- genkey: skip the CA selection dialog; the CA-specific instructions are

all out-of-date
- man page updates, add man page for keyrand

.cvsignore

@@ -1 +1,10 @@
 *.rpm
+*.1
+version.xml
+date.xml
+private
+certs
+genkey
+clog
+.*.log
+x86_64

Makefile

@@ -25,3 +25,37 @@ certwatch: certwatch.c
 
 test-certwatch: certwatch
 	./certwatch
+
+genkey: genkey.pl Makefile
+	sed -e "s|^\$$bindir.*$$|\$$bindir = \"/usr/bin\";|" \
+	    -e "s|^\$$ssltop.*$$|\$$ssltop = \"$(PWD)\";|" \
+	    -e "s|^\$$sslconf.*$$|\$$sslconf = \"/etc/pki/tls/openssl.cnf\";|" \
+	    -e "s|^\$$cadir.*$$|\$$cadir = \"/etc/pki/CA\";|" \
+	    -e "1s|.*|\#\!/usr/bin/perl|	g" \
+	    -e "s/'Challenge',/'Email','Challenge',/g" \
+	    -e "/@EXTRA@/d" < $< > $@
+	chmod 755 $@
+
+test-genkey: genkey
+	mkdir -p certs private
+	./genkey --test `hostname`
+
+date.xml:
+	date +"%e %B %Y" | tr -d '\n' > $@
+
+version.xml:
+	echo -n ${VERSION} > $@
+
+man-genkey: genkey.xml date.xml version.xml
+	xmlto man genkey.xml
+	man ./genkey.1
+
+man-keyrand: keyrand.xml date.xml version.xml
+	xmlto man keyrand.xml
+	man ./keyrand.1
+
+man-certwatch: certwatch.xml date.xml version.xml
+	xmlto man certwatch.xml
+	man ./certwatch.1
+
+

certwatch.xml

@@ -1,11 +1,19 @@
 <?xml version='1.0' encoding='utf-8'?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+
+]>
+
 <refentry>
 
   <refentryinfo>
+    <date>&date;</date>
+    <title>Cryptography Utilities</title>
     <productname>crypto-utils</productname>
-    <date>April 2005</date>
+    <productnumber>&version;</productnumber>
   </refentryinfo>
 
   <refmeta>
@@ -108,20 +116,22 @@
 
     <para>The <command>certwatch</command> program is run daily by
     <command>crond</command> from the file
-    <filename>/etc/cron.daily/certwatch</filename> to warn about the
+    <filename>/etc/cron.daily/certwatch</filename> to generate warning
-    imminent expiry of SSL certificates configured for use in the
+    mail concerning the imminent expiry of SSL certificates configured
-    Apache HTTP server.  This warning can be disabled by adding the
+    for use in the Apache HTTP server.  These warnings can be disabled
-    line: <literal>NOCERTWATCH=yes</literal> to the file
+    by adding the line: <literal>NOCERTWATCH=yes</literal> to the file
-    <filename>/etc/sysconfig/httpd</filename>.  Options to pass to
+    <filename>/etc/sysconfig/httpd</filename>.  Additional options to
-    certwatch can be specified in that file in the
+    pass to <command>certwatch</command> can be specified in that file
-    <literal>CERTWATCH_OPTS</literal> environment variable.</para>
+    in the <literal>CERTWATCH_OPTS</literal> environment
+    variable.</para>
 
   </refsect1>
 
   <refsect1>
     <title>Files</title>
 
-    <para><filename>/etc/cron.daily/certwatch</filename></para>
+    <para><filename>/etc/cron.daily/certwatch</filename>,
+    <filename>/etc/sysconfig/httpd</filename></para>
   </refsect1>
   
   <refsect1>

crypto-utils.spec

@@ -4,7 +4,7 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.3
-Release: 4
+Release: 5
 Source: crypto-rand-%{crver}.tar.gz
 Source1: genkey.pl
 Source2: certwatch.c
@@ -13,6 +13,7 @@ Source4: certwatch.xml
 Source5: genkey.xml
 Source6: keyrand.c
 Source7: COPYING
+Source8: keyrand.xml
 Group: Applications/System
 License: MIT and GPLv2+
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -39,8 +40,11 @@ cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl \
 cc $RPM_OPT_FLAGS -Wall -Werror \
    $RPM_SOURCE_DIR/keyrand.c -o keyrand -lnewt
 
-for m in certwatch.xml genkey.xml; do
+date +"%e %B %Y" | tr -d '\n' > date.xml
-  xmlto man $RPM_SOURCE_DIR/$m
+echo -n %{version} > version.xml
+
+for m in certwatch.xml genkey.xml keyrand.xml; do
+  xmlto man $RPM_SOURCE_DIR/${m} 
 done
 
 pushd Makerand
@@ -76,10 +80,9 @@ install -c -m 755 keyrand $RPM_BUILD_ROOT%{_bindir}/keyrand
 install -c -m 755 certwatch $RPM_BUILD_ROOT%{_bindir}/certwatch
 install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \
    $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
-install -c -m 644 certwatch.1 \
+for f in certwatch genkey keyrand; do 
-   $RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
+   install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1
-install -c -m 644 genkey.1 \
+done
-   $RPM_BUILD_ROOT%{_mandir}/man1/genkey.1
 
 # install genkey
 sed -e "s|^\$bindir.*$|\$bindir = \"%{_bindir}\";|" \
@@ -106,6 +109,11 @@ chmod -R u+w $RPM_BUILD_ROOT
 %{perl_vendorarch}/auto/Crypt
 
 %changelog
+* Wed Oct 24 2007 Joe Orton <jorton@redhat.com> 2.3-5
+- genkey: skip the CA selection dialog; the CA-specific 
+  instructions are all out-of-date
+- man page updates, add man page for keyrand
+
 * Thu Aug 23 2007 Joe Orton <jorton@redhat.com> 2.3-4
 - fix certwatch -p too
 - clarify License; package license texts

genkey.pl

@@ -49,7 +49,7 @@ sub InitRoot
 
     Newt::Cls();
     Newt::DrawRootText(0, 0, 
-		       "Red Hat Keypair Generation (c) 2005 Red Hat, Inc.");
+		       "Red Hat Keypair Generation (c) 2007 Red Hat, Inc.");
 
     if ($help == 1) {
 	Newt::PushHelpLine("  <Tab>/<Alt-Tab> between elements  |" .
@@ -134,7 +134,7 @@ if ($ca_mode) {
 
 ### State variables
 my $bits = 0;
-my $myca = "";
+my $myca = "Other";
 my $useca = 0;
 my $cadetails;
 #
@@ -183,8 +183,7 @@ if ($genreq_mode && !(-f $keyfile)) {
 my @windows;
 if ($genreq_mode) {
     $useca = 1;
-    @windows = (whichCAWindow,
+    @windows = (genReqWindow,
-		genReqWindow,
 		);
     $doingwhat="CSR generation";
 } elsif ($ca_mode) {
@@ -204,7 +203,6 @@ if ($genreq_mode) {
 		getRandomDataWindow, ## leaves newt suspended
 		generateKey,
 		wantCAWindow,
-		whichCAWindow,
 		genReqWindow,
 		genCertWindow,
 		encryptKeyWindow,
@@ -563,8 +561,7 @@ EOT
 Now we are going to set the passphrase on the private key. This
 passphrase is used to encrypt your private key when it is stored
 on disk. You will have to type this passphrase when the server
-starts. If you do not want to store the key encrypted on disk
+starts
-read about the "decrypt_key" command in the documentation.
 
 -- DO NOT LOSE THIS PASS PHRASE --
 
@@ -884,9 +881,9 @@ sub genReqWindow
     $csrfile = $ssltop."/certs/".$servername.".$num.csr";
     
     my $msg = "You are about to be asked to enter information that will be ".
-	"incorporated into your certificate request to $myca. What you are about to ".
+	"incorporated into your certificate request to a CA. What you are about to ".
-	 "enter is what is called a Distinguished Name or a DN.  There are ".
+        "enter is what is called a Distinguished Name or a DN.  There are ".
-	 "quite a few fields but you can leave some blank.";
+        "quite a few fields but you can leave some blank.";
 
     my $ret = getCertDetails($servername,$msg, 1);
     return $ret unless ($ret eq "Next");

genkey.xml

@@ -1,11 +1,19 @@
 <?xml version='1.0' encoding='utf-8'?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+
+]>
+
 <refentry>
 
   <refentryinfo>
+    <date>&date;</date>
+    <title>Cryptography Utilities</title>
     <productname>crypto-utils</productname>
-    <date>April 2005</date>
+    <productnumber>&version;</productnumber>
   </refentryinfo>
 
   <refmeta>
@@ -57,7 +65,7 @@
     
     <variablelist>
       <varlistentry>
-        <term><option>--makceca</option></term>
+        <term><option>--makeca</option></term>
         <listitem><simpara>Generate a Certificate Authority
         keypair.</simpara></listitem>
       </varlistentry>

keyrand.xml

@@ -0,0 +1,76 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
+
+<!ENTITY date SYSTEM "date.xml">
+<!ENTITY version SYSTEM "version.xml">
+
+]>
+
+<refentry>
+
+  <refentryinfo>
+    <date>&date;</date>
+    <title>Cryptography Utilities</title>
+    <productname>crypto-utils</productname>
+    <productnumber>&version;</productnumber>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>keyrand</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>keyrand</refname>
+    <refpurpose>utility for collecting random data</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>keyrand</command>
+      <arg choice="req"><replaceable>bits</replaceable></arg>
+      <arg choice="req"><replaceable>outfile</replaceable></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><command>keyrand</command> is an tool which collects a given
+    number of random bits from the kernel random number generator,
+    presenting a text-based user interface showing progress.</para>
+
+    <para>The random data is read from
+    <filename>/dev/random</filename> and appended to the output file
+    <parameter>outfile</parameter>, which must already exist.</para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+
+    <para>The following example will collect 1024 bits of random
+    data and append them to the file <filename>data</filename>:
+
+      <programlisting>
+# keyrand 1024 data
+      </programlisting>
+
+    </para>
+  </refsect1>    
+
+  <refsect1>
+    <title>Files</title>
+
+    <para><filename>/dev/random</filename></para>
+
+  </refsect1>
+
+  <refsect1>
+    <title>See also</title>
+
+    <para>genkey(1)</para>
+  </refsect1>
+
+</refentry>