/[smeserver]/rpms/openldap/sme9/libexec-create-certdb.sh
ViewVC logotype

Contents of /rpms/openldap/sme9/libexec-create-certdb.sh

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (show annotations) (download) (as text)
Tue Nov 11 00:46:15 2014 UTC (9 years, 11 months ago) by vip-ire
Branch: MAIN
CVS Tags: openldap-2_4_39-8_el6_sme, HEAD
Content type: application/x-sh 
Import openldap
1 #!/bin/bash
2 # Author: Jan Vcelak <jvcelak@redhat.com>
3
4 set -e
5
6 # default options
7
8 CERTDB_DIR=/etc/openldap/certs
9
10 # internals
11
12 MODULE_CKBI="$(rpm --eval %{_libdir})/libnssckbi.so"
13 RANDOM_SOURCE=/dev/urandom
14 PASSWORD_BYTES=32
15
16 # parse arguments
17
18 usage() {
19 printf "usage: create-certdb.sh [-d certdb]\n" >&2
20 exit 1
21 }
22
23 while getopts "d:" opt; do
24 case "$opt" in
25 d)
26 CERTDB_DIR="$OPTARG"
27 ;;
28 \?)
29 usage
30 ;;
31 esac
32 done
33
34 [ "$OPTIND" -le "$#" ] && usage
35
36 # verify target location
37
38 if [ ! -d "$CERTDB_DIR" ]; then
39 printf "Directory '%s' does not exist.\n" "$CERTDB_DIR" >&2
40 exit 1
41 fi
42
43 if [ ! "$(find "$CERTDB_DIR" -maxdepth 0 -empty | wc -l)" -eq 1 ]; then
44 printf "Directory '%s' is not empty.\n" "$CERTDB_DIR" >&2
45 exit 1
46 fi
47
48 # create the database
49
50 printf "Creating certificate database in '%s'.\n" "$CERTDB_DIR" >&2
51
52 PASSWORD_FILE="$CERTDB_DIR/password"
53 OLD_UMASK="$(umask)"
54 umask 0377
55 dd if=$RANDOM_SOURCE bs=$PASSWORD_BYTES count=1 2>/dev/null | base64 > "$PASSWORD_FILE"
56 umask "$OLD_UMASK"
57
58 certutil -d "$CERTDB_DIR" -N -f "$PASSWORD_FILE" &>/dev/null
59
60 # load module with builtin CA certificates
61
62 echo | modutil -dbdir "$CERTDB_DIR" -add "Root Certs" -libfile "$MODULE_CKBI" &>/dev/null
63
64 # tune permissions
65
66 for dbfile in "$CERTDB_DIR"/*.db; do
67 chmod 0644 "$dbfile"
68 done
69
70 exit 0
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed