diff options
Diffstat (limited to 'scripts/remove_pki_components')
-rwxr-xr-x | scripts/remove_pki_components | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/scripts/remove_pki_components b/scripts/remove_pki_components new file mode 100755 index 000000000..63dab7c00 --- /dev/null +++ b/scripts/remove_pki_components @@ -0,0 +1,150 @@ +#!/bin/bash +## BEGIN COPYRIGHT BLOCK +## (C) 2008 Red Hat, Inc. +## All rights reserved. +## END COPYRIGHT BLOCK + +## Always switch into this base directory +## prior to script execution so that all +## of its output is written to this directory + +cd `dirname $0` + + +## +## This script MUST be run as root! +## + +ROOTUID=0 + +OS=`uname` +if [ "${OS}" = "Linux" ] ; then + MY_EUID=`/usr/bin/id -u` + MY_UID=`/usr/bin/id -ur` + USERNAME=`/usr/bin/id -un` +else + printf "ERROR: Unsupported operating system '${OS}'!\n" + exit 255 +fi + +if [ "${MY_UID}" != "${ROOTUID}" ] && + [ "${MY_EUID}" != "${ROOTUID}" ] ; then + printf "ERROR: The '$0' script must be run as root!\n" + exit 255 +fi + + + +## +## Define DEFAULT PKI Instances +## + +PKI_DIR="/var/lib" + +PKI_CA="pki-ca" +PKI_DRM="pki-kra" +PKI_OCSP="pki-ocsp" +PKI_TKS="pki-tks" +PKI_RA="pki-ra" +PKI_TPS="pki-tps" + + + +## +## Ask user if any PKI instances need to be removed +## + +printf "REMINDER: PKI instances contain user's PKI data, and consist of\n" +printf " DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n" +printf " DEFAULT PKI instances are automatically created whenever\n" +printf " one of the PKI subsystems are installed UNLESS that\n" +printf " particular PKI subsystem's DEFAULT PKI instance\n" +printf " already exists.\n\n" +printf " DEFAULT PKI instances consist of the following:\n\n" +printf " CA - ${PKI_DIR}/${PKI_CA}\n" +printf " DRM - ${PKI_DIR}/${PKI_DRM}\n" +printf " OCSP - ${PKI_DIR}/${PKI_OCSP}\n" +printf " RA - ${PKI_DIR}/${PKI_RA}\n" +printf " TKS - ${PKI_DIR}/${PKI_TKS}\n" +printf " TPS - ${PKI_DIR}/${PKI_TPS}\n\n" +printf " Please use the 'remove_default_pki_instances' script\n" +printf " to remove ALL of these DEFAULT PKI instances, OR\n" +printf " use the 'pkiremove' utility to remove INDIVIDUAL\n" +printf " DEFAULT PKI instances.\n\n" +printf " CUSTOMIZED PKI instances may be named anything and\n" +printf " may be located anywhere. Please use the 'pkiremove'\n" +printf " utility to remove any CUSTOMIZED PKI instances.\n\n" +printf " IMPORTANT: NEITHER CUSTOMIZED PKI instances,\n" +printf " NOR DEFAULT PKI instances will be\n" +printf " REMOVED by this script!\n\n" +while : +do + printf "Do any DEFAULT or CUSTOMIZED PKI instances need to be removed\n" + printf "PRIOR to uninstalling ALL of the PKI components? [yn] " + read ANSWER + printf "\n" + if [ "${ANSWER}" = "Y" ] || + [ "${ANSWER}" = "y" ] ; then + printf "\n" + printf "Please REMOVE the desired CUSTOMIZED and/or DEFAULT\n" + printf "PKI instances PRIOR to re-running this script.\n\n" + exit 255 + elif [ "${ANSWER}" = "N" ] || + [ "${ANSWER}" = "n" ] ; then + printf "\n" + break + else + continue + fi +done + + + +## +## Check for PKI components present on this operating system +## + +printf "Processing PKI components present on system . . . " + # (1) grab all PKI components + PKI_COMPONENTS=`rpm -qa --queryformat '%{NAME}\n' | grep pki` + + # (2) check for symkey (legacy package) + `rpm -q --quiet symkey` + SYMKEY_PRESENCE=$? + if [ "${SYMKEY_PRESENCE}" = "0" ] ; then + PKI_COMPONENTS="${PKI_COMPONENTS} symkey" + fi +printf "done.\n\n" + + + +## +## Place the PKI components into a list +## + +PKI_COMPONENT_LIST="" +for COMPONENT in ${PKI_COMPONENTS} ; do + if [ "${PKI_COMPONENT_LIST}" = "" ] ; then + PKI_COMPONENT_LIST="${COMPONENT}" + else + PKI_COMPONENT_LIST="${PKI_COMPONENT_LIST} ${COMPONENT}" + fi +done + + + +## +## Remove ALL PKI components in the list +## + +if [ "${PKI_COMPONENT_LIST}" != "" ] ; then + printf "Removing the following PKI packages:\n" + printf " ${PKI_COMPONENT_LIST}\n\n" + rpm -ev ${PKI_COMPONENT_LIST} + printf "\n" +else + printf "No PKI packages need to be removed.\n\n" +fi + +exit 0 + |