From ad488bdf1343d85a30d8189884018928b0f699ba Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Tue, 23 Jul 2019 23:38:19 +0200 Subject: fix #5817 --- src/transport/Makefile.am | 19 ++- .../gnunet-transport-certificate-creation.c | 133 ------------------ .../gnunet-transport-certificate-creation.in | 148 +++++++++++++++++++++ 3 files changed, 160 insertions(+), 140 deletions(-) delete mode 100644 src/transport/gnunet-transport-certificate-creation.c create mode 100644 src/transport/gnunet-transport-certificate-creation.in diff --git a/src/transport/Makefile.am b/src/transport/Makefile.am index ea9ce75ba..e6729f2a9 100644 --- a/src/transport/Makefile.am +++ b/src/transport/Makefile.am @@ -256,16 +256,20 @@ libexec_PROGRAMS = \ bin_PROGRAMS = \ - gnunet-transport \ + gnunet-transport + +bin_SCRIPTS = \ gnunet-transport-certificate-creation -#bin_SCRIPTS = \ -# gnunet-transport-certificate-creation +# See: https://www.gnu.org/software/automake/manual/html_node/Scripts.html#Scripts +do_subst = sed -e 's,[@]pkgdatadir[@],$(pkgdatadir),g' + + +gnunet-transport-certificate-creation: gnunet-transport-certificate-creation.in Makefile + $(do_subst) < $(srcdir)/gnunet-transport-certificate-creation.in > gnunet-transport-certificate-creation + chmod +x gnunet-transport-certificate-creation + -gnunet_transport_certificate_creation_SOURCES = \ - gnunet-transport-certificate-creation.c -gnunet_transport_certificate_creation_LDADD = \ - $(top_builddir)/src/util/libgnunetutil.la gnunet_communicator_unix_SOURCES = \ gnunet-communicator-unix.c @@ -1338,6 +1342,7 @@ test_transport_api_slow_ats_LDADD = \ EXTRA_DIST = \ +gnunet-transport-certificate-creation.in \ communicator-unix.conf \ test_plugin_hostkey \ test_plugin_hostkey.ecc \ diff --git a/src/transport/gnunet-transport-certificate-creation.c b/src/transport/gnunet-transport-certificate-creation.c deleted file mode 100644 index 288652566..000000000 --- a/src/transport/gnunet-transport-certificate-creation.c +++ /dev/null @@ -1,133 +0,0 @@ -/* - This file is part of GNUnet. - Copyright (C) 2011, 2013 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - - SPDX-License-Identifier: AGPL3.0-or-later -*/ - -/** - * @file transport/gnunet-transport-certificate-creation.c - * @brief create certificate for HTTPS transport - * @author LRN - */ -#include "platform.h" -#include "gnunet_util_lib.h" - -#ifndef WINDOWS -/** - * Turn the given file descriptor in to '/dev/null'. - * - * @param fd fd to bind to /dev/null - * @param flags flags to use (O_RDONLY or O_WRONLY) - */ -static void -make_dev_zero (int fd, - int flags) -{ - int z; - - GNUNET_assert (0 == close (fd)); - z = open ("/dev/null", flags); - GNUNET_assert (-1 != z); - if (z == fd) - return; - GNUNET_break (fd == dup2 (z, fd)); - GNUNET_assert (0 == close (z)); -} -#endif - - -static void -removecerts (const char *file1, - const char *file2) -{ - if (GNUNET_YES == GNUNET_DISK_file_test (file1)) - { - if (0 != CHMOD (file1, S_IWUSR | S_IRUSR)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", file1); - if (0 != REMOVE (file1)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "remove", file1); - } - if (GNUNET_YES == GNUNET_DISK_file_test (file2)) - { - if (0 != CHMOD (file2, S_IWUSR | S_IRUSR)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", file2); - if (0 != REMOVE (file2)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "remove", file2); - } -} - - -int -main (int argc, char **argv) -{ - struct GNUNET_OS_Process *openssl; - - if (3 != argc) - { - fprintf (stderr, - "Invalid arguments.\n"); - return 1; - } - removecerts (argv[1], argv[2]); - (void) GNUNET_DISK_directory_create_for_file (argv[1]); - (void) GNUNET_DISK_directory_create_for_file (argv[2]); - /* eliminate stderr */ -#if WINDOWS - (void) close (2); -#else - make_dev_zero (2, O_WRONLY); -#endif - /* Create RSA Private Key */ - /* openssl genrsa -out $1 1024 2> /dev/null */ - openssl = - GNUNET_OS_start_process (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, - NULL, NULL, NULL, - "openssl", "openssl", "genrsa", - "-out", argv[1], "1024", NULL); - if (NULL == openssl) - { - fprintf (stderr, - "Failed to run openssl. Is openssl installed?\n"); - return 2; - } - GNUNET_assert (GNUNET_OK == GNUNET_OS_process_wait (openssl)); - GNUNET_OS_process_destroy (openssl); - - /* Create a self-signed certificate in batch mode using rsa key */ - /* openssl req -batch -days 365 -out $2 -new -x509 -key $1 2> /dev/null */ - openssl = - GNUNET_OS_start_process (GNUNET_NO, GNUNET_OS_INHERIT_STD_OUT_AND_ERR, - NULL, NULL, NULL, - "openssl", "openssl", "req", - "-batch", "-days", "365", "-out", argv[2], - "-new", "-x509", "-key", argv[1], NULL); - if (NULL == openssl) - { - fprintf (stderr, - "Failed to create self-signed certificate with openssl.\n"); - return 3; - } - GNUNET_assert (GNUNET_OK == GNUNET_OS_process_wait (openssl)); - GNUNET_OS_process_destroy (openssl); - if (0 != CHMOD (argv[1], S_IRUSR)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", argv[1]); - if (0 != CHMOD (argv[2], S_IRUSR)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "chmod", argv[2]); - return 0; -} - -/* end of gnunet-transport-certificate-creation.c */ diff --git a/src/transport/gnunet-transport-certificate-creation.in b/src/transport/gnunet-transport-certificate-creation.in new file mode 100644 index 000000000..9b8a23594 --- /dev/null +++ b/src/transport/gnunet-transport-certificate-creation.in @@ -0,0 +1,148 @@ +#!/bin/sh +# +# This shell script will generate an X509 certificate for +# your gnunet-transport HTTPS +# +# The current version partially reuses and recycles +# code from build.sh by NetBSD (although not entirely +# used because it needs debugging): +# +# Copyright (c) 2001-2011 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to +# The NetBSD Foundation by Todd Vierling and Luke Mewburn. + +# Redistribution and use in source and binary forms, with or +# without modification, are permitted provided that the following +# conditions are met: +# 1. Redistributions of source code must retain the above +# copyright notice, this list of conditions and the following +# disclaimer. +# 2. Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials +# provided with the distribution. + +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND +# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. +# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF +# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY +# OF SUCH DAMAGE. + +progname=${0##*/} + +setdefaults() +{ + verbosity=0 + runcmd= +} + +statusmsg() +{ + ${runcmd} echo " $@" +} + +infomsg() +{ + if [ x$verbosity = x1 ]; then + statusmsg "INFO: $@" + fi +} + +warningmsg() +{ + statusmsg "WARNING: $@" +} + +errormsg() +{ + statusmsg "ERROR: $@" +} + +linemsg() +{ + statusmsg "=========================================" +} + + +usage() +{ + if [ -n "$*" ]; then + echo "" + echo "${progname}: $*" + fi + cat <<_usage_ + +Usage: ${progname} [-hv] [-c FILE] [...] + +Options: + -c FILE Use the configuration file FILE. + -h Print this help message. + -v Print the version and exit. + -V be verbose + +_usage_ + exit 1 +} + + +generate_cert_key() +{ + echo "" + infomsg "Generating Cert and Key" + + CERTTOOL="" + GNUTLS_CA_TEMPLATE=@pkgdatadir@/gnunet-gns-proxy-ca.template + OPENSSL=0 + if test -z "`gnutls-certtool --version`" > /dev/null + then + warningmsg "'gnutls-certtool' or 'certtool' command not found. Trying openssl." + if test -z "`openssl version`" > /dev/null + then + $OPENSSL=1 + else + warningmsg "Install either gnutls certtool or openssl for certificate generation!" + exit 1 + fi + CERTTOOL="openssl" + else + CERTTOOL="gnutls-certtool" + fi + mkdir -p `dirname $KEYFILE` + + if test 1 -eq $OPENSSL + then + $CERTTOOL genrsa -out $KEYFILE 1024 + $CERTTOOL req -batch -days 365 -out $CERTFILE, -new -x509 -key $KEYFILE + else + $CERTTOOL --generate-privkey --outfile $KEYFILE 2>/dev/null + $CERTTOOL --template $GNUTLS_CA_TEMPLATE --generate-self-signed --load-privkey $KEYFILE --outfile $CERTFILE 2>/dev/null + fi + } + +print_version() +{ + GNUNET_ARM_VERSION=`gnunet-arm -v` + echo $GNUNET_ARM_VERSION +} + +main() +{ + KEYFILE=$1 + CERTFILE=$2 + setdefaults + generate_cert_key +} + +main "$@" -- cgit v1.2.3