From 925686a46452fc4ec64b23048ddf38575ef151e7 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Jun 06 2014 15:27:58 +0000 Subject: Generate the certificates and private keys before the first run --- diff --git a/ocserv.service b/ocserv.service index 86fca91..3f6a3e2 100644 --- a/ocserv.service +++ b/ocserv.service @@ -9,6 +9,7 @@ After=dbus.service PrivateTmp=true Type=forking PIDFile=/var/run/ocserv.pid +ExecStartPre=/usr/sbin/ocserv-genkey ExecStart=/usr/sbin/ocserv --pid-file /var/run/ocserv.pid --config /etc/ocserv/ocserv.conf ExecReload=/bin/kill -HUP $MAINPID diff --git a/ocserv.spec b/ocserv.spec index 27665b5..3b7d8f1 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -1,6 +1,6 @@ Name: ocserv Version: 0.8.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: OpenConnect SSL VPN server # For a breakdown of the licensing, see PACKAGE-LICENSING @@ -14,6 +14,7 @@ Source3: ocserv-pamd.conf Source4: PACKAGE-LICENSING Source5: org.infradead.ocserv.conf Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig +Source7: ocserv-genkey Patch1: ocserv-0.8.0-endianness.patch Patch2: ocserv-0.8.0-cmp.patch @@ -92,33 +93,6 @@ getent passwd ocserv &>/dev/null || \ mkdir -p %{_sysconfdir}/pki/ocserv/public mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private mkdir -p %{_sysconfdir}/pki/ocserv/cacerts -#generate CA certificate/key -if test ! -f %{_sysconfdir}/pki/ocserv/private/ca.key;then -certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/ca.key >/dev/null 2>&1 -echo "cn=`hostname -f` CA" >%{_sysconfdir}/pki/ocserv/ca.tmpl -echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl -echo "serial=1" >>%{_sysconfdir}/pki/ocserv/ca.tmpl -echo "ca" >>%{_sysconfdir}/pki/ocserv/ca.tmpl -echo "cert_signing_key" >>%{_sysconfdir}/pki/ocserv/ca.tmpl -certtool --template %{_sysconfdir}/pki/ocserv/ca.tmpl \ - --generate-self-signed --load-privkey %{_sysconfdir}/pki/ocserv/private/ca.key \ - --outfile %{_sysconfdir}/pki/ocserv/cacerts/ca.crt >/dev/null 2>&1 -#rm -f %{_sysconfdir}/pki/ocserv/ca.tmpl -fi -#generate server certificate/key -if test ! -f %{_sysconfdir}/pki/ocserv/private/server.key;then -certtool --generate-privkey --outfile %{_sysconfdir}/pki/ocserv/private/server.key >/dev/null 2>&1 -echo "cn=`hostname -f`" >%{_sysconfdir}/pki/ocserv/server.tmpl -echo "serial=2" >>%{_sysconfdir}/pki/ocserv/server.tmpl -echo "expiration_days=-1" >>%{_sysconfdir}/pki/ocserv/server.tmpl -echo "signing_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl -echo "encryption_key" >>%{_sysconfdir}/pki/ocserv/server.tmpl -certtool --template %{_sysconfdir}/pki/ocserv/server.tmpl \ - --generate-certificate --load-privkey %{_sysconfdir}/pki/ocserv/private/server.key \ - --load-ca-certificate %{_sysconfdir}/pki/ocserv/cacerts/ca.crt --load-ca-privkey \ - %{_sysconfdir}/pki/ocserv/private/ca.key --outfile %{_sysconfdir}/pki/ocserv/public/server.crt >/dev/null 2>&1 -#rm -f %{_sysconfdir}/pki/ocserv/server.tmpl -fi %post %systemd_post ocserv.service @@ -142,6 +116,8 @@ mkdir -p %{buildroot}/%{_unitdir} install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir} mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/ install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/ +mkdir -p %{buildroot}/%{_sbindir} +install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir} %make_install %clean @@ -165,10 +141,14 @@ rm -rf %{buildroot} %{_bindir}/ocpasswd %{_bindir}/occtl %{_sbindir}/ocserv +%{_sbindir}/ocserv-genkey %{_unitdir}/ocserv.service %{_localstatedir}/lib/ocserv/profile.xml %changelog +* Mon Jun 02 2014 Nikos Mavrogiannopoulos - 0.8.0-2 +- Generate certificates and private keys before the first run + * Mon Jun 02 2014 Nikos Mavrogiannopoulos - 0.8.0-1 - New upstream release