From c55399d12b8affa2cc755f4904415bede2f35f4c Mon Sep 17 00:00:00 2001 From: Dragan Dosen Date: Sun, 6 Apr 2008 22:21:21 +0200 Subject: [PATCH] Added PHP5 as default in new debian/postinst. Fix for ticket #3329, carnet-generate-ssl script. Small changes in debian/config. --- carnet-generate-ssl | 116 ++++++++++++++++++++++++++++++++------------------ debian/README.CARNet | 10 ++--- debian/config | 8 ++-- debian/postinst | 10 ++--- 4 files changed, 88 insertions(+), 56 deletions(-) diff --git a/carnet-generate-ssl b/carnet-generate-ssl index 661d731..093a22b 100755 --- a/carnet-generate-ssl +++ b/carnet-generate-ssl @@ -1,11 +1,20 @@ #!/bin/sh + set -e -TMPFILE=`tempfile -d /var/tmp -p apache2-cn` -TMPFILE2=`tempfile -d /var/tmp -p apache2-cn` +if [ -z "$4" ]; then + echo "Usage: $0 " + echo + echo " confdir is ignored" + echo " fqdn is the fully qualified name of the web server" + echo " email address that will appear in the certificate" + echo " org is the organization name" + exit 2 +fi -trap "rm -f $TMPFILE $TMPFILE2" 1 2 15; +# Get/set all parameters. +# CONFDIR="$1" FQDN="$2" WEBMASTER="$3" @@ -14,26 +23,36 @@ DOMAIN="$4" sslcrt=/etc/ssl/certs sslkey=/etc/ssl/private A2CNDIR=$(dirname $0) +KEYS= -if [ -z "$4" ]; then - echo "Usage: $0 " - echo - echo " confdir is ignored" - echo " fqdn is the fully qualified name of the web server" - echo " email address that will appear in the certificate" - echo " org is the organization name" - exit 2 -fi -# XXX validate the arguments +# Create temporary files. +# +TMPFILE=`tempfile -d /var/tmp -p apache2-cn` +TMPFILE2=`tempfile -d /var/tmp -p apache2-cn` + + +# Set trap for deleting all temp files. +# +trap "rm -f $TMPFILE $TMPFILE2" 1 2 15; + export RANDFILE=/dev/urandom cd /etc/ssl + +# Generate CA +# if [ ! -f ${sslkey}/ca.key ]; then -# CA -openssl genrsa -out $sslkey/ca.key 1024 -cat < $TMPFILE + + openssl genrsa -out ${sslkey}/ca.key 1024 + KEYS="${KEYS} + - ${sslkey}/ca.key" +fi + +if [ ! -f ${sslkey}/ca.csr ] || [ -n "$KEYS" ]; then + + cat < $TMPFILE [ req ] default_bits = 1024 default_keyfile = ca.pem @@ -50,8 +69,13 @@ emailAddress = $WEBMASTER [ req_attributes ] EOF -openssl req -config $TMPFILE -new -key ${sslkey}/ca.key -out ${sslkey}/ca.csr -cat >$TMPFILE <$TMPFILE < "$TMPFILE2" sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \ < $A2CNDIR/templates/openssl.cnf > "$TMPFILE" + openssl req -config "$TMPFILE" -new -nodes \ - -key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr + -key ${sslkey}/apache2.key -out ${sslkey}/apache2.csr openssl x509 -extfile "$TMPFILE" -days 3650 \ - -CAserial "$TMPFILE2" -CA ${sslcrt}/ca.pem -CAkey ${sslkey}/ca.key \ - -in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem -# verify -openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem | read mod1 -openssl rsa -noout -modulus -in ${sslkey}/apache2.key | read mod2 + -CAserial "$TMPFILE2" -CA ${sslcrt}/ca.pem -CAkey ${sslkey}/ca.key \ + -in ${sslkey}/apache2.csr -req -out ${sslcrt}/apache2.pem + +mod1=`openssl x509 -noout -modulus -in ${sslcrt}/apache2.pem` +mod2=`openssl rsa -noout -modulus -in ${sslkey}/apache2.key` + if [ "$mod1" != "$mod2" ]; then - echo "Moduli for server keys don't match." - exit 1 + echo "Moduli for server keys don't match." + exit 1 fi KEYS="${KEYS} @@ -104,9 +132,13 @@ KEYS="${KEYS} cd ${sslcrt} ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem) - + + +# Cleanup +# rm -f $TMPFILE $TMPFILE2 + echo "Successfully generated server key pairs:" echo "$KEYS" echo diff --git a/debian/README.CARNet b/debian/README.CARNet index 66042c8..7d80181 100644 --- a/debian/README.CARNet +++ b/debian/README.CARNet @@ -2,7 +2,7 @@ apache2-cn ---------- Ovaj paket donosi CARNetovu dodatnu konfiguraciju za apache2 paket -iz Debian sarge distribucije. +iz Debian etch distribucije. Paket dodaje VirtualHost zapise za slijedece webove: @@ -16,14 +16,14 @@ postavljen tako da se sadrzaj sprema i cita iz /var/www/www.domena.hr -U slucaju da korisnik ne zeli WWW VirtualHost, DocumentRoot bit -ce postavljen u: +U slucaju da korisnik ne zeli WWW VirtualHost, DocumentRoot ce +biti postavljen u: /var/www/stroj.domena.hr Apache2 moduli koji su automatski ukljuceni: - * PHP4 + * PHP5 * SSL * rewrite * userdir @@ -31,4 +31,4 @@ Apache2 moduli koji su automatski ukljuceni: * CGI - -- Dragan Dosen Thu, 7 Feb 2008 16:11:17 +0100 + -- Dragan Dosen Sun, 6 Apr 2008 20:28:17 +0200 diff --git a/debian/config b/debian/config index e8c2d71..e430173 100755 --- a/debian/config +++ b/debian/config @@ -37,12 +37,12 @@ done if [ $has_listen_ssl -eq 1 ]; then # SSL configuration already exists - no need for SSL certificates. - db_set apache2-cn/sslcf "X" || true - db_set apache2-cn/sslckf "X" || true - db_set apache2-cn/sslccf "X" || true + db_set apache2-cn/sslcf "" || true + db_set apache2-cn/sslckf "" || true + db_set apache2-cn/sslccf "" || true else - + # SSL certificates information.. SSLCF=1 while [ $SSLCF -eq 1 ]; do diff --git a/debian/postinst b/debian/postinst index 086cc75..d2a994f 100755 --- a/debian/postinst +++ b/debian/postinst @@ -37,7 +37,7 @@ PORTCONF="$CONFDIR/ports.conf" A2CNDIR=/usr/share/apache2-cn TMPLDIR=$A2CNDIR/templates CERTDIR=/etc/ssl/certs -A2PHPINI="/etc/php4/apache2/php.ini" +A2PHPINI="/etc/php5/apache2/php.ini" HOST=$(hostname) FQDN=$(hostname --fqdn) @@ -367,7 +367,7 @@ if [ $backup_done -eq 1 ]; then fi -# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php4, ssl). +# Enable Apache2 web server modules (cgi, rewrite, userdir, suexec, php5, ssl). # if [ -e "$CONF" ]; then @@ -395,9 +395,9 @@ if [ -e "$CONF" ]; then need_restart=1 fi - if [ ! -e "$A2MODEDIR/php4.load" ] || [ ! -e "$A2MODEDIR/php4.conf" ]; then - cp_echo "CN: Enabling PHP4 module for Apache2 web server." - a2enmod php4 >/dev/null || true + if [ ! -e "$A2MODEDIR/php5.load" ] || [ ! -e "$A2MODEDIR/php5.conf" ]; then + cp_echo "CN: Enabling PHP5 module for Apache2 web server." + a2enmod php5 >/dev/null || true need_restart=1 fi -- 1.7.10.4