gnunet-gns-proxy-setup-ca: fix implementation and describe new changes.

author: ng0 <ng0@n0.is> 2019-11-25 17:33:26 +0000
committer: ng0 <ng0@n0.is> 2019-11-25 17:33:26 +0000
commit: 5adc5d2b84dbe6ce22feb384b4d6087ec5074903 (patch)
tree: 5ecea40186a5b5ed5708a9e274def10d7ac586a0 /src/gns
parent: 1a3904ec8d6463451b3a6e22433dd2582637c56b (diff)
download: gnunet-5adc5d2b84dbe6ce22feb384b4d6087ec5074903.tar.gz
gnunet-5adc5d2b84dbe6ce22feb384b4d6087ec5074903.zip
1 files changed, 96 insertions, 37 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index 885fc069a..256bb882b 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -18,7 +18,7 @@
 #
 # This code is derived from software contributed to
 # The NetBSD Foundation by Todd Vierling and Luke Mewburn.
+#
 # Redistribution and use in source and binary forms, with or
 # without modification, are permitted provided that the following
 # conditions are met:
@@ -29,7 +29,7 @@
 #    copyright notice, this list of conditions and the following
 #    disclaimer in the documentation and/or other materials
 #    provided with the distribution.
+#
 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
@@ -48,32 +48,42 @@
 progname=${0##*/}
+# Whitespace normalization without depending on shell features:
+tab='   '
+tab2='   '
+nl='
+'
+# trap "exit 1" 1 2 3 15
 setdefaults()
 {
    verbosity=0
+    resfile=
+    results=/dev/null
+    tmpdir=${TMPDIR:-/tmp}
    runcmd=
 }
 statusmsg()
 {
-    ${runcmd} echo "    $@"
+    ${runcmd} echo "${tab}$@" | tee -a "${results}"
 }
 infomsg()
 {
    if [ x$verbosity = x1 ]; then
-        statusmsg "INFO: $@"
+        statusmsg "INFO:${tab}$@"
    fi
 }
 warningmsg()
 {
-    statusmsg "WARNING: $@"
+    statusmsg "WARNING:${tab}$@"
 }
 errormsg()
 {
-    statusmsg "ERROR: $@"
+    statusmsg "ERROR:${tab}$@"
 }
 linemsg()
@@ -81,22 +91,27 @@ linemsg()
    statusmsg "========================================="
 }
+existence()
+{
+    command -v "$1" >/dev/null 2>&1
+}
 usage()
 {
    if [ -n "$*" ]; then
-        echo ""
+        echo "${nl}${progname}: $*"
-        echo "${progname}: $*"
    fi
    cat <<_usage_
-Usage: ${progname} [-hv] [-c FILE] [...]
+Usage: ${progname} [-hvVto] [-c FILE]
 Options:
-   -c FILE      Use the configuration file FILE.
+${tab}-c FILE Use the configuration file FILE.
-   -h           Print this help message.
+${tab}-h${tab2}${tab2}Print this help message.
-   -v           Print the version and exit.
+${tab}-o${tab2}${tab2}Display summary of statusmessages
-   -V           be verbose
+${tab}-t${tab2}${tab2}Short developer test on binaries
+${tab}-v${tab2}${tab2}Print the version and exit.
+${tab}-V${tab2}${tab2}be verbose
 _usage_
        exit 1
@@ -108,13 +123,13 @@ generate_ca()
    echo ""
    infomsg "Generating CA"
    TMPDIR=${TMPDIR:-/tmp}
-    if [ -e "$TMPDIR" ]; then
+    if test -e "$TMPDIR"; then
        GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1
        GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1
        GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1
    else
        # This warning is mostly pointless.
-        warning "You need to export the TMPDIR variable"
+        warningmsg "You need to export the TMPDIR variable"
    fi
    # # ------------- gnutls
@@ -137,18 +152,23 @@ generate_ca()
    OPENSSLCFG=@pkgdatadir@/openssl.cnf
    CERTTOOL=""
    OPENSSL=0
-    if test -z "`gnutls-certtool --version`" > /dev/null
+    if test -x $(existence gnunet-certtool)
+    # if test -z "`gnutls-certtool --version`" > /dev/null
    then
-      # We only support gnutls certtool for now
+      # We only support gnutls certtool for now. Treat the grep
+      # for "gnutls" in the output with extra care, it only matches
+      # the email address! It is probably safer to run strings(1)
+      # over certtool for a string matching "gnutls"
      if test -z "`certtool --version | grep gnutls`" > /dev/null
      then
        warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
-        if test -z "`openssl version`" > /dev/null
+        # if test -z "`openssl version`" > /dev/null
+        if test -x $(existence openssl)
        then
          OPENSSL=1
        else
          warningmsg "Install either gnutls certtool or openssl for certificate generation!"
-          infomsg    "Cleaning up."
+          statusmsg  "Cleaning up."
          rm -f $GNSCAKY $GNSCERT
          exit 1
        fi
@@ -157,7 +177,7 @@ generate_ca()
    else
      CERTTOOL="gnutls-certtool"
    fi
-    if [ -n "${GNUNET_CONFIG_FILE}" ]; then
+    if test -n "${GNUNET_CONFIG_FILE}"; then
        GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
    else
        GNUNET_CONFIG=""
@@ -167,13 +187,26 @@ generate_ca()
    if test 1 -eq $OPENSSL
    then
-      openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
+        if test 1 -eq $verbosity; then
-      infomsg "Removing passphrase from key"
+            openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
-      openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+        else
+            openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" >/dev/null 2>&1
+        fi
+        infomsg "Removing passphrase from key"
+        if test 1 -eq $verbosity; then
+            openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+        else
+            openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO >/dev/null 2>&1
+        fi
      cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
    else
-      $CERTTOOL --generate-privkey --outfile $GNSCAKY
+        if test 1 -eq $verbosity; then
-      $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
+            $CERTTOOL --generate-privkey --outfile $GNSCAKY
+            $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
+        else
+            $CERTTOOL --generate-privkey --outfile $GNSCAKY >/dev/null 2>&1
+            $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT >/dev/null 2>&1
+        fi
      infomsg "Making private key available to gnunet-gns-proxy"
      cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
    fi
@@ -181,13 +214,10 @@ generate_ca()
 importbrowsers()
 {
-    if test -z "`command -v certutil`" > /dev/null 2>&1
+    # if test -z "`command -v certutil`" > /dev/null 2>&1
+    if test -x $(existence gnutls-certutil) || test -x $(existence certutil)
    then
-        warningmsg "The 'certutil' command was not found."
+        statusmsg "Importing CA into browsers"
-        warningmsg "Not importing into browsers."
-        warningmsg "For 'certutil' install nss."
-    else
-        infomsg "Importing CA into browsers"
        # TODO: Error handling?
        for f in ~/.mozilla/firefox/*.*/
        do
@@ -201,26 +231,31 @@ importbrowsers()
        done
        # TODO: Error handling?
        if [ -d ~/.pki/nssdb/ ]; then
-            infomsg "Importing CA into Chrome at ~/.pki/nssdb/"
+            statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
            # delete old certificate (if any)
            certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
            # add new certificate
            certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
        fi
+    else
+        warningmsg "The 'certutil' command was not found."
+        warningmsg "Not importing into browsers."
+        warningmsg "For 'certutil' install nss."
    fi
 }
 print_version()
 {
-    GNUNET_ARM_VERSION=`gnunet-arm -v`
+    GNUNET_ARM_VERSION=`gnunet-arm -v | awk '{print $2 " " $3}'`
-    echo $GNUNET_ARM_VERSION
+    echo ${progname} $GNUNET_ARM_VERSION
 }
 clean_up()
 {
    infomsg "Cleaning up."
    rm -f $GNSCAKY $GNSCANO $GNSCERT
-    if [ -e $SETUP_TMPDIR ]; then
+    if test -e $SETUP_TMPDIR
+    then
        rm -rf $SETUP_TMPDIR
    fi
@@ -233,7 +268,8 @@ clean_up()
 main()
 {
-    while getopts "vhVc:" opt; do
+    setdefaults
+    while getopts "vhVtoc:" opt; do
        case $opt in
            v)
                print_version
@@ -250,6 +286,24 @@ main()
                infomsg "Using configuration file $OPTARG"
                GNUNET_CONFIG_FILE=${OPTARG}
                ;;
+            t)
+                verbosity=1
+                infomsg "Running short developer test"
+                if test -x $(existence openssl); then
+                   openssl version
+                fi
+                if test -x $(existence certtool); then
+                    certtool --version
+                fi
+                if test -x $(existence gnutls-certtool); then
+                    gnutls-certtool --version
+                fi
+                exit 0
+                ;;
+            o)
+                resfile=$(mktemp -t ${progname}.results)
+                results="${resfile}"
+                ;;
            \?)
                echo "Invalid option: -$OPTARG" >&2
                usage
@@ -260,9 +314,14 @@ main()
                ;;
        esac
    done
-    setdefaults
    generate_ca
    importbrowsers
+    if [ -s "${results}" ]; then
+        echo "===> Summary of results:"
+        sed -e 's/^===>//;s/^/  /' "${results}"
+        echo "===> ."
+        infomsg "Please remove ${results} manually."
+    fi
    clean_up
 }
author	ng0 <ng0@n0.is>	2019-11-25 17:33:26 +0000
committer	ng0 <ng0@n0.is>	2019-11-25 17:33:26 +0000
commit	5adc5d2b84dbe6ce22feb384b4d6087ec5074903 (patch)
tree	5ecea40186a5b5ed5708a9e274def10d7ac586a0 /src/gns
parent	1a3904ec8d6463451b3a6e22433dd2582637c56b (diff)
download	gnunet-5adc5d2b84dbe6ce22feb384b4d6087ec5074903.tar.gz gnunet-5adc5d2b84dbe6ce22feb384b4d6087ec5074903.zip

diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in index 885fc069a..256bb882b 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca.in +++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -18,7 +18,7 @@
18	#	18	#
19	# This code is derived from software contributed to	19	# This code is derived from software contributed to
20	# The NetBSD Foundation by Todd Vierling and Luke Mewburn.	20	# The NetBSD Foundation by Todd Vierling and Luke Mewburn.
21		21	#
22	# Redistribution and use in source and binary forms, with or	22	# Redistribution and use in source and binary forms, with or
23	# without modification, are permitted provided that the following	23	# without modification, are permitted provided that the following
24	# conditions are met:	24	# conditions are met:
@@ -29,7 +29,7 @@
29	# copyright notice, this list of conditions and the following	29	# copyright notice, this list of conditions and the following
30	# disclaimer in the documentation and/or other materials	30	# disclaimer in the documentation and/or other materials
31	# provided with the distribution.	31	# provided with the distribution.
32		32	#
33	# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND	33	# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34	# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,	34	# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35	# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF	35	# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
@@ -48,32 +48,42 @@
48		48
49	progname=${0##*/}	49	progname=${0##*/}
50		50
		51	# Whitespace normalization without depending on shell features:
		52	tab=' '
		53	tab2=' '
		54	nl='
		55	'
		56	# trap "exit 1" 1 2 3 15
		57
51	setdefaults()	58	setdefaults()
52	{	59	{
53	verbosity=0	60	verbosity=0
		61	resfile=
		62	results=/dev/null
		63	tmpdir=${TMPDIR:-/tmp}
54	runcmd=	64	runcmd=
55	}	65	}
56		66
57	statusmsg()	67	statusmsg()
58	{	68	{
59	${runcmd} echo " $@"	69	${runcmd} echo "${tab}$@" \| tee -a "${results}"
60	}	70	}
61		71
62	infomsg()	72	infomsg()
63	{	73	{
64	if [ x$verbosity = x1 ]; then	74	if [ x$verbosity = x1 ]; then
65	statusmsg "INFO: $@"	75	statusmsg "INFO:${tab}$@"
66	fi	76	fi
67	}	77	}
68		78
69	warningmsg()	79	warningmsg()
70	{	80	{
71	statusmsg "WARNING: $@"	81	statusmsg "WARNING:${tab}$@"
72	}	82	}
73		83
74	errormsg()	84	errormsg()
75	{	85	{
76	statusmsg "ERROR: $@"	86	statusmsg "ERROR:${tab}$@"
77	}	87	}
78		88
79	linemsg()	89	linemsg()
@@ -81,22 +91,27 @@ linemsg()
81	statusmsg "========================================="	91	statusmsg "========================================="
82	}	92	}
83		93
		94	existence()
		95	{
		96	command -v "$1" >/dev/null 2>&1
		97	}
84		98
85	usage()	99	usage()
86	{	100	{
87	if [ -n "$*" ]; then	101	if [ -n "$*" ]; then
88	echo ""	102	echo "${nl}${progname}: $*"
89	echo "${progname}: $*"
90	fi	103	fi
91	cat <<_usage_	104	cat <<_usage_
92		105
93	Usage: ${progname} [-hv] [-c FILE] [...]	106	Usage: ${progname} [-hvVto] [-c FILE]
94		107
95	Options:	108	Options:
96	-c FILE Use the configuration file FILE.	109	${tab}-c FILE Use the configuration file FILE.
97	-h Print this help message.	110	${tab}-h${tab2}${tab2}Print this help message.
98	-v Print the version and exit.	111	${tab}-o${tab2}${tab2}Display summary of statusmessages
99	-V be verbose	112	${tab}-t${tab2}${tab2}Short developer test on binaries
		113	${tab}-v${tab2}${tab2}Print the version and exit.
		114	${tab}-V${tab2}${tab2}be verbose
100		115
101	_usage_	116	_usage_
102	exit 1	117	exit 1
@@ -108,13 +123,13 @@ generate_ca()
108	echo ""	123	echo ""
109	infomsg "Generating CA"	124	infomsg "Generating CA"
110	TMPDIR=${TMPDIR:-/tmp}	125	TMPDIR=${TMPDIR:-/tmp}
111	if [ -e "$TMPDIR" ]; then	126	if test -e "$TMPDIR"; then
112	GNSCERT=`mktemp -t certXXXXXXXX.pem` \|\| exit 1	127	GNSCERT=`mktemp -t certXXXXXXXX.pem` \|\| exit 1
113	GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` \|\| exit 1	128	GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` \|\| exit 1
114	GNSCANO=`mktemp -t canoXXXXXXXX.pem` \|\| exit 1	129	GNSCANO=`mktemp -t canoXXXXXXXX.pem` \|\| exit 1
115	else	130	else
116	# This warning is mostly pointless.	131	# This warning is mostly pointless.
117	warning "You need to export the TMPDIR variable"	132	warningmsg "You need to export the TMPDIR variable"
118	fi	133	fi
119		134
120	# # ------------- gnutls	135	# # ------------- gnutls
@@ -137,18 +152,23 @@ generate_ca()
137	OPENSSLCFG=@pkgdatadir@/openssl.cnf	152	OPENSSLCFG=@pkgdatadir@/openssl.cnf
138	CERTTOOL=""	153	CERTTOOL=""
139	OPENSSL=0	154	OPENSSL=0
140	if test -z "`gnutls-certtool --version`" > /dev/null	155	if test -x $(existence gnunet-certtool)
		156	# if test -z "`gnutls-certtool --version`" > /dev/null
141	then	157	then
142	# We only support gnutls certtool for now	158	# We only support gnutls certtool for now. Treat the grep
		159	# for "gnutls" in the output with extra care, it only matches
		160	# the email address! It is probably safer to run strings(1)
		161	# over certtool for a string matching "gnutls"
143	if test -z "`certtool --version \| grep gnutls`" > /dev/null	162	if test -z "`certtool --version \| grep gnutls`" > /dev/null
144	then	163	then
145	warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."	164	warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
146	if test -z "`openssl version`" > /dev/null	165	# if test -z "`openssl version`" > /dev/null
		166	if test -x $(existence openssl)
147	then	167	then
148	OPENSSL=1	168	OPENSSL=1
149	else	169	else
150	warningmsg "Install either gnutls certtool or openssl for certificate generation!"	170	warningmsg "Install either gnutls certtool or openssl for certificate generation!"
151	infomsg "Cleaning up."	171	statusmsg "Cleaning up."
152	rm -f $GNSCAKY $GNSCERT	172	rm -f $GNSCAKY $GNSCERT
153	exit 1	173	exit 1
154	fi	174	fi
@@ -157,7 +177,7 @@ generate_ca()
157	else	177	else
158	CERTTOOL="gnutls-certtool"	178	CERTTOOL="gnutls-certtool"
159	fi	179	fi
160	if [ -n "${GNUNET_CONFIG_FILE}" ]; then	180	if test -n "${GNUNET_CONFIG_FILE}"; then
161	GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"	181	GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
162	else	182	else
163	GNUNET_CONFIG=""	183	GNUNET_CONFIG=""
@@ -167,13 +187,26 @@ generate_ca()
167		187
168	if test 1 -eq $OPENSSL	188	if test 1 -eq $OPENSSL
169	then	189	then
170	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"	190	if test 1 -eq $verbosity; then
171	infomsg "Removing passphrase from key"	191	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
172	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO	192	else
		193	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" >/dev/null 2>&1
		194	fi
		195	infomsg "Removing passphrase from key"
		196	if test 1 -eq $verbosity; then
		197	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
		198	else
		199	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO >/dev/null 2>&1
		200	fi
173	cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM	201	cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
174	else	202	else
175	$CERTTOOL --generate-privkey --outfile $GNSCAKY	203	if test 1 -eq $verbosity; then
176	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT	204	$CERTTOOL --generate-privkey --outfile $GNSCAKY
		205	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
		206	else
		207	$CERTTOOL --generate-privkey --outfile $GNSCAKY >/dev/null 2>&1
		208	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT >/dev/null 2>&1
		209	fi
177	infomsg "Making private key available to gnunet-gns-proxy"	210	infomsg "Making private key available to gnunet-gns-proxy"
178	cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM	211	cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
179	fi	212	fi
@@ -181,13 +214,10 @@ generate_ca()
181		214
182	importbrowsers()	215	importbrowsers()
183	{	216	{
184	if test -z "`command -v certutil`" > /dev/null 2>&1	217	# if test -z "`command -v certutil`" > /dev/null 2>&1
		218	if test -x $(existence gnutls-certutil) \|\| test -x $(existence certutil)
185	then	219	then
186	warningmsg "The 'certutil' command was not found."	220	statusmsg "Importing CA into browsers"
187	warningmsg "Not importing into browsers."
188	warningmsg "For 'certutil' install nss."
189	else
190	infomsg "Importing CA into browsers"
191	# TODO: Error handling?	221	# TODO: Error handling?
192	for f in ~/.mozilla/firefox/./	222	for f in ~/.mozilla/firefox/./
193	do	223	do
@@ -201,26 +231,31 @@ importbrowsers()
201	done	231	done
202	# TODO: Error handling?	232	# TODO: Error handling?
203	if [ -d ~/.pki/nssdb/ ]; then	233	if [ -d ~/.pki/nssdb/ ]; then
204	infomsg "Importing CA into Chrome at ~/.pki/nssdb/"	234	statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
205	# delete old certificate (if any)	235	# delete old certificate (if any)
206	certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null	236	certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
207	# add new certificate	237	# add new certificate
208	certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT	238	certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
209	fi	239	fi
		240	else
		241	warningmsg "The 'certutil' command was not found."
		242	warningmsg "Not importing into browsers."
		243	warningmsg "For 'certutil' install nss."
210	fi	244	fi
211	}	245	}
212		246
213	print_version()	247	print_version()
214	{	248	{
215	GNUNET_ARM_VERSION=`gnunet-arm -v`	249	GNUNET_ARM_VERSION=`gnunet-arm -v \| awk '{print $2 " " $3}'`
216	echo $GNUNET_ARM_VERSION	250	echo ${progname} $GNUNET_ARM_VERSION
217	}	251	}
218		252
219	clean_up()	253	clean_up()
220	{	254	{
221	infomsg "Cleaning up."	255	infomsg "Cleaning up."
222	rm -f $GNSCAKY $GNSCANO $GNSCERT	256	rm -f $GNSCAKY $GNSCANO $GNSCERT
223	if [ -e $SETUP_TMPDIR ]; then	257	if test -e $SETUP_TMPDIR
		258	then
224	rm -rf $SETUP_TMPDIR	259	rm -rf $SETUP_TMPDIR
225	fi	260	fi
226		261
@@ -233,7 +268,8 @@ clean_up()
233		268
234	main()	269	main()
235	{	270	{
236	while getopts "vhVc:" opt; do	271	setdefaults
		272	while getopts "vhVtoc:" opt; do
237	case $opt in	273	case $opt in
238	v)	274	v)
239	print_version	275	print_version
@@ -250,6 +286,24 @@ main()
250	infomsg "Using configuration file $OPTARG"	286	infomsg "Using configuration file $OPTARG"
251	GNUNET_CONFIG_FILE=${OPTARG}	287	GNUNET_CONFIG_FILE=${OPTARG}
252	;;	288	;;
		289	t)
		290	verbosity=1
		291	infomsg "Running short developer test"
		292	if test -x $(existence openssl); then
		293	openssl version
		294	fi
		295	if test -x $(existence certtool); then
		296	certtool --version
		297	fi
		298	if test -x $(existence gnutls-certtool); then
		299	gnutls-certtool --version
		300	fi
		301	exit 0
		302	;;
		303	o)
		304	resfile=$(mktemp -t ${progname}.results)
		305	results="${resfile}"
		306	;;
253	\?)	307	\?)
254	echo "Invalid option: -$OPTARG" >&2	308	echo "Invalid option: -$OPTARG" >&2
255	usage	309	usage
@@ -260,9 +314,14 @@ main()
260	;;	314	;;
261	esac	315	esac
262	done	316	done
263	setdefaults
264	generate_ca	317	generate_ca
265	importbrowsers	318	importbrowsers
		319	if [ -s "${results}" ]; then
		320	echo "===> Summary of results:"
		321	sed -e 's/^===>//;s/^/ /' "${results}"
		322	echo "===> ."
		323	infomsg "Please remove ${results} manually."
		324	fi
266	clean_up	325	clean_up
267	}	326	}
268		327