[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Mike Frysinger (vapier)]

vapier      14/03/20 19:32:09

  Modified:             ssl-cert.eclass
  Log:
  update banned list of src funcs install_cert is banned in, and upgrade the call to a `die`

Revision  Changes    Path
1.23                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.23&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.23&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?r1=1.22&r2=1.23

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- ssl-cert.eclass	20 Mar 2014 19:30:56 -0000	1.22
+++ ssl-cert.eclass	20 Mar 2014 19:32:09 -0000	1.23
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.22 2014/03/20 19:30:56 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.23 2014/03/20 19:32:09 vapier Exp $
 
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -192,9 +192,9 @@
 	fi
 
 	case ${EBUILD_PHASE} in
-		unpack|compile|test|install)
-			eerror "install_cert cannot be called in ${EBUILD_PHASE}"
-			return 1 ;;
+	unpack|prepare|configure|compile|test|install)
+		die "install_cert cannot be called in ${EBUILD_PHASE}"
+		;;
 	esac
 
 	# Generate a CA environment #164601

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Mike Frysinger (vapier)]

vapier      14/03/20 19:33:13

  Modified:             ssl-cert.eclass
  Log:
  style fix: change `...` to $(...)

Revision  Changes    Path
1.24                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.24&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.24&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?r1=1.23&r2=1.24

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- ssl-cert.eclass	20 Mar 2014 19:32:09 -0000	1.23
+++ ssl-cert.eclass	20 Mar 2014 19:33:13 -0000	1.24
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.23 2014/03/20 19:32:09 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.24 2014/03/20 19:33:13 vapier Exp $
 
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -104,7 +104,7 @@
 #
 # Access: private
 gen_key() {
-	local base=`get_base $1`
+	local base=$(get_base "$1")
 	ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
 	openssl genrsa -rand "${SSL_RANDOM}" \
 		-out "${base}.key" "${SSL_BITS}" &> /dev/null
@@ -121,7 +121,7 @@
 #
 # Access: private
 gen_csr() {
-	local base=`get_base $1`
+	local base=$(get_base "$1")
 	ebegin "Generating Certificate Signing Request${1:+ for CA}"
 	openssl req -config "${SSL_CONF}" -new \
 		-key "${base}.key" -out "${base}.csr" &>/dev/null
@@ -140,14 +140,14 @@
 #
 # Access: private
 gen_crt() {
-	local base=`get_base $1`
+	local base=$(get_base "$1")
 	if [ "${1}" ] ; then
 		ebegin "Generating self-signed X.509 Certificate for CA"
 		openssl x509 -extfile "${SSL_CONF}" \
 			-days ${SSL_DAYS} -req -signkey "${base}.key" \
 			-in "${base}.csr" -out "${base}.crt" &>/dev/null
 	else
-		local ca=`get_base 1`
+		local ca=$(get_base 1)
 		ebegin "Generating authority-signed X.509 Certificate"
 		openssl x509 -extfile "${SSL_CONF}" \
 			-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
@@ -167,7 +167,7 @@
 #
 # Access: private
 gen_pem() {
-	local base=`get_base $1`
+	local base=$(get_base "$1")
 	ebegin "Generating PEM Certificate"
 	(cat "${base}.key"; echo; cat "${base}.crt") > "${base}.pem"
 	eend $?

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Mike Frysinger (vapier)]

vapier      14/03/20 19:30:56

  Modified:             ssl-cert.eclass
  Log:
  drop long dead docert func

Revision  Changes    Path
1.22                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.22&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.22&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?r1=1.21&r2=1.22

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ssl-cert.eclass	20 Mar 2014 19:30:32 -0000	1.21
+++ ssl-cert.eclass	20 Mar 2014 19:30:56 -0000	1.22
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.21 2014/03/20 19:30:32 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.22 2014/03/20 19:30:56 vapier Exp $
 
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -175,13 +175,6 @@
 	return $?
 }
 
-# Removed due to bug 174759
-docert() {
-	eerror "Function \"docert\" has been removed for security reasons."
-	eerror "\"install_cert\" should be used instead. See bug 174759."
-	die
-}
-
 # @FUNCTION: install_cert
 # @USAGE: <certificates>
 # @DESCRIPTION:

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Mike Frysinger (vapier)]

vapier      14/03/20 19:30:33

  Modified:             ssl-cert.eclass
  Log:
  misc style fixes -- do not hardcode full path to `openssl`

Revision  Changes    Path
1.21                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.21&view=markup
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?rev=1.21&content-type=text/plain
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ssl-cert.eclass?r1=1.20&r2=1.21

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- ssl-cert.eclass	3 Jan 2013 19:19:55 -0000	1.20
+++ ssl-cert.eclass	20 Mar 2014 19:30:32 -0000	1.21
@@ -1,6 +1,6 @@
-# Copyright 1999-2011 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.20 2013/01/03 19:19:55 alonbl Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.21 2014/03/20 19:30:32 vapier Exp $
 
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -16,16 +16,14 @@
 # @ECLASS-VARIABLE: SSL_CERT_MANDATORY
 # @DESCRIPTION:
 # Set to non zero if ssl-cert is mandatory for ebuild.
-#
-SSL_CERT_MANDATORY="${SSL_CERT_MANDATORY:-0}"
+: ${SSL_CERT_MANDATORY:=0}
 
 # @ECLASS-VARIABLE: SSL_CERT_USE
 # @DESCRIPTION:
 # Use flag to append dependency to.
-#
-SSL_CERT_USE="${SSL_CERT_USE:-ssl}"
+: ${SSL_CERT_USE:=ssl}
 
-if [[ "${SSL_CERT_MANDATORY}" = 0 ]]; then
+if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then
 	DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )"
 	IUSE="${SSL_CERT_USE}"
 else
@@ -108,7 +106,7 @@
 gen_key() {
 	local base=`get_base $1`
 	ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
-	/usr/bin/openssl genrsa -rand "${SSL_RANDOM}" \
+	openssl genrsa -rand "${SSL_RANDOM}" \
 		-out "${base}.key" "${SSL_BITS}" &> /dev/null
 	eend $?
 
@@ -125,7 +123,7 @@
 gen_csr() {
 	local base=`get_base $1`
 	ebegin "Generating Certificate Signing Request${1:+ for CA}"
-	/usr/bin/openssl req -config "${SSL_CONF}" -new \
+	openssl req -config "${SSL_CONF}" -new \
 		-key "${base}.key" -out "${base}.csr" &>/dev/null
 	eend $?
 
@@ -145,13 +143,13 @@
 	local base=`get_base $1`
 	if [ "${1}" ] ; then
 		ebegin "Generating self-signed X.509 Certificate for CA"
-		/usr/bin/openssl x509 -extfile "${SSL_CONF}" \
+		openssl x509 -extfile "${SSL_CONF}" \
 			-days ${SSL_DAYS} -req -signkey "${base}.key" \
 			-in "${base}.csr" -out "${base}.crt" &>/dev/null
 	else
 		local ca=`get_base 1`
 		ebegin "Generating authority-signed X.509 Certificate"
-		/usr/bin/openssl x509 -extfile "${SSL_CONF}" \
+		openssl x509 -extfile "${SSL_CONF}" \
 			-days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
 			-CAkey "${ca}.key" -CA "${ca}.crt" \
 			-in "${base}.csr" -out "${base}.crt" &>/dev/null
@@ -246,7 +244,7 @@
 		install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
 		install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
 		install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
-		count=$((${count}+1))
+		: $(( ++count ))
 	done
 
 	# Resulting status

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Peter Volkov (pva)]

pva         10/02/16 14:23:40

  Modified:             ssl-cert.eclass
  Log:
  Use different CN for CA and certificate itself, fixes #164601, thank David Sperling for description and James Le Cuirot for fix.

Revision  Changes    Path
1.18                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.18&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.18&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.17&r2=1.18

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- ssl-cert.eclass	16 Sep 2009 20:11:17 -0000	1.17
+++ ssl-cert.eclass	16 Feb 2010 14:23:39 -0000	1.18
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.17 2009/09/16 20:11:17 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.18 2010/02/16 14:23:39 pva Exp $
 #
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -48,7 +48,7 @@
 	echo "01" > "${SSL_SERIAL}"
 
 	# Create the config file
-	ebegin "Generating OpenSSL configuration"
+	ebegin "Generating OpenSSL configuration${1:+ for CA}"
 	cat <<-EOF > "${SSL_CONF}"
 		[ req ]
 		prompt             = no
@@ -60,7 +60,7 @@
 		L                  = ${SSL_LOCALITY}
 		O                  = ${SSL_ORGANIZATION}
 		OU                 = ${SSL_UNIT}
-		CN                 = ${SSL_COMMONNAME}
+		CN                 = ${SSL_COMMONNAME}${1:+ CA}
 		emailAddress       = ${SSL_EMAIL}
 	EOF
 	eend $?
@@ -191,16 +191,16 @@
 			return 1 ;;
 	esac
 
-	# Initialize configuration
-	gen_cnf || return 1
-	echo
-
-	# Generate a CA environment
+	# Generate a CA environment #164601
+	gen_cnf 1 || return 1
 	gen_key 1 || return 1
 	gen_csr 1 || return 1
 	gen_crt 1 || return 1
 	echo
 
+	gen_cnf || return 1
+	echo
+
 	local count=0
 	for cert in "$@" ; do
 		# Check the requested certificate

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Alin Nastac (mrness)]

mrness      09/09/16 20:11:17

  Modified:             ssl-cert.eclass
  Log:
  fix comparison test

Revision  Changes    Path
1.17                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.17&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.17&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.16&r2=1.17

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- ssl-cert.eclass	14 Apr 2008 06:37:44 -0000	1.16
+++ ssl-cert.eclass	16 Sep 2009 20:11:17 -0000	1.17
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.16 2008/04/14 06:37:44 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.17 2009/09/16 20:11:17 mrness Exp $
 #
 # @ECLASS: ssl-cert.eclass
 # @MAINTAINER:
@@ -235,7 +235,7 @@
 	done
 
 	# Resulting status
-	if [ ! ${count} ] ; then
+	if [ ${count} = 0 ] ; then
 		eerror "No certificates were generated"
 		return 1
 	elif [ ${count} != ${#} ] ; then

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         08/04/14 06:37:44

  Modified:             ssl-cert.eclass
  Log:
  Add magic comments for eclass-manpages.

Revision  Changes    Path
1.16                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.16&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.16&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.15&r2=1.16

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ssl-cert.eclass	14 Apr 2008 06:27:45 -0000	1.15
+++ ssl-cert.eclass	14 Apr 2008 06:37:44 -0000	1.16
@@ -1,17 +1,25 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.16 2008/04/14 06:37:44 ulm Exp $
 #
+# @ECLASS: ssl-cert.eclass
+# @MAINTAINER:
 # Author: Max Kalika <max@gentoo.org>
-#
-# This eclass implements standard installation procedure for installing
+# @BLURB: Eclass for SSL certificates
+# @DESCRIPTION:
+# This eclass implements a standard installation procedure for installing
 # self-signed SSL certificates.
+# @EXAMPLE:
+# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 
 # Conditionally depend on OpenSSL: allows inheretence
 # without pulling extra packages if not needed
 DEPEND="ssl? ( dev-libs/openssl )"
 IUSE="ssl"
 
+# @FUNCTION: gen_cnf
+# @USAGE:
+# @DESCRIPTION:
 # Initializes variables and generates the needed
 # OpenSSL configuration file and a CA serial file
 #
@@ -60,6 +68,10 @@
 	return $?
 }
 
+# @FUNCTION: get_base
+# @USAGE: [if_ca]
+# @RETURN: <base path>
+# @DESCRIPTION:
 # Simple function to determine whether we're creating
 # a CA (which should only be done once) or final part
 #
@@ -72,6 +84,9 @@
 	fi
 }
 
+# @FUNCTION: gen_key
+# @USAGE: <base path>
+# @DESCRIPTION:
 # Generates an RSA key
 #
 # Access: private
@@ -85,6 +100,9 @@
 	return $?
 }
 
+# @FUNCTION: gen_csr
+# @USAGE: <base path>
+# @DESCRIPTION:
 # Generates a certificate signing request using
 # the key made by gen_key()
 #
@@ -99,6 +117,9 @@
 	return $?
 }
 
+# @FUNCTION: gen_crt
+# @USAGE: <base path>
+# @DESCRIPTION:
 # Generates either a self-signed CA certificate using
 # the csr and key made by gen_csr() and gen_key() or
 # a signed server certificate using the CA cert previously
@@ -125,6 +146,9 @@
 	return $?
 }
 
+# @FUNCTION: gen_pem
+# @USAGE: <base path>
+# @DESCRIPTION:
 # Generates a PEM file by concatinating the key
 # and cert file created by gen_key() and gen_cert()
 #
@@ -145,11 +169,12 @@
 	die
 }
 
-# Uses all the private functions above to generate
-# and install the requested certificates
-#
-# Usage: install_cert <certificates>
-# where <certificates> are full pathnames relative to ROOT, without extension.
+# @FUNCTION: install_cert
+# @USAGE: <certificates>
+# @DESCRIPTION:
+# Uses all the private functions above to generate and install the
+# requested certificates.
+# <certificates> are full pathnames relative to ROOT, without extension.
 #
 # Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 #



-- 
gentoo-commits@lists.gentoo.org mailing list

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         08/04/14 06:27:46

  Modified:             ssl-cert.eclass
  Log:
  Replace "docert" function by dummy, bug 174759.

Revision  Changes    Path
1.15                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.15&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.15&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.14&r2=1.15

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ssl-cert.eclass	28 Dec 2007 17:51:03 -0000	1.14
+++ ssl-cert.eclass	14 Apr 2008 06:27:45 -0000	1.15
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.14 2007/12/28 17:51:03 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.15 2008/04/14 06:27:45 ulm Exp $
 #
 # Author: Max Kalika <max@gentoo.org>
 #
@@ -138,74 +138,11 @@
 	return $?
 }
 
-# Uses all the private functions above to generate
-# and install the requested certificates
-# Note: This function is deprecated, use install_cert instead
-#
-# Access: public
+# Removed due to bug 174759
 docert() {
-	ewarn "Function \"docert\" is deprecated for security reasons."
-	ewarn "\"install_cert\" should be used instead. See bug #174759."
-
-	if [ $# -lt 1 ] ; then
-		eerror "At least one argument needed"
-		return 1;
-	fi
-
-	# Initialize configuration
-	gen_cnf || return 1
-	echo
-
-	# Generate a CA environment
-	gen_key 1 || return 1
-	gen_csr 1 || return 1
-	gen_crt 1 || return 1
-	echo
-
-	local count=0
-	for cert in "$@" ; do
-		# Sanitize and check the requested certificate
-		cert="`/usr/bin/basename "${cert}"`"
-		if [ -z "${cert}" ] ; then
-			ewarn "Invalid certification requested, skipping"
-			continue
-		fi
-
-		# Check for previous existence of generated files
-		for type in key crt pem ; do
-			if [ -e "${D}${INSDESTTREE}/${cert}.${type}" ] ; then
-				ewarn "${D}${INSDESTTREE}/${cert}.${type}: exists, skipping"
-				continue 2
-			fi
-		done
-
-		# Generate the requested files
-		gen_key || continue
-		gen_csr || continue
-		gen_crt || continue
-		gen_pem || continue
-		echo
-
-		# Install the generated files and set sane permissions
-		local base=`get_base`
-		newins "${base}.key" "${cert}.key"
-		fperms 0400 "${INSDESTTREE}/${cert}.key"
-		newins "${base}.csr" "${cert}.csr"
-		fperms 0444 "${INSDESTTREE}/${cert}.csr"
-		newins "${base}.crt" "${cert}.crt"
-		fperms 0444 "${INSDESTTREE}/${cert}.crt"
-		newins "${base}.pem" "${cert}.pem"
-		fperms 0400 "${INSDESTTREE}/${cert}.pem"
-		count=$((${count}+1))
-	done
-
-	# Resulting status
-	if [ ! ${count} ] ; then
-		eerror "No certificates were generated"
-		return 1
-	elif [ ${count} != ${#} ] ; then
-		ewarn "Some requested certificates were not generated"
-	fi
+	eerror "Function \"docert\" has been removed for security reasons."
+	eerror "\"install_cert\" should be used instead. See bug 174759."
+	die
 }
 
 # Uses all the private functions above to generate



-- 
gentoo-commits@lists.gentoo.org mailing list

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         07/12/28 17:51:03

  Modified:             ssl-cert.eclass
  Log:
  Revert accidental commit of ssl-cert.eclass.

Revision  Changes    Path
1.14                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.14&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.14&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.13&r2=1.14

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- ssl-cert.eclass	28 Dec 2007 17:48:34 -0000	1.13
+++ ssl-cert.eclass	28 Dec 2007 17:51:03 -0000	1.14
@@ -1,25 +1,17 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.13 2007/12/28 17:48:34 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.14 2007/12/28 17:51:03 ulm Exp $
 #
-# @ECLASS: ssl-cert.eclass
-# @MAINTAINER:
 # Author: Max Kalika <max@gentoo.org>
-# @BLURB: Eclass for SSL certificates
-# @DESCRIPTION:
+#
 # This eclass implements standard installation procedure for installing
 # self-signed SSL certificates.
-# @EXAMPLE:
-# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 
 # Conditionally depend on OpenSSL: allows inheretence
 # without pulling extra packages if not needed
 DEPEND="ssl? ( dev-libs/openssl )"
 IUSE="ssl"
 
-# @FUNCTION: gen_cnf
-# @USAGE:
-# @DESCRIPTION:
 # Initializes variables and generates the needed
 # OpenSSL configuration file and a CA serial file
 #
@@ -68,10 +60,6 @@
 	return $?
 }
 
-# @FUNCTION: get_base
-# @USAGE: [if_ca]
-# @RETURN: <base path>
-# @DESCRIPTION:
 # Simple function to determine whether we're creating
 # a CA (which should only be done once) or final part
 #
@@ -84,9 +72,6 @@
 	fi
 }
 
-# @FUNCTION: gen_key
-# @USAGE: <base path>
-# @DESCRIPTION:
 # Generates an RSA key
 #
 # Access: private
@@ -100,9 +85,6 @@
 	return $?
 }
 
-# @FUNCTION: gen_csr
-# @USAGE: <base path>
-# @DESCRIPTION:
 # Generates a certificate signing request using
 # the key made by gen_key()
 #
@@ -117,9 +99,6 @@
 	return $?
 }
 
-# @FUNCTION: gen_crt
-# @USAGE: <base path>
-# @DESCRIPTION:
 # Generates either a self-signed CA certificate using
 # the csr and key made by gen_csr() and gen_key() or
 # a signed server certificate using the CA cert previously
@@ -146,9 +125,6 @@
 	return $?
 }
 
-# @FUNCTION: gen_pem
-# @USAGE: <base path>
-# @DESCRIPTION:
 # Generates a PEM file by concatinating the key
 # and cert file created by gen_key() and gen_cert()
 #
@@ -232,12 +208,11 @@
 	fi
 }
 
-# @FUNCTION: install_cert
-# @USAGE: <certificates>
-# @DESCRIPTION:
-# Uses all the private functions above to generate and install the
-# requested certificates.
-# <certificates> are full pathnames relative to ROOT, without extension.
+# Uses all the private functions above to generate
+# and install the requested certificates
+#
+# Usage: install_cert <certificates>
+# where <certificates> are full pathnames relative to ROOT, without extension.
 #
 # Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
 #



-- 
gentoo-commits@gentoo.org mailing list

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         07/12/09 08:09:57

  Modified:             ssl-cert.eclass
  Log:
  Fix a typo.

Revision  Changes    Path
1.12                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.12&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.12&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.11&r2=1.12

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ssl-cert.eclass	9 Dec 2007 08:06:11 -0000	1.11
+++ ssl-cert.eclass	9 Dec 2007 08:09:56 -0000	1.12
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.11 2007/12/09 08:06:11 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.12 2007/12/09 08:09:56 ulm Exp $
 #
 # Author: Max Kalika <max@gentoo.org>
 #
@@ -26,7 +26,7 @@
 	SSL_RANDOM="${T}/environment:${T}/eclass-debug.log:/etc/resolv.conf"
 
 	# These can be overridden in the ebuild
-	SSL_DAYS="${SSL_BITS:-730}"
+	SSL_DAYS="${SSL_DAYS:-730}"
 	SSL_BITS="${SSL_BITS:-1024}"
 	SSL_COUNTRY="${SSL_COUNTRY:-US}"
 	SSL_STATE="${SSL_STATE:-California}"



-- 
gentoo-commits@gentoo.org mailing list

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         07/12/09 08:06:11

  Modified:             ssl-cert.eclass
  Log:
  Add more documentation to function install_cert.
  Output a deprecation warning in docert.

Revision  Changes    Path
1.11                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.11&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.11&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.10&r2=1.11

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- ssl-cert.eclass	7 Dec 2007 22:41:04 -0000	1.10
+++ ssl-cert.eclass	9 Dec 2007 08:06:11 -0000	1.11
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.10 2007/12/07 22:41:04 ulm Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.11 2007/12/09 08:06:11 ulm Exp $
 #
 # Author: Max Kalika <max@gentoo.org>
 #
@@ -144,6 +144,9 @@
 #
 # Access: public
 docert() {
+	ewarn "Function \"docert\" is deprecated for security reasons."
+	ewarn "\"install_cert\" should be used instead. See bug #174759."
+
 	if [ $# -lt 1 ] ; then
 		eerror "At least one argument needed"
 		return 1;
@@ -208,6 +211,11 @@
 # Uses all the private functions above to generate
 # and install the requested certificates
 #
+# Usage: install_cert <certificates>
+# where <certificates> are full pathnames relative to ROOT, without extension.
+#
+# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
+#
 # Access: public
 install_cert() {
 	if [ $# -lt 1 ] ; then



-- 
gentoo-commits@gentoo.org mailing list

[gentoo-commits] gentoo-x86 commit in eclass: ssl-cert.eclass

[Ulrich Mueller (ulm)]

ulm         07/12/07 22:41:04

  Modified:             ssl-cert.eclass
  Log:
  New function install_cert, replaces docert. Bug #174759.

Revision  Changes    Path
1.10                 eclass/ssl-cert.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.10&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?rev=1.10&content-type=text/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/ssl-cert.eclass?r1=1.9&r2=1.10

Index: ssl-cert.eclass
===================================================================
RCS file: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- ssl-cert.eclass	11 Jul 2005 15:08:06 -0000	1.9
+++ ssl-cert.eclass	7 Dec 2007 22:41:04 -0000	1.10
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.9 2005/07/11 15:08:06 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.10 2007/12/07 22:41:04 ulm Exp $
 #
 # Author: Max Kalika <max@gentoo.org>
 #
@@ -140,6 +140,7 @@
 
 # Uses all the private functions above to generate
 # and install the requested certificates
+# Note: This function is deprecated, use install_cert instead
 #
 # Access: public
 docert() {
@@ -203,3 +204,71 @@
 		ewarn "Some requested certificates were not generated"
 	fi
 }
+
+# Uses all the private functions above to generate
+# and install the requested certificates
+#
+# Access: public
+install_cert() {
+	if [ $# -lt 1 ] ; then
+		eerror "At least one argument needed"
+		return 1;
+	fi
+
+	case ${EBUILD_PHASE} in
+		unpack|compile|test|install)
+			eerror "install_cert cannot be called in ${EBUILD_PHASE}"
+			return 1 ;;
+	esac
+
+	# Initialize configuration
+	gen_cnf || return 1
+	echo
+
+	# Generate a CA environment
+	gen_key 1 || return 1
+	gen_csr 1 || return 1
+	gen_crt 1 || return 1
+	echo
+
+	local count=0
+	for cert in "$@" ; do
+		# Check the requested certificate
+		if [ -z "${cert##*/}" ] ; then
+			ewarn "Invalid certification requested, skipping"
+			continue
+		fi
+
+		# Check for previous existence of generated files
+		for type in key csr crt pem ; do
+			if [ -e "${ROOT}${cert}.${type}" ] ; then
+				ewarn "${ROOT}${cert}.${type}: exists, skipping"
+				continue 2
+			fi
+		done
+
+		# Generate the requested files
+		gen_key || continue
+		gen_csr || continue
+		gen_crt || continue
+		gen_pem || continue
+		echo
+
+		# Install the generated files and set sane permissions
+		local base=$(get_base)
+		install -d "${ROOT}${cert%/*}"
+		install -m0400 "${base}.key" "${ROOT}${cert}.key"
+		install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
+		install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
+		install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
+		count=$((${count}+1))
+	done
+
+	# Resulting status
+	if [ ! ${count} ] ; then
+		eerror "No certificates were generated"
+		return 1
+	elif [ ${count} != ${#} ] ; then
+		ewarn "Some requested certificates were not generated"
+	fi
+}



-- 
gentoo-commits@gentoo.org mailing list