diff options
author | ng0 <ng0@n0.is> | 2019-02-19 12:40:36 +0000 |
---|---|---|
committer | ng0 <ng0@n0.is> | 2019-02-19 12:40:36 +0000 |
commit | 2f9e78d0db73fa953f4f542f3fbc9ddf2c9e260f (patch) | |
tree | f700ff67202a249d5c121a9f78f64531e6e0406c | |
parent | b9e95f034c7d2e059340c5d282933c102e834c71 (diff) | |
download | gnunet-2f9e78d0db73fa953f4f542f3fbc9ddf2c9e260f.tar.gz gnunet-2f9e78d0db73fa953f4f542f3fbc9ddf2c9e260f.zip |
gnunet-gns-proxy-setup-ca: conditionally sed openssl and certutil location,
use variable for locations, check for openssl and certutil in configure
phase.
-rw-r--r-- | configure.ac | 3 | ||||
-rw-r--r-- | src/gns/Makefile.am | 23 | ||||
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca.in | 17 |
3 files changed, 32 insertions, 11 deletions
diff --git a/configure.ac b/configure.ac index 40890ad1a..b3caee676 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -377,6 +377,9 @@ AC_ARG_ENABLE(gcc-hardening, | |||
377 | LDFLAGS="$LDFLAGS -pie" | 377 | LDFLAGS="$LDFLAGS -pie" |
378 | fi]) | 378 | fi]) |
379 | 379 | ||
380 | # gnunet-gns-proxy-setup-ca requires openssl and certutil (nss) | ||
381 | AC_CHECK_PROG(have_openssl, [openssl], [yes], [no]) | ||
382 | AC_CHECK_PROG(have_certutil, [certutil], [yes], [no]) | ||
380 | 383 | ||
381 | # Linker hardening options | 384 | # Linker hardening options |
382 | # Currently these options are ELF specific - you can't use this with MacOSX | 385 | # Currently these options are ELF specific - you can't use this with MacOSX |
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am index 13f6a6e52..7d343e7ff 100644 --- a/src/gns/Makefile.am +++ b/src/gns/Makefile.am | |||
@@ -88,21 +88,36 @@ bin_PROGRAMS += gnunet-bcd | |||
88 | endif | 88 | endif |
89 | endif | 89 | endif |
90 | 90 | ||
91 | bin_SCRIPTS = gnunet-gns-proxy-setup-ca | ||
92 | |||
93 | plugin_LTLIBRARIES = \ | 91 | plugin_LTLIBRARIES = \ |
94 | libgnunet_plugin_block_gns.la \ | 92 | libgnunet_plugin_block_gns.la \ |
95 | libgnunet_plugin_gnsrecord_gns.la | 93 | libgnunet_plugin_gnsrecord_gns.la |
96 | 94 | ||
97 | xPFX=$(pkgdatadir)/openssl.cnf | ||
98 | 95 | ||
96 | if HAVE_OPENSSL | ||
97 | xOPENSSL=$(shell which openssl) | ||
98 | do_subst_openssl = $(SED) -e 's,[@]OPENSSLBIN[@],${xOPENSSL},g' | ||
99 | endif | ||
100 | |||
101 | if HAVE_NSS | ||
102 | xCERTUTIL=$(shell which certutil) | ||
103 | do_subst_certutil = $(SED) -e 's,[@]CERTUTILBIN[@],${xCERTUTIL},g' | ||
104 | endif | ||
105 | |||
106 | xPFX=$(pkgdatadir)/openssl.cnf | ||
99 | do_subst = $(SED) -e 's,[@]PREFIX[@],${xPFX},g' | 107 | do_subst = $(SED) -e 's,[@]PREFIX[@],${xPFX},g' |
100 | 108 | ||
101 | gnunet-gns-proxy-setup-ca: gnunet-gns-proxy-setup-ca.in | 109 | gnunet-gns-proxy-setup-ca: gnunet-gns-proxy-setup-ca.in |
102 | $(do_subst) < $(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca.in > gnunet-gns-proxy-setup-ca | 110 | $(do_subst) < $(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca.in > gnunet-gns-proxy-setup-ca |
111 | ifeq ($(HAVE_OPENSSL), 1) | ||
112 | $(do_subst_openssl) < $(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca | ||
113 | endif | ||
114 | ifeq ($(HAVE_OPENSSL), 1) | ||
115 | $(do_subst_certutil) < $(top_srcdir)/src/gns/gnunet-gns-proxy-setup-ca | ||
116 | endif | ||
103 | chmod +x gnunet-gns-proxy-setup-ca | 117 | chmod +x gnunet-gns-proxy-setup-ca |
118 | else: | ||
104 | 119 | ||
105 | 120 | bin_SCRIPTS = gnunet-gns-proxy-setup-ca | |
106 | 121 | ||
107 | libgnunet_plugin_gnsrecord_gns_la_SOURCES = \ | 122 | libgnunet_plugin_gnsrecord_gns_la_SOURCES = \ |
108 | plugin_gnsrecord_gns.c | 123 | plugin_gnsrecord_gns.c |
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in index d3753b074..cd3be5cea 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca.in +++ b/src/gns/gnunet-gns-proxy-setup-ca.in | |||
@@ -11,6 +11,8 @@ then | |||
11 | exit 1 | 11 | exit 1 |
12 | fi | 12 | fi |
13 | 13 | ||
14 | OPENSSLBIN=@OPENSSL@ | ||
15 | CERTUTILBIN=@CERTUTIL@ | ||
14 | 16 | ||
15 | echo "Generating CA" | 17 | echo "Generating CA" |
16 | options='' | 18 | options='' |
@@ -36,17 +38,18 @@ GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` | |||
36 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` | 38 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` |
37 | mkdir -p `dirname $GNS_CA_CERT_PEM` | 39 | mkdir -p `dirname $GNS_CA_CERT_PEM` |
38 | 40 | ||
39 | openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | 41 | OPENSSLBIN req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" |
40 | 42 | ||
41 | echo "Removing passphrase from key" | 43 | echo "Removing passphrase from key" |
42 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | 44 | OPENSSLBIN rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO |
43 | 45 | ||
44 | echo "Making private key available to gnunet-gns-proxy" | 46 | echo "Making private key available to gnunet-gns-proxy" |
45 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM | 47 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM |
46 | 48 | ||
47 | if ! which certutil > /dev/null | 49 | if ! which certutil > /dev/null |
48 | then | 50 | then |
49 | echo "'certutil' command not found. Not importing into browsers." | 51 | echo "The 'certutil' command was not found. Not importing into browsers." |
52 | echo "For 'certutil' install nss." | ||
50 | else | 53 | else |
51 | echo "Importing CA into browsers" | 54 | echo "Importing CA into browsers" |
52 | for f in ~/.mozilla/firefox/*.*/ | 55 | for f in ~/.mozilla/firefox/*.*/ |
@@ -54,18 +57,18 @@ else | |||
54 | if [ -d $f ]; then | 57 | if [ -d $f ]; then |
55 | echo "Importing CA info Firefox at $f" | 58 | echo "Importing CA info Firefox at $f" |
56 | # delete old certificate (if any) | 59 | # delete old certificate (if any) |
57 | certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null | 60 | @CERTUTILBIN@ -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null |
58 | # add new certificate | 61 | # add new certificate |
59 | certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT | 62 | @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT |
60 | fi | 63 | fi |
61 | done | 64 | done |
62 | 65 | ||
63 | if [ -d ~/.pki/nssdb/ ]; then | 66 | if [ -d ~/.pki/nssdb/ ]; then |
64 | echo "Importing CA into Chrome at ~/.pki/nssdb/" | 67 | echo "Importing CA into Chrome at ~/.pki/nssdb/" |
65 | # delete old certificate (if any) | 68 | # delete old certificate (if any) |
66 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null | 69 | @CERTUTILBIN@ -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null |
67 | # add new certificate | 70 | # add new certificate |
68 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT | 71 | @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT |
69 | fi | 72 | fi |
70 | fi | 73 | fi |
71 | 74 | ||