vip-ire
Branch: MAIN
CVS Tags: openldap-2_4_39-8_el6_sme, HEAD
Content type: application/x-sh 
Import openldap
1 vip-ire 1.1 #!/bin/bash
2     # Author: Jan Vcelak <jvcelak@redhat.com>
3    
4     set -e
5    
6     # default options
7    
8     CERTDB_DIR=/etc/openldap/certs
9    
10     # internals
11    
12     MODULE_CKBI="$(rpm --eval %{_libdir})/libnssckbi.so"
13     RANDOM_SOURCE=/dev/urandom
14     PASSWORD_BYTES=32
15    
16     # parse arguments
17    
18     usage() {
19     printf "usage: create-certdb.sh [-d certdb]\n" >&2
20     exit 1
21     }
22    
23     while getopts "d:" opt; do
24     case "$opt" in
25     d)
26     CERTDB_DIR="$OPTARG"
27     ;;
28     \?)
29     usage
30     ;;
31     esac
32     done
33    
34     [ "$OPTIND" -le "$#" ] && usage
35    
36     # verify target location
37    
38     if [ ! -d "$CERTDB_DIR" ]; then
39     printf "Directory '%s' does not exist.\n" "$CERTDB_DIR" >&2
40     exit 1
41     fi
42    
43     if [ ! "$(find "$CERTDB_DIR" -maxdepth 0 -empty | wc -l)" -eq 1 ]; then
44     printf "Directory '%s' is not empty.\n" "$CERTDB_DIR" >&2
45     exit 1
46     fi
47    
48     # create the database
49    
50     printf "Creating certificate database in '%s'.\n" "$CERTDB_DIR" >&2
51    
52     PASSWORD_FILE="$CERTDB_DIR/password"
53     OLD_UMASK="$(umask)"
54     umask 0377
55     dd if=$RANDOM_SOURCE bs=$PASSWORD_BYTES count=1 2>/dev/null | base64 > "$PASSWORD_FILE"
56     umask "$OLD_UMASK"
57    
58     certutil -d "$CERTDB_DIR" -N -f "$PASSWORD_FILE" &>/dev/null
59    
60     # load module with builtin CA certificates
61    
62     echo | modutil -dbdir "$CERTDB_DIR" -add "Root Certs" -libfile "$MODULE_CKBI" &>/dev/null
63    
64     # tune permissions
65    
66     for dbfile in "$CERTDB_DIR"/*.db; do
67     chmod 0644 "$dbfile"
68     done
69    
70     exit 0
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed