diff options
Diffstat (limited to 'pki/ipa/scripts/prepare_ca')
| -rwxr-xr-x | pki/ipa/scripts/prepare_ca | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/pki/ipa/scripts/prepare_ca b/pki/ipa/scripts/prepare_ca new file mode 100755 index 000000000..8d9018aa2 --- /dev/null +++ b/pki/ipa/scripts/prepare_ca @@ -0,0 +1,160 @@ +#!/bin/bash +# BEGIN COPYRIGHT BLOCK +# (C) 2007 Red Hat, Inc. +# All rights reserved. +# END COPYRIGHT BLOCK + +# Always switch into the base directory of this +# shell script prior to executing it so that all +# of its output is written to this directory +cd `dirname $0` + +# Retrieve the name of this base directory +PKI_PWD=`pwd` + +# Establish the name of the machine +PKI_HOSTNAME=`hostname` + +# Set pre-defined variables +ROOT_UID=0 + +# This script may ONLY be run on Linux! +PKI_OS=`uname` +if [ "${PKI_OS}" != "Linux" ]; then + printf "The '$0' script is ONLY executable\n" + printf "on a 'Linux' machine!\n" + exit 255 +fi + +# For Fedora machines, compute the FEDORA_VERSION +if [ -e /etc/fedora-release ]; then + FEDORA_VERSION=`rpm -qf --qf='%{VERSION}' /etc/fedora-release | tr -d [A-Z] | tr -d [a-z]` +else + # For now, just give FEDORA_VERSION a bogus value if not using Fedora. + FEDORA_VERSION=9999 +fi + +# Set Linux variables +PKI_PLATFORM="LINUX" +PKI_UPDATE="/usr/bin/yum" +PKI_UPDATE_OPTIONS="-y install" +PKI_UPDATE_DIR="" + +# Set sudo variables +PKI_SUDO="/usr/bin/sudo" +PKI_SUDOERS="/etc/sudoers" + +# Set user identity variables +PKI_EUID=`/usr/bin/id -u` +PKI_UID=`/usr/bin/id -ur` +PKI_USERNAME=`/usr/bin/id -un` + +# Make sure that this script is NOT being run as root! +if [ ${PKI_UID} -eq ${ROOT_UID} ] || + [ ${PKI_EUID} -eq ${ROOT_UID} ]; then + printf "The '$0' script may NOT be run as root!\n" + exit 255 +fi + +# Check for the presence of the 'sudo' executable +if [ ! -x "${PKI_SUDO}" ]; then + printf "The '$0' script requires the '${PKI_SUDO}' executable\n" + printf "to be available on '${PKI_HOSTNAME}'!\n" + exit 255 +fi + +# Check for the presence of the 'sudoers' file +if [ ! -e "${PKI_SUDOERS}" ]; then + printf "The '$0' script requires the '${PKI_SUDOERS}' file\n" + printf "to be available on '${PKI_HOSTNAME}'!\n" + exit 255 +fi + +# Check for the presence of the required sudoers command +PKI_SUDOERS_COMMAND="(root) NOPASSWD: ${RPM_EXE}" +PKI_SUDOERS_LINE="${PKI_USERNAME} ALL = NOPASSWD: ${RPM_EXE}" +printf "Checking if '${PKI_USERNAME}' has the appropriate '${PKI_SUDO}' permissions . . .\n" +printf "[NOTE: A password prompt may appear requiring ${PKI_USERNAME}'s password.]\n" +`${PKI_SUDO} -l | grep "${PKI_SUDOERS_COMMAND}" > /dev/null 2>&1` +if [ $? -ne 0 ]; then + printf "The '$0' script requires that the\n" + printf "'${PKI_SUDOERS}' file MUST contain this line:\n\n" + printf " '${PKI_SUDOERS_LINE}'\n\n" + exit 255 +fi + +# Establish PKI support package names +NSPR=nspr +NSPR_DEVEL=nspr-devel +NSS=nss +NSS_DEVEL=nss-devel +NSS_TOOLS=nss-tools +JSS=jss +JSS_JAVADOC=jss-javadoc +SVRCORE=svrcore +SVRCORE_DEVEL=svrcore-devel +CYRUS_SASL=cyrus-sasl +CYRUS_SASL_DEVEL=cyrus-sasl-devel +OPENLDAP=openldap +OPENLDAP_DEVEL=openldap-devel +OPENLDAP_CLIENTS=openldap-clients +PERL=perl +PERL_LIBWWW_PERL=perl-libwww-perl +PERL_XML_SIMPLE=perl-XML-Simple +JPACKAGE_UTILS=jpackage-utils +JAKARTA_COMMONS_LOGGING=jakarta-commons-logging +TOMCAT5_SERVLET_2_4_API=tomcat5-servlet-2.4-api +JAKARTA_COMMONS_COLLECTIONS=jakarta-commons-collections +JAKARTA_COMMONS_BEANUTILS=jakarta-commons-beanutils +JAKARTA_COMMONS_DIGESTER=jakarta-commons-digester +ORO=oro +CLASSPATHX_JAF=classpathx-jaf +LDAPJDK=ldapjdk +JAKARTA_COMMONS_POOL=jakarta-commons-pool +JAKARTA_COMMONS_FILEUPLOAD=jakarta-commons-fileupload +XML_COMMONS=xml-commons +XML_COMMONS_APIS=xml-commons-apis +REGEXP=regexp +BCEL=bcel +JAKARTA_COMMONS_DBCP=jakarta-commons-dbcp +TOMCAT5_JASPER=tomcat5-jasper +JAKARTA_COMMONS_DISCOVERY=jakarta-commons-discovery +JAKARTA_COMMONS_HTTPCLIENT3=jakarta-commons-httpclient3 +JMS=jms +JAKARTA_COMMONS_LAUNCHER=jakarta-commons-launcher +JAKARTA_COMMONS_EL=jakarta-commons-el +JAKARTA_COMMONS_DAEMON=jakarta-commons-daemon +if [ ${FEDORA_VERSION} -eq 6 ]; then + # Required by Fedora Core 6 + GNU_CRYPTO_SASL_JDK1_4=gnu-crypto-sasl-jdk1.4 +else + GNU_CRYPTO_SASL_JDK1_4= +fi +CLASSPATHX_MAIL=classpathx-mail +XERCES_J2=xerces-j2 +XALAN_J2=xalan-j2 +LOG4J=log4j +XML_COMMONS_RESOLVER=xml-commons-resolver +AVALON_LOGKIT=avalon-logkit +AVALON_FRAMEWORK=avalon-framework +JDOM=jdom +WERKEN_XPATH=werken-xpath +VELOCITY=velocity +ANT=ant +WSDL4J=wsdl4j +AXIS=axis +MX4J=mx4j +GERONIMO_SPECS=geronimo-specs +JAKARTA_COMMONS_MODELER=jakarta-commons-modeler +IDM_CONSOLE_FRAMEWORK=idm-console-framework +TOMCAT5=tomcat5 +TOMCATJSS=tomcatjss +MAKE=make +M4=m4 +POLICYCOREUTILS=policycoreutils +SELINUX_POLICY_DEVEL=selinux-policy-devel +SELINUX_POLICY_TARGETED=selinux-policy-targeted + +# Build and install PKI support packages +${PKI_SUDO} ${PKI_UPDATE} ${PKI_UPDATE_OPTIONS} ${NSPR} ${NSPR_DEVEL} ${NSS} ${NSS_DEVEL} ${NSS_TOOLS} ${JSS} ${JSS_JAVADOC} ${SVRCORE} ${SVRCORE_DEVEL} ${CYRUS_SASL} ${CYRUS_SASL_DEVEL} ${OPENLDAP} ${OPENLDAP_DEVEL} ${OPENLDAP_CLIENTS} ${PERL} ${PERL_LIBWWW_PERL} ${PERL_XML_SIMPLE} ${JPACKAGE_UTILS} ${JAKARTA_COMMONS_LOGGING} ${TOMCAT5_SERVLET_2_4_API} ${JAKARTA_COMMONS_COLLECTIONS} ${JAKARTA_COMMONS_BEANUTILS} ${JAKARTA_COMMONS_DIGESTER} ${ORO} ${CLASSPATHX_JAF} ${LDAPJDK} ${JAKARTA_COMMONS_POOL} ${JAKARTA_COMMONS_FILEUPLOAD} ${XML_COMMONS} ${XML_COMMONS_APIS} ${REGEXP} ${BCEL} ${JAKARTA_COMMONS_DBCP} ${TOMCAT5_JASPER} ${JAKARTA_COMMONS_DISCOVERY} ${JAKARTA_COMMONS_HTTPCLIENT3} ${JMS} ${JAKARTA_COMMONS_LAUNCHER} ${JAKARTA_COMMONS_EL} ${JAKARTA_COMMONS_DAEMON} ${GNU_CRYPTO_SASL_JDK1_4} ${CLASSPATHX_MAIL} ${XERCES_J2} ${XALAN_J2} ${LOG4J} ${XML_COMMONS_RESOLVER} ${AVALON_LOGKIT} ${AVALON_FRAMEWORK} ${JDOM} ${WERKEN_XPATH} ${VELOCITY} ${ANT} ${WSDL4J} ${AXIS} ${MX4J} ${GERONIMO_SPECS} ${JAKARTA_COMMONS_MODELER} ${IDM_CONSOLE_FRAMEWORK} ${TOMCAT5} ${TOMCATJSS} ${MAKE} ${M4} ${POLICYCOREUTILS} ${SELINUX_POLICY_DEVEL} ${SELINUX_POLICY_TARGETED} + |