rpms/crypto-utils/devel crypto-utils.spec, 1.15, 1.16 genkey.pl, 1.4, 1.5
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Apr 27 12:39:30 UTC 2005
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.95, 1.96 glibc-fedora.patch, 1.77, 1.78 glibc.spec, 1.146, 1.147 sources, 1.112, 1.113
- Next message (by thread): rpms/system-config-bind/devel system-config-bind.spec,1.22,1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jorton
Update of /cvs/dist/rpms/crypto-utils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv30956
Modified Files:
crypto-utils.spec genkey.pl
Log Message:
* Wed Apr 27 2005 Joe Orton <jorton at redhat.com> 2.2-4
- genkey: create private key files with permissions 0400
- genkey: tidy up error handling a little
Index: crypto-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/crypto-utils.spec,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- crypto-utils.spec 26 Apr 2005 12:39:15 -0000 1.15
+++ crypto-utils.spec 27 Apr 2005 12:39:28 -0000 1.16
@@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.2
-Release: 3
+Release: 4
Source: crypto-rand-%{crver}.tar.gz
Source1: genkey.pl
Source2: certwatch.c
@@ -101,6 +101,10 @@
%{_mandir}/man1/*.1*
%changelog
+* Wed Apr 27 2005 Joe Orton <jorton at redhat.com> 2.2-4
+- genkey: create private key files with permissions 0400
+- genkey: tidy up error handling a little
+
* Tue Apr 26 2005 Joe Orton <jorton at redhat.com> 2.2-3
- pass $OPTIONS to $HTTPD in certwatch.cron
- man page tweaks
Index: genkey.pl
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/genkey.pl,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- genkey.pl 25 Apr 2005 14:44:40 -0000 1.4
+++ genkey.pl 27 Apr 2005 12:39:28 -0000 1.5
@@ -149,16 +149,14 @@
"This script will not overwrite an existing key.\n" .
"You will need to remove or rename this file in order to" .
"generate a new key for this host, then run\n" .
- "\"genkey $servername\"\n\n" .
- "Press return to exit");
+ "\"genkey $servername\"");
Newt::Finished();
exit 1;
}
if ($genreq_mode && !(-f $keyfile)) {
Newt::newtWinMessage("Error", "Close",
- "You do not have a key file for this host\n\n" .
- "Press return to exit");
+ "You do not have a key file for this host");
Newt::Finished();
exit 1;
}
@@ -599,8 +597,7 @@
if ($pass1 ne $pass2) {
Newt::newtWinMessage("Error", "Close",
- "The passphrases you entered do not match\n\n".
- "Press return to try again");
+ "The passphrases you entered do not match.");
next;
}
if (length($pass1)<4) {
@@ -617,21 +614,34 @@
return $ret if ($ret eq "Back" or $ret eq "Cancel");
- unlink($keyfile.".tmp");
- if (!open (PIPE,"|$bindir/openssl rsa -des3 -in $keyfile -passout stdin -out $keyfile.tmp")) {
- Newt:newtWinMessage("Error","Close","Unable to set passphrase".
+ my $enckey = $keyfile . ".tmp";
+
+ unlink($enckey);
+
+ if (!open (PIPE,
+ "|$bindir/openssl rsa -des3 -in $keyfile -passout stdin ".
+ "-out $enckey")) {
+ Newt::newtWinMessage("Error", "Close",
+ "Unable to set passphrase".
"\n\nPress return to continue");
return "Back";
}
print PIPE $pass1."\n";
close(PIPE);
- if (-f $keyfile.".tmp") {
- unlink($keyfile);
- rename($keyfile.".tmp",$keyfile);
+ if (-f $enckey) {
+ if (chmod(0400, $enckey) != 1
+ || !rename($enckey, $keyfile)) {
+ Newt::newtWinMessage("Error", "Close",
+ "Could not install private key file.\n".
+ "$! - $enckey");
+ unlink($enckey);
+ return "Back";
+ }
} else {
- Newt:newtWinMessage("Error","Close","Unable to set passphrase".
- "\n\nPress return to continue");
+ Newt:newtWinMessage("Error", "Close",
+ "Unable to set passphrase\n\n".
+ "Press return to continue");
return "Back";
}
return "Next";
@@ -1042,8 +1052,15 @@
#
system("$bindir/openssl genrsa -rand $randfile $bits > $keyfile");
unlink($randfile);
-
Newt::Resume();
+
+ if (chmod(0400, $keyfile) != 1) {
+ Newt::newtWinMessage("Error", "Close",
+ "Could not set permissions of private key file.\n".
+ "$1 - $keyfile");
+ Newt::Finished();
+ exit 1;
+ }
+
return "Skip";
}
-
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.95, 1.96 glibc-fedora.patch, 1.77, 1.78 glibc.spec, 1.146, 1.147 sources, 1.112, 1.113
- Next message (by thread): rpms/system-config-bind/devel system-config-bind.spec,1.22,1.23
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list