1 files changed, 339 insertions, 0 deletions
diff --git a/src/cli/gns/gnunet-gns-proxy-setup-ca.in b/src/cli/gns/gnunet-gns-proxy-setup-ca.in
new file mode 100644
index 000000000..b3ebfd11d
--- /dev/null
+++ b/src/cli/gns/gnunet-gns-proxy-setup-ca.in
@@ -0,0 +1,339 @@
+#!/bin/sh
+#
+# This shell script will generate an X509 certificate for
+# your gnunet-gns-proxy and install it (for both GNUnet
+# and your browser).
+#
+# TODO: Implement support for more browsers
+# TODO: Debug and switch to the new version
+# TODO  - The only remaining task is fixing the getopts
+# TODO: Error checks
+#
+# The current version partially reuses and recycles
+# code from build.sh by NetBSD (although not entirely
+# used because it needs debugging):
+#
+# Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# This code is derived from software contributed to
+# The NetBSD Foundation by Todd Vierling and Luke Mewburn.
+#
+# Redistribution and use in source and binary forms, with or
+# without modification, are permitted provided that the following
+# conditions are met:
+# 1. Redistributions of source code must retain the above
+#    copyright notice, this list of conditions and the following
+#    disclaimer.
+# 2. Redistributions in binary form must reproduce the above
+#    copyright notice, this list of conditions and the following
+#    disclaimer in the documentation and/or other materials
+#    provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
+# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED.
+# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+# OF SUCH DAMAGE.
+dir=$(dirname "$0")
+progname=${0##*/}
+existence() {
+  command -v "$1" >/dev/null 2>&1
+}
+statusmsg()
+{
+    ${runcmd} echo "${tab}$@" | tee -a "${results}"
+}
+infomsg()
+{
+    if [ x$verbosity = x1 ]; then
+        statusmsg "INFO:${tab}$@"
+    fi
+}
+warningmsg()
+{
+    statusmsg "WARNING:${tab}$@"
+}
+errormsg()
+{
+    statusmsg "ERROR:${tab}$@"
+}
+linemsg()
+{
+    statusmsg "========================================="
+}
+print_version()
+{
+    GNUNET_ARM_VERSION=`gnunet-arm -v | awk '{print $2 " " $3}'`
+    echo ${progname} $GNUNET_ARM_VERSION
+}
+# Whitespace normalization without depending on shell features:
+tab='   '
+tab2='   '
+nl='
+'
+setdefaults()
+{
+    verbosity=0
+    resfile=
+    results=/dev/null
+    tmpdir=${TMPDIR:-/tmp}
+    runcmd=
+}
+usage()
+{
+    if [ -n "$*" ]; then
+        echo "${nl}${progname}: $*"
+    fi
+    cat <<_usage_
+Usage: ${progname} [-hvVto] [-c FILE]
+Options:
+${tab}-c FILE Use the configuration file FILE.
+${tab}-h${tab2}${tab2}Print this help message.
+${tab}-o${tab2}${tab2}Display summary of statusmessages
+${tab}-t${tab2}${tab2}Short developer test on binaries
+${tab}-v${tab2}${tab2}Print the version and exit.
+${tab}-V${tab2}${tab2}be verbose
+_usage_
+        exit 1
+}
+generate_ca()
+{
+    echo ""
+    infomsg "Generating CA"
+    TMPDIR=${TMPDIR:-/tmp}
+    if test -e "$TMPDIR"; then
+        GNSCERT=`mktemp -t cert.pem.XXXXXXXX` || exit 1
+        GNSCAKY=`mktemp -t caky.pem.XXXXXXXX` || exit 1
+        GNSCANO=`mktemp -t cano.pem.XXXXXXXX` || exit 1
+    else
+        # This warning is mostly pointless.
+        warningmsg "You need to export the TMPDIR variable"
+    fi
+    # # ------------- gnutls
+    #
+    # if ! which certutil > /dev/null
+    # then
+    #     warningmsg "The 'certutil' command was not found."
+    #     warningmsg "Not importing into browsers."
+    #     warningmsg "For 'certutil' install nss."
+    # else
+    #     # Generate CA key
+    #     # pkcs#8 password-protects key
+    #     certtool --pkcs8 --generate-privkey --sec-param high --outfile ca-key.pem
+    #     # self-sign the CA to create public certificate
+    #     certtool --generate-self-signed --load-privkey ca-key.pem --template ca.cfg --outfile ca.pem
+    # ------------- openssl
+    GNUTLS_CA_TEMPLATE=@PKGDATADIRECTORY@/gnunet-gns-proxy-ca.template
+    OPENSSLCFG=@PKGDATADIRECTORY@/openssl.cnf
+    CERTTOOL=""
+    OPENSSL=0
+    if test -x $(existence gnunet-certtool)
+    # if test -z "`gnutls-certtool --version`" > /dev/null
+    then
+      # We only support gnutls certtool for now. Treat the grep
+      # for "gnutls" in the output with extra care, it only matches
+      # the email address! It is probably safer to run strings(1)
+      # over certtool for a string matching "gnutls"
+      if test -z "`certtool --version | grep gnutls`" > /dev/null
+      then
+        warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
+        # if test -z "`openssl version`" > /dev/null
+        if test -x $(existence openssl)
+        then
+          OPENSSL=1
+        else
+          warningmsg "Install either gnutls certtool or openssl for certificate generation!"
+          statusmsg  "Cleaning up."
+          rm -f $GNSCAKY $GNSCERT
+          exit 1
+        fi
+      fi
+      CERTTOOL="certtool"
+    else
+      CERTTOOL="gnutls-certtool"
+    fi
+    if test -n "${GNUNET_CONFIG_FILE}"; then
+        GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
+    else
+        GNUNET_CONFIG=""
+    fi
+    GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
+    mkdir -p `dirname $GNS_CA_CERT_PEM`
+    if test 1 -eq $OPENSSL
+    then
+        if test 1 -eq $verbosity; then
+            openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
+        else
+            openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" >/dev/null 2>&1
+        fi
+        infomsg "Removing passphrase from key"
+        if test 1 -eq $verbosity; then
+            openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+        else
+            openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO >/dev/null 2>&1
+        fi
+      cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
+    else
+        if test 1 -eq $verbosity; then
+            $CERTTOOL --generate-privkey --outfile $GNSCAKY
+            $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
+        else
+            $CERTTOOL --generate-privkey --outfile $GNSCAKY >/dev/null 2>&1
+            $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT >/dev/null 2>&1
+        fi
+      infomsg "Making private key available to gnunet-gns-proxy"
+      cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
+    fi
+}
+importbrowsers()
+{
+    # if test -z "`command -v certutil`" > /dev/null 2>&1
+    if test -x $(existence gnutls-certutil) || test -x $(existence certutil)
+    then
+        statusmsg "Importing CA into browsers"
+        # TODO: Error handling?
+        for f in ~/.mozilla/firefox/*.*/
+        do
+            if [ -d $f ]; then
+                infomsg "Importing CA into Firefox at $f"
+                # delete old certificate (if any)
+                certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
+                # add new certificate
+                certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
+            fi
+        done
+        for f in ~/.mozilla/icecat/*.*/
+        do
+            if [ -d $f ]; then
+                infomsg "Importing CA into Icecat at $f"
+                # delete old certificate (if any)
+                certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
+                # add new certificate
+                certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
+            fi
+        done
+        # TODO: Error handling?
+        if [ -d ~/.pki/nssdb/ ]; then
+            statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
+            # delete old certificate (if any)
+            certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
+            # add new certificate
+            certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
+        fi
+    else
+        warningmsg "The 'certutil' command was not found."
+        warningmsg "Not importing into browsers."
+        warningmsg "For 'certutil' install nss."
+    fi
+}
+clean_up()
+{
+    infomsg "Cleaning up."
+    rm -f $GNSCAKY $GNSCANO $GNSCERT
+    if test -e $SETUP_TMPDIR
+    then
+        rm -rf $SETUP_TMPDIR
+    fi
+    linemsg
+    statusmsg "You can now start gnunet-gns-proxy."
+    statusmsg "Afterwards, configure your browser "
+    statusmsg "to use a SOCKS proxy on port 7777. "
+    linemsg
+}
+main()
+{
+    setdefaults
+    while getopts "vhVtoc:" opt; do
+        case $opt in
+            v)
+                print_version
+                exit 0
+                ;;
+            h)
+                usage
+                ;;
+            V)
+                verbosity=1
+                ;;
+            c)
+                options="$options -c $OPTARG"
+                infomsg "Using configuration file $OPTARG"
+                GNUNET_CONFIG_FILE=${OPTARG}
+                ;;
+            t)
+                verbosity=1
+                infomsg "Running short developer test"
+                if test -x $(existence openssl); then
+                   openssl version
+                fi
+                if test -x $(existence certtool); then
+                    certtool --version
+                fi
+                if test -x $(existence gnutls-certtool); then
+                    gnutls-certtool --version
+                fi
+                exit 0
+                ;;
+            o)
+                resfile=$(mktemp -t ${progname}.results)
+                results="${resfile}"
+                ;;
+            \?)
+                echo "Invalid option: -$OPTARG" >&2
+                usage
+                ;;
+            :)
+                echo "Option -$OPTARG requires an argument." >&2
+                usage
+                ;;
+        esac
+    done
+    generate_ca
+    importbrowsers
+    if [ -s "${results}" ]; then
+        echo "===> Summary of results:"
+        sed -e 's/^===>//;s/^/  /' "${results}"
+        echo "===> ."
+        infomsg "Please remove ${results} manually."
+    fi
+    clean_up
+}
+main "$@"

diff --git a/src/cli/gns/gnunet-gns-proxy-setup-ca.in b/src/cli/gns/gnunet-gns-proxy-setup-ca.in new file mode 100644 index 000000000..b3ebfd11d --- /dev/null +++ b/src/cli/gns/gnunet-gns-proxy-setup-ca.in
@@ -0,0 +1,339 @@
	1	#!/bin/sh
	2	#
	3	# This shell script will generate an X509 certificate for
	4	# your gnunet-gns-proxy and install it (for both GNUnet
	5	# and your browser).
	6	#
	7	# TODO: Implement support for more browsers
	8	# TODO: Debug and switch to the new version
	9	# TODO - The only remaining task is fixing the getopts
	10	# TODO: Error checks
	11	#
	12	# The current version partially reuses and recycles
	13	# code from build.sh by NetBSD (although not entirely
	14	# used because it needs debugging):
	15	#
	16	# Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
	17	# All rights reserved.
	18	#
	19	# This code is derived from software contributed to
	20	# The NetBSD Foundation by Todd Vierling and Luke Mewburn.
	21	#
	22	# Redistribution and use in source and binary forms, with or
	23	# without modification, are permitted provided that the following
	24	# conditions are met:
	25	# 1. Redistributions of source code must retain the above
	26	# copyright notice, this list of conditions and the following
	27	# disclaimer.
	28	# 2. Redistributions in binary form must reproduce the above
	29	# copyright notice, this list of conditions and the following
	30	# disclaimer in the documentation and/or other materials
	31	# provided with the distribution.
	32	#
	33	# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
	34	# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	35	# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	36	# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
	37	# DISCLAIMED.
	38	# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
	39	# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
	40	# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	41	# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	42	# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
	43	# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	44	# LIABILITY, OR TORT
	45	# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
	46	# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
	47	# OF SUCH DAMAGE.
	48
	49	dir=$(dirname "$0")
	50
	51	progname=${0##*/}
	52
	53	existence() {
	54	command -v "$1" >/dev/null 2>&1
	55	}
	56
	57	statusmsg()
	58	{
	59	${runcmd} echo "${tab}$@" \| tee -a "${results}"
	60	}
	61
	62	infomsg()
	63	{
	64	if [ x$verbosity = x1 ]; then
	65	statusmsg "INFO:${tab}$@"
	66	fi
	67	}
	68
	69	warningmsg()
	70	{
	71	statusmsg "WARNING:${tab}$@"
	72	}
	73
	74	errormsg()
	75	{
	76	statusmsg "ERROR:${tab}$@"
	77	}
	78
	79	linemsg()
	80	{
	81	statusmsg "========================================="
	82	}
	83
	84
	85	print_version()
	86	{
	87	GNUNET_ARM_VERSION=`gnunet-arm -v \| awk '{print $2 " " $3}'`
	88	echo ${progname} $GNUNET_ARM_VERSION
	89	}
	90
	91	# Whitespace normalization without depending on shell features:
	92	tab=' '
	93	tab2=' '
	94	nl='
	95	'
	96
	97	setdefaults()
	98	{
	99	verbosity=0
	100	resfile=
	101	results=/dev/null
	102	tmpdir=${TMPDIR:-/tmp}
	103	runcmd=
	104	}
	105
	106	usage()
	107	{
	108	if [ -n "$*" ]; then
	109	echo "${nl}${progname}: $*"
	110	fi
	111	cat <<_usage_
	112
	113	Usage: ${progname} [-hvVto] [-c FILE]
	114
	115	Options:
	116	${tab}-c FILE Use the configuration file FILE.
	117	${tab}-h${tab2}${tab2}Print this help message.
	118	${tab}-o${tab2}${tab2}Display summary of statusmessages
	119	${tab}-t${tab2}${tab2}Short developer test on binaries
	120	${tab}-v${tab2}${tab2}Print the version and exit.
	121	${tab}-V${tab2}${tab2}be verbose
	122
	123	_usage_
	124	exit 1
	125	}
	126
	127
	128	generate_ca()
	129	{
	130	echo ""
	131	infomsg "Generating CA"
	132	TMPDIR=${TMPDIR:-/tmp}
	133	if test -e "$TMPDIR"; then
	134	GNSCERT=`mktemp -t cert.pem.XXXXXXXX` \|\| exit 1
	135	GNSCAKY=`mktemp -t caky.pem.XXXXXXXX` \|\| exit 1
	136	GNSCANO=`mktemp -t cano.pem.XXXXXXXX` \|\| exit 1
	137	else
	138	# This warning is mostly pointless.
	139	warningmsg "You need to export the TMPDIR variable"
	140	fi
	141
	142	# # ------------- gnutls
	143	#
	144	# if ! which certutil > /dev/null
	145	# then
	146	# warningmsg "The 'certutil' command was not found."
	147	# warningmsg "Not importing into browsers."
	148	# warningmsg "For 'certutil' install nss."
	149	# else
	150	# # Generate CA key
	151	# # pkcs#8 password-protects key
	152	# certtool --pkcs8 --generate-privkey --sec-param high --outfile ca-key.pem
	153	# # self-sign the CA to create public certificate
	154	# certtool --generate-self-signed --load-privkey ca-key.pem --template ca.cfg --outfile ca.pem
	155
	156	# ------------- openssl
	157
	158	GNUTLS_CA_TEMPLATE=@PKGDATADIRECTORY@/gnunet-gns-proxy-ca.template
	159	OPENSSLCFG=@PKGDATADIRECTORY@/openssl.cnf
	160	CERTTOOL=""
	161	OPENSSL=0
	162	if test -x $(existence gnunet-certtool)
	163	# if test -z "`gnutls-certtool --version`" > /dev/null
	164	then
	165	# We only support gnutls certtool for now. Treat the grep
	166	# for "gnutls" in the output with extra care, it only matches
	167	# the email address! It is probably safer to run strings(1)
	168	# over certtool for a string matching "gnutls"
	169	if test -z "`certtool --version \| grep gnutls`" > /dev/null
	170	then
	171	warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl."
	172	# if test -z "`openssl version`" > /dev/null
	173	if test -x $(existence openssl)
	174	then
	175	OPENSSL=1
	176	else
	177	warningmsg "Install either gnutls certtool or openssl for certificate generation!"
	178	statusmsg "Cleaning up."
	179	rm -f $GNSCAKY $GNSCERT
	180	exit 1
	181	fi
	182	fi
	183	CERTTOOL="certtool"
	184	else
	185	CERTTOOL="gnutls-certtool"
	186	fi
	187	if test -n "${GNUNET_CONFIG_FILE}"; then
	188	GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
	189	else
	190	GNUNET_CONFIG=""
	191	fi
	192	GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
	193	mkdir -p `dirname $GNS_CA_CERT_PEM`
	194
	195	if test 1 -eq $OPENSSL
	196	then
	197	if test 1 -eq $verbosity; then
	198	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
	199	else
	200	openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" >/dev/null 2>&1
	201	fi
	202	infomsg "Removing passphrase from key"
	203	if test 1 -eq $verbosity; then
	204	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
	205	else
	206	openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO >/dev/null 2>&1
	207	fi
	208	cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
	209	else
	210	if test 1 -eq $verbosity; then
	211	$CERTTOOL --generate-privkey --outfile $GNSCAKY
	212	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT
	213	else
	214	$CERTTOOL --generate-privkey --outfile $GNSCAKY >/dev/null 2>&1
	215	$CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $GNSCAKY --outfile $GNSCERT >/dev/null 2>&1
	216	fi
	217	infomsg "Making private key available to gnunet-gns-proxy"
	218	cat $GNSCERT $GNSCAKY > $GNS_CA_CERT_PEM
	219	fi
	220	}
	221
	222	importbrowsers()
	223	{
	224	# if test -z "`command -v certutil`" > /dev/null 2>&1
	225	if test -x $(existence gnutls-certutil) \|\| test -x $(existence certutil)
	226	then
	227	statusmsg "Importing CA into browsers"
	228	# TODO: Error handling?
	229	for f in ~/.mozilla/firefox/./
	230	do
	231	if [ -d $f ]; then
	232	infomsg "Importing CA into Firefox at $f"
	233	# delete old certificate (if any)
	234	certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
	235	# add new certificate
	236	certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
	237	fi
	238	done
	239	for f in ~/.mozilla/icecat/./
	240	do
	241	if [ -d $f ]; then
	242	infomsg "Importing CA into Icecat at $f"
	243	# delete old certificate (if any)
	244	certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
	245	# add new certificate
	246	certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
	247	fi
	248	done
	249	# TODO: Error handling?
	250	if [ -d ~/.pki/nssdb/ ]; then
	251	statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
	252	# delete old certificate (if any)
	253	certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
	254	# add new certificate
	255	certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
	256	fi
	257	else
	258	warningmsg "The 'certutil' command was not found."
	259	warningmsg "Not importing into browsers."
	260	warningmsg "For 'certutil' install nss."
	261	fi
	262	}
	263
	264	clean_up()
	265	{
	266	infomsg "Cleaning up."
	267	rm -f $GNSCAKY $GNSCANO $GNSCERT
	268	if test -e $SETUP_TMPDIR
	269	then
	270	rm -rf $SETUP_TMPDIR
	271	fi
	272
	273	linemsg
	274	statusmsg "You can now start gnunet-gns-proxy."
	275	statusmsg "Afterwards, configure your browser "
	276	statusmsg "to use a SOCKS proxy on port 7777. "
	277	linemsg
	278	}
	279
	280	main()
	281	{
	282	setdefaults
	283	while getopts "vhVtoc:" opt; do
	284	case $opt in
	285	v)
	286	print_version
	287	exit 0
	288	;;
	289	h)
	290	usage
	291	;;
	292	V)
	293	verbosity=1
	294	;;
	295	c)
	296	options="$options -c $OPTARG"
	297	infomsg "Using configuration file $OPTARG"
	298	GNUNET_CONFIG_FILE=${OPTARG}
	299	;;
	300	t)
	301	verbosity=1
	302	infomsg "Running short developer test"
	303	if test -x $(existence openssl); then
	304	openssl version
	305	fi
	306	if test -x $(existence certtool); then
	307	certtool --version
	308	fi
	309	if test -x $(existence gnutls-certtool); then
	310	gnutls-certtool --version
	311	fi
	312	exit 0
	313	;;
	314	o)
	315	resfile=$(mktemp -t ${progname}.results)
	316	results="${resfile}"
	317	;;
	318	\?)
	319	echo "Invalid option: -$OPTARG" >&2
	320	usage
	321	;;
	322	:)
	323	echo "Option -$OPTARG requires an argument." >&2
	324	usage
	325	;;
	326	esac
	327	done
	328	generate_ca
	329	importbrowsers
	330	if [ -s "${results}" ]; then
	331	echo "===> Summary of results:"
	332	sed -e 's/^===>//;s/^/ /' "${results}"
	333	echo "===> ."
	334	infomsg "Please remove ${results} manually."
	335	fi
	336	clean_up
	337	}
	338
	339	main "$@"