]> sourceware.org Git - systemtap.git/blame - stap-gen-cert
git://sourceware.org / systemtap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Consolidate task_finder/vma tracker initialization.
[systemtap.git] / stap-gen-cert
CommitLineData
1cecb3c5
DB		 1#!/bin/bash
2
3# Generate a certificate for the systemtap server and add it to the
4# database of trusted servers for the client.
5#
d2334a22 6# Copyright (C) 2008-2010 Red Hat Inc.
1cecb3c5
DB		 7#
8# This file is part of systemtap, and is free software. You can
9# redistribute it and/or modify it under the terms of the GNU General
10# Public License (GPL); either version 2, or (at your option) any
11# later version.
12
98f552c2 13# Initialize the environment
961588fd 14. ${PKGLIBEXECDIR}stap-env
98f552c2 15
1cecb3c5 16# Obtain the certificate database directory name.
d2334a22 17serverdb="$1"
98f552c2 18if test "X$serverdb" = "X"; then
d2334a22 19 serverdb="$stap_ssl_db/server"
1cecb3c5 20fi
d2334a22 21rm -fr "$serverdb"
1cecb3c5
DB		 22
23# Create the server's certificate database directory.
d2334a22 24if ! mkdir -p -m 755 "$serverdb"; then
1cecb3c5
DB		 25 echo "Unable to create the server certificate database directory: $serverdb" >&2
26 exit 1
27fi
28
29# Create the certificate database password file. Care must be taken
30# that this file is only readable by the owner.
d2334a22 31if ! (touch "$serverdb/pw" && chmod 600 "$serverdb/pw"); then
1cecb3c5
DB		 32 echo "Unable to create the server certificate database password file: $serverdb/pw" >&2
33 exit 1
34fi
35
36# Generate a random password.
d2334a22
DB		 37mkpasswd -l 20 > "$serverdb/pw" 2>/dev/null || \
38apg -a 1 -n 1 -m 20 -x 20 > "$serverdb/pw" 2>/dev/null || \
39(read -n20 password </dev/urandom; echo "$password" > "$serverdb/pw")
1cecb3c5
DB		 40
41# Generate the server certificate database
d2334a22 42if ! certutil -N -d "$serverdb" -f "$serverdb/pw" > /dev/null; then
1cecb3c5
DB		 43 echo "Unable to initialize the server certificate database directory: $serverdb" >&2
44 exit 1
45fi
46
47# We need some random noise for generating keys
d2334a22 48dd bs=123 count=1 < /dev/urandom > "$serverdb/noise" 2> /dev/null
1cecb3c5
DB		 49
50# Generate a request for the server's certificate.
d2334a22
DB		 51certutil -R -d "$serverdb" -f "$serverdb/pw" -s "CN=Systemtap Compile Server, OU=Systemtap, O=Red Hat, C=US" \
52 -o "$serverdb/stap.req" -z "$serverdb/noise" 2> /dev/null
53rm -fr "$serverdb/noise"
1cecb3c5 54
4d6a58a6 55# Create the certificate file first so that it always has the proper access permissions.
d2334a22 56if ! (touch "$serverdb/$stap_certfile" && chmod 644 "$serverdb/$stap_certfile"); then
35e88656 57 echo "Unable to create the server certificate file: $serverdb/$stap_certfile" >&2
4d6a58a6
DB		 58 exit 1
59fi
60
d2334a22
DB		 61# Now generate the actual certificate. Make is valid for 1 year.
62certutil -C -i "$serverdb/stap.req" -o "$serverdb/$stap_certfile" -x -d "$serverdb" \
63 -f "$serverdb/pw" -v 12 -5 -8 "$HOSTNAME,localhost" >/dev/null <<-EOF
1cecb3c5
DB		 641
653
667
678
68y
69EOF
d2334a22 70rm -fr "$serverdb/stap.req"
1cecb3c5
DB		 71
72# Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer
d2334a22 73certutil -A -n stap-server -t "PCu,,PCu" -i "$serverdb/$stap_certfile" -d "$serverdb" -f "$serverdb/pw"
41b0a0c6 74
d2334a22 75# Print some information about the certificate.
41b0a0c6 76echo "Certificate $serverdb/$stap_certfile created and added to database $serverdb"
d2334a22
DB		 77certutil -L -d "$serverdb" -n stap-server | \
78 awk '/Validity|Not After|Not Before/ { print $0 }' | \
79 sed 's/^ */ /'
80
41b0a0c6 81exit 0
systemtap: system-wide probe/trace tool
This page took 0.046923 seconds and 5 git commands to generate.