- genkey: skip the CA selection dialog; the CA-specific instructions are

all out-of-date
- man page updates, add man page for keyrand
This commit is contained in:
jorton 2007-10-24 14:03:17 +00:00
parent 1c44b82b11
commit 1f6c608958
7 changed files with 172 additions and 30 deletions

View File

@ -1 +1,10 @@
*.rpm
*.1
version.xml
date.xml
private
certs
genkey
clog
.*.log
x86_64

View File

@ -25,3 +25,37 @@ certwatch: certwatch.c
test-certwatch: certwatch
./certwatch
genkey: genkey.pl Makefile
sed -e "s|^\$$bindir.*$$|\$$bindir = \"/usr/bin\";|" \
-e "s|^\$$ssltop.*$$|\$$ssltop = \"$(PWD)\";|" \
-e "s|^\$$sslconf.*$$|\$$sslconf = \"/etc/pki/tls/openssl.cnf\";|" \
-e "s|^\$$cadir.*$$|\$$cadir = \"/etc/pki/CA\";|" \
-e "1s|.*|\#\!/usr/bin/perl| g" \
-e "s/'Challenge',/'Email','Challenge',/g" \
-e "/@EXTRA@/d" < $< > $@
chmod 755 $@
test-genkey: genkey
mkdir -p certs private
./genkey --test `hostname`
date.xml:
date +"%e %B %Y" | tr -d '\n' > $@
version.xml:
echo -n ${VERSION} > $@
man-genkey: genkey.xml date.xml version.xml
xmlto man genkey.xml
man ./genkey.1
man-keyrand: keyrand.xml date.xml version.xml
xmlto man keyrand.xml
man ./keyrand.1
man-certwatch: certwatch.xml date.xml version.xml
xmlto man certwatch.xml
man ./certwatch.1

View File

@ -1,11 +1,19 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry>
<refentryinfo>
<date>&date;</date>
<title>Cryptography Utilities</title>
<productname>crypto-utils</productname>
<date>April 2005</date>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
@ -108,20 +116,22 @@
<para>The <command>certwatch</command> program is run daily by
<command>crond</command> from the file
<filename>/etc/cron.daily/certwatch</filename> to warn about the
imminent expiry of SSL certificates configured for use in the
Apache HTTP server. This warning can be disabled by adding the
line: <literal>NOCERTWATCH=yes</literal> to the file
<filename>/etc/sysconfig/httpd</filename>. Options to pass to
certwatch can be specified in that file in the
<literal>CERTWATCH_OPTS</literal> environment variable.</para>
<filename>/etc/cron.daily/certwatch</filename> to generate warning
mail concerning the imminent expiry of SSL certificates configured
for use in the Apache HTTP server. These warnings can be disabled
by adding the line: <literal>NOCERTWATCH=yes</literal> to the file
<filename>/etc/sysconfig/httpd</filename>. Additional options to
pass to <command>certwatch</command> can be specified in that file
in the <literal>CERTWATCH_OPTS</literal> environment
variable.</para>
</refsect1>
<refsect1>
<title>Files</title>
<para><filename>/etc/cron.daily/certwatch</filename></para>
<para><filename>/etc/cron.daily/certwatch</filename>,
<filename>/etc/sysconfig/httpd</filename></para>
</refsect1>
<refsect1>

View File

@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.3
Release: 4
Release: 5
Source: crypto-rand-%{crver}.tar.gz
Source1: genkey.pl
Source2: certwatch.c
@ -13,6 +13,7 @@ Source4: certwatch.xml
Source5: genkey.xml
Source6: keyrand.c
Source7: COPYING
Source8: keyrand.xml
Group: Applications/System
License: MIT and GPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -39,8 +40,11 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl \
cc $RPM_OPT_FLAGS -Wall -Werror \
$RPM_SOURCE_DIR/keyrand.c -o keyrand -lnewt
for m in certwatch.xml genkey.xml; do
xmlto man $RPM_SOURCE_DIR/$m
date +"%e %B %Y" | tr -d '\n' > date.xml
echo -n %{version} > version.xml
for m in certwatch.xml genkey.xml keyrand.xml; do
xmlto man $RPM_SOURCE_DIR/${m}
done
pushd Makerand
@ -76,10 +80,9 @@ install -c -m 755 keyrand $RPM_BUILD_ROOT%{_bindir}/keyrand
install -c -m 755 certwatch $RPM_BUILD_ROOT%{_bindir}/certwatch
install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
install -c -m 644 certwatch.1 \
$RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
install -c -m 644 genkey.1 \
$RPM_BUILD_ROOT%{_mandir}/man1/genkey.1
for f in certwatch genkey keyrand; do
install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
done
# install genkey
sed -e "s|^\$bindir.*$|\$bindir = \"%{_bindir}\";|" \
@ -106,6 +109,11 @@ chmod -R u+w $RPM_BUILD_ROOT
%{perl_vendorarch}/auto/Crypt
%changelog
* Wed Oct 24 2007 Joe Orton <jorton@redhat.com> 2.3-5
- genkey: skip the CA selection dialog; the CA-specific
instructions are all out-of-date
- man page updates, add man page for keyrand
* Thu Aug 23 2007 Joe Orton <jorton@redhat.com> 2.3-4
- fix certwatch -p too
- clarify License; package license texts

View File

@ -49,7 +49,7 @@ sub InitRoot
Newt::Cls();
Newt::DrawRootText(0, 0,
"Red Hat Keypair Generation (c) 2005 Red Hat, Inc.");
"Red Hat Keypair Generation (c) 2007 Red Hat, Inc.");
if ($help == 1) {
Newt::PushHelpLine(" <Tab>/<Alt-Tab> between elements |" .
@ -134,7 +134,7 @@ if ($ca_mode) {
### State variables
my $bits = 0;
my $myca = "";
my $myca = "Other";
my $useca = 0;
my $cadetails;
#
@ -183,8 +183,7 @@ if ($genreq_mode && !(-f $keyfile)) {
my @windows;
if ($genreq_mode) {
$useca = 1;
@windows = (whichCAWindow,
genReqWindow,
@windows = (genReqWindow,
);
$doingwhat="CSR generation";
} elsif ($ca_mode) {
@ -204,7 +203,6 @@ if ($genreq_mode) {
getRandomDataWindow, ## leaves newt suspended
generateKey,
wantCAWindow,
whichCAWindow,
genReqWindow,
genCertWindow,
encryptKeyWindow,
@ -563,8 +561,7 @@ EOT
Now we are going to set the passphrase on the private key. This
passphrase is used to encrypt your private key when it is stored
on disk. You will have to type this passphrase when the server
starts. If you do not want to store the key encrypted on disk
read about the "decrypt_key" command in the documentation.
starts
-- DO NOT LOSE THIS PASS PHRASE --
@ -884,9 +881,9 @@ sub genReqWindow
$csrfile = $ssltop."/certs/".$servername.".$num.csr";
my $msg = "You are about to be asked to enter information that will be ".
"incorporated into your certificate request to $myca. What you are about to ".
"enter is what is called a Distinguished Name or a DN. There are ".
"quite a few fields but you can leave some blank.";
"incorporated into your certificate request to a CA. What you are about to ".
"enter is what is called a Distinguished Name or a DN. There are ".
"quite a few fields but you can leave some blank.";
my $ret = getCertDetails($servername,$msg, 1);
return $ret unless ($ret eq "Next");

View File

@ -1,11 +1,19 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry>
<refentryinfo>
<date>&date;</date>
<title>Cryptography Utilities</title>
<productname>crypto-utils</productname>
<date>April 2005</date>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
@ -57,7 +65,7 @@
<variablelist>
<varlistentry>
<term><option>--makceca</option></term>
<term><option>--makeca</option></term>
<listitem><simpara>Generate a Certificate Authority
keypair.</simpara></listitem>
</varlistentry>

76
keyrand.xml Normal file
View File

@ -0,0 +1,76 @@
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">
]>
<refentry>
<refentryinfo>
<date>&date;</date>
<title>Cryptography Utilities</title>
<productname>crypto-utils</productname>
<productnumber>&version;</productnumber>
</refentryinfo>
<refmeta>
<refentrytitle>keyrand</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>keyrand</refname>
<refpurpose>utility for collecting random data</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>keyrand</command>
<arg choice="req"><replaceable>bits</replaceable></arg>
<arg choice="req"><replaceable>outfile</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>keyrand</command> is an tool which collects a given
number of random bits from the kernel random number generator,
presenting a text-based user interface showing progress.</para>
<para>The random data is read from
<filename>/dev/random</filename> and appended to the output file
<parameter>outfile</parameter>, which must already exist.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<para>The following example will collect 1024 bits of random
data and append them to the file <filename>data</filename>:
<programlisting>
# keyrand 1024 data
</programlisting>
</para>
</refsect1>
<refsect1>
<title>Files</title>
<para><filename>/dev/random</filename></para>
</refsect1>
<refsect1>
<title>See also</title>
<para>genkey(1)</para>
</refsect1>
</refentry>