- certwatch: prevent warnings for duplicate certs (#103807)

- make /etc/cron.daily/certwatch 0755 (#141003) - add genkey(1) man page (#134821)
2005-02-15 16:30:01 +00:00 · 2005-02-15 16:30:01 +00:00 · dea5e1462d
parent 69910b9bfb
commit dea5e1462d
5 changed files with 133 additions and 8 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1,4 @@
 crypto-rand-1.1.tar.gz
+genkey.1
+certwatch.1
+i386
--- a/certwatch.cron
+++ b/certwatch.cron
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 # Issue warning e-mails if SSL certificates expire, using
 # certwatch(8).  Set NOCERTWATCH=yes in /etc/sysconfig/httpd
@ -17,8 +17,11 @@ test -x /usr/bin/certwatch || exit 0
 test -r /etc/httpd/conf/httpd.conf || exit 0
 test -x /usr/sbin/sendmail || exit 0
 test -x /etc/httpd/modules/mod_ssl.so || exit 0
+test -x /bin/sort || exit 0

-certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null`
+set -o pipefail # pick up exit code of httpd not sort
+
+certs=`${httpd} -t -DDUMP_CERTS 2>/dev/null | /bin/sort -u`
 RETVAL=$?
 test $RETVAL -eq 0 || exit 0

--- a/crypto-utils.spec
+++ b/crypto-utils.spec
@ -4,12 +4,13 @@
 Summary: SSL certificate and key management utilities
 Name: crypto-utils
 Version: 2.1
-Release: 4
+Release: 5
 Source: crypto-rand-%{crver}.tar.gz
 Source1: genkey.pl
 Source2: certwatch.c
 Source3: certwatch.cron
 Source4: certwatch.xml
+Source5: genkey.xml
 Group: Applications/System
 License: Various
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
@ -31,7 +32,9 @@ make

 cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl -o certwatch \
   $RPM_SOURCE_DIR/certwatch.c -lcrypto
-xmlto man $RPM_SOURCE_DIR/certwatch.xml
+for m in certwatch.xml genkey.xml; do
+  xmlto man $RPM_SOURCE_DIR/$m
+done

 pushd Makerand
 perl -pi -e "s/Stronghold/Crypt/g" *
@ -75,6 +78,8 @@ install -c -m 755 $RPM_SOURCE_DIR/certwatch.cron \
   $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/certwatch
 install -c -m 644 certwatch.1 \
   $RPM_BUILD_ROOT%{_mandir}/man1/certwatch.1
+install -c -m 644 genkey.1 \
+   $RPM_BUILD_ROOT%{_mandir}/man1/genkey.1

 # install genkey
 sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
@ -91,10 +96,15 @@ sed -e "s|^\$bindir.*$|\$bindir = \"/usr/bin\";|" \
 %files -f filelist
 %defattr(0644,root,root,0755)
 %attr(0755,root,root) %{_bindir}/*
-%{_sysconfdir}/cron.daily/certwatch
-%{_mandir}/man1/certwatch.1*
+%attr(0755,root,root) %{_sysconfdir}/cron.daily/certwatch
+%{_mandir}/man1/*.1*

 %changelog
+* Tue Feb 15 2005 Joe Orton <jorton@redhat.com> 2.1-5
+- certwatch: prevent warnings for duplicate certs (#103807)
+- make /etc/cron.daily/certwatch 0755 (#141003)
+- add genkey(1) man page (#134821)
+
 * Tue Oct 19 2004 Joe Orton <jorton@redhat.com> 2.1-4
 - make certwatch(1) warning distro-neutral
 - update to crypto-rand 1.1, fixing #136093
--- a/genkey.pl
+++ b/genkey.pl
@ -1,6 +1,6 @@
 #!%INSTDIR%/bin/perl
 #
-# Copyright (c) 2001-2004 Red Hat, Inc. All rights reserved.
+# Copyright (c) 2001-2005 Red Hat, Inc. All rights reserved.
 #
 # This software may be freely redistributed under the terms of the
 # GNU General Public License.
@ -43,7 +43,7 @@ sub InitRoot

    Newt::Cls();
    Newt::DrawRootText(0, 0, 
-		       "Red Hat Keypair Generation (c) 2004 Red Hat, Inc.");
+		       "Red Hat Keypair Generation (c) 2005 Red Hat, Inc.");

    if ($help == 1) {
 	Newt::PushHelpLine("  <Tab>/<Alt-Tab> between elements  |" .
--- a/genkey.xml
+++ b/genkey.xml
@ -0,0 +1,109 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry>
+
+  <refentryinfo>
+    <productname>crypto-utils</productname>
+    <date>February 2005</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>genkey</refentrytitle>
+    <manvolnum>1</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>genkey</refname>
+    <refpurpose>generate SSL certificates and certificate requests</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>genkey</command>
+      <arg><option>--test</option></arg>
+      <arg><option>--days <replaceable>count</replaceable></option></arg>
+      <group>
+        <arg><option>--genreq</option></arg>
+        <arg><option>--makeca</option></arg>
+      </group>
+      <arg choice="req"><replaceable>hostname</replaceable></arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><command>genkey</command> is an interactive command-line
+    tool which can be used to generate SSL certificates or Certificate
+    Signing Requests (CSR).  Generated certificates are stored in the
+    directory <filename>/usr/share/ssl/certs/</filename>, and the
+    corresponding private key in
+    <filename>/usr/share/ssl/private/</filename>. </para>
+
+    <para><command>genkey</command> will prompt for the size of key
+    desired; whether or not to generate a CSR; whether or not an
+    encrypted private key is desired; the certificate subject DN
+    details.</para>
+
+    <para><command>genkey</command> generates random data for the
+    private key using the truerand library and also by prompting the
+    user for entry of random text.</para>
+
+  </refsect1>
+  
+  <refsect1>
+    <title>Options</title>
+    
+    <variablelist>
+      <varlistentry>
+        <term><option>--makceca</option></term>
+        <listitem><simpara>Generate a Certificate Authority
+        keypair.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--genreq</option></term>
+        <listitem><simpara>Generate a Certificate Signing Request for
+        an existing private key, which can be submitted to a CA (for
+        example, for renewal).</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--days</option> <replaceable>count</replaceable></term>
+        <listitem><simpara>When generating a self-signed certificate,
+        specify that the number of days for which the certificate is
+        valid be <replaceable>count</replaceable> rather than the default
+        value of 30.</simpara></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>--test</option></term>
+        <listitem><simpara>For test purposes only; omit the slow
+        process of generating random data.</simpara></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>Examples</title>
+
+    <para>The following example will create a self-signed certificate
+    and private key for the hostname
+    <literal>www.example.com</literal>:
+
+      <programlisting>
+        # genkey --days 120 www.example.com
+      </programlisting>
+
+    </para>
+  </refsect1>    
+
+  <refsect1>
+    <title>Files</title>
+
+    <para><filename>/usr/share/ssl/openssl.cnf</filename></para>
+
+  </refsect1>
+
+</refentry>