summaryrefslogtreecommitdiffstats
path: root/scripts/prepare_dogtag_pki
blob: 0b0f8148e2a6bfedc7ec71cdd1611ad49952a48a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
#!/bin/bash
# BEGIN COPYRIGHT BLOCK
# (C) 2011 Red Hat, Inc.
# All rights reserved.
# END COPYRIGHT BLOCK

# Always switch into the base directory of this
# shell script prior to executing it so that all
# of its output is written to this directory
cd `dirname $0`

#
# Usage statement
#

Usage()
{
    printf "\n"
    printf "Usage:  $0 [-skip_directory_server_installation]\n\n"
}

#
# Check for command line argument validity
#
skip_directory_server_installation=0
if [ $# -gt 1 ] ; then
    printf "ERROR:  Incorrect number of parameters!\n"
    Usage
    exit 255
elif [ $# -eq 1 ] ; then
    if [ $1 != "-skip_directory_server_installation" ] ; then
        printf "ERROR:  Incorrect parameters usage!\n"
        Usage
        exit 255
    else
        skip_directory_server_installation=1
    fi
fi

# Retrieve the name of this base directory
PKI_PWD=`pwd`

# Establish the name of the machine
PKI_HOSTNAME=`hostname`

# Set pre-defined variables
ROOT_UID=0

# This script may ONLY be run on Linux!
PKI_OS=`uname`
if [ "${PKI_OS}" != "Linux" ]; then
    printf "The '$0' script is ONLY executable\n"
    printf "on a 'Linux' machine!\n"
    exit 255
fi

# For Fedora machines, compute the FEDORA_VERSION
if [ -e /etc/fedora-release ]; then
    FEDORA_VERSION=`rpm -qf --qf='%{VERSION}' /etc/fedora-release | tr -d [A-Z] | tr -d [a-z]`
else
    # For now, just give FEDORA_VERSION a bogus value if not using Fedora.
    FEDORA_VERSION=9999
fi

# Set Linux variables
PKI_PLATFORM="LINUX"
RPM_EXE="/bin/rpm"
YUM_EXE="/usr/bin/yum"
YUM_EXE_OPTIONS="-y install"

# Set sudo variables
PKI_SUDO="/usr/bin/sudo"
PKI_SUDOERS="/etc/sudoers"

# Set user identity variables
PKI_EUID=`/usr/bin/id -u`
PKI_UID=`/usr/bin/id -ur`
PKI_USERNAME=`/usr/bin/id -un`

# Make sure that this script is NOT being run as root!
if [ ${PKI_UID} -eq ${ROOT_UID} ] ||
   [ ${PKI_EUID} -eq ${ROOT_UID} ]; then
    printf "The '$0' script may NOT be run as root!\n"
    exit 255
fi

# Check for the presence of the 'sudo' executable
if [ ! -x "${PKI_SUDO}" ]; then
    printf "The '$0' script requires the '${PKI_SUDO}' executable\n"
    printf "to be available on '${PKI_HOSTNAME}'!\n"
    exit 255
fi

# Check for the presence of the 'sudoers' file
if [ ! -e "${PKI_SUDOERS}" ]; then
    printf "The '$0' script requires the '${PKI_SUDOERS}' file\n"
    printf "to be available on '${PKI_HOSTNAME}'!\n"
    exit 255
fi

# Check for the presence of the required sudoers command(s)
PKI_SUDOERS_COMMAND="(root) NOPASSWD: ALL"
PKI_SUDOERS_LINE="${PKI_USERNAME}  NOPASSWD: ALL"
PKI_SUDOERS_RPM_COMMAND="(root) NOPASSWD: ${RPM_EXE}"
PKI_SUDOERS_RPM_LINE="${PKI_USERNAME}  ALL = NOPASSWD: ${RPM_EXE}"
PKI_SUDOERS_YUM_COMMAND="(root) NOPASSWD: ${YUM_EXE}"
PKI_SUDOERS_YUM_LINE="${PKI_USERNAME}  ALL = NOPASSWD: ${YUM_EXE}"
printf "Checking if '${PKI_USERNAME}' has the appropriate '${PKI_SUDO}' permissions . . .\n"
printf "[NOTE:  A password prompt may appear requiring ${PKI_USERNAME}'s password.]\n"
# NOTE:  If 'ALL' commands are NOT sudo enabled, then at least BOTH
#        of the 'RPM' and 'YUM' commands MUST be sudo enabled!
`${PKI_SUDO} -l | grep "${PKI_SUDOERS_COMMAND}" > /dev/null 2>&1`
if [ $? -ne 0 ]; then
    sudo_commands=2
    `${PKI_SUDO} -l | grep "${PKI_SUDOERS_RPM_COMMAND}" > /dev/null 2>&1`
    if [ $? -ne 0 ]; then
        sudo_commands=`expr ${sudo_commands} - 1`
    fi
    `${PKI_SUDO} -l | grep "${PKI_SUDOERS_YUM_COMMAND}" > /dev/null 2>&1`
    if [ $? -ne 0 ]; then
        sudo_commands=`expr ${sudo_commands} - 1`
    fi
    if [ ${sudo_commands} -ne 2 ]; then
        printf "The '$0' script requires that the\n"
        printf "'${PKI_SUDOERS}' file MUST contain BOTH of these lines:\n\n"
        printf "    '${PKI_SUDOERS_RPM_LINE}'\n"
        printf "    '${PKI_SUDOERS_YUM_LINE}'\n\n"
        exit 255
    fi
fi

######################################
# Establish PKI Development Packages #
######################################

# Language Development
GCC="gcc"
GPLUSPLUS="gcc-c++"
JAVA="java-1.6.0-openjdk"
JAVAC="java-1.6.0-openjdk-devel"
PERL="perl"

# Language Development Support Utilities
JPACKAGE_UTILS="jpackage-utils"
PKGCONFIG="pkgconfig"

# Build Utilities
ANT="ant"
CMAKE="cmake"
MAKE="make"
M4="m4"

# Packaging Utilities
RPM="rpm"
RPM_BUILD="rpm-build"
YUM="yum"
YUM_UTILS="yum-utils"

# Compression Utilities
GZIP="gzip"
TAR="tar"
ZIP="zip"
ZLIB="zlib"
ZLIB="zlib-devel"

# Fetching Utilities
CURL="curl"
WGET="wget"

# Revision Control Utilities
CVS="cvs"
GIT="git"
SVN="subversion"

# Miscellaneous Utilities
CHKCONFIG="chkconfig"
INITSCRIPTS="initscripts"
OPENSSH_CLIENTS="openssh-clients"
#SENDMAIL="sendmail"

# Create a catch-all variable for PKI Development Packages
PKI_DEVELOPMENT_PACKAGES="${GCC} ${GPLUSPLUS} ${JAVA} ${JAVAC} ${PERL} ${JPACKAGE_UTILS} ${PKGCONFIG} ${ANT} ${CMAKE} ${MAKE} ${M4} ${RPM} ${RPM_BUILD} ${YUM} ${YUM_UTILS} ${GZIP} ${TAR} ${ZIP} ${ZLIB} ${CURL} ${WGET} ${CVS} ${GIT} ${SVN} ${CHKCONFIG} ${INITSCRIPTS} ${OPENSSH_CLIENTS} ${SENDMAIL}"


##################################
# Establish PKI Support Packages #
##################################

# Apache Packages
APR="apr"
APR_DEVEL="apr-devel"
APR_UTIL="apr-util"
APR_UTIL_DEVEL="apr-util-devel"
EXPAT="expat"
EXPAT_DEVEL="expat-devel"
HTTPD="httpd"
HTTPD_DEVEL="httpd-devel"
HTTPD_TOOLS="httpd-tools"
PCRE="pcre"
PCRE_DEVEL="pcre-devel"

# Tomcat Packages
TOMCAT6="tomcat6"
TOMCAT6_LIB="tomcat6-lib"
if [ ${FEDORA_VERSION} -ge 14 ]; then
    APACHE_COMMONS_LANG="apache-commons-daemon"
    APACHE_COMMONS_LANG="apache-commons-lang"
    APACHE_COMMONS_LOGGING="apache-commons-logging"
else
    APACHE_COMMONS_LANG="jakarta-commons-daemon"
    APACHE_COMMONS_LANG="jakarta-commons-lang"
    APACHE_COMMONS_LOGGING="jakarta-commons-logging"
fi
APACHE_COMMONS_CODEC="apache-commons-codec"
JAKARTA_COMMONS_COLLECTIONS="jakarta-commons-collections"
JAKARTA_COMMONS_DBCP="jakarta-commons-dbcp"
JAKARTA_COMMONS_POOL="jakarta-commons-pool"

# Cross-Platform Packages
NSPR="nspr"
NSPR_DEVEL="nspr-devel"

# Cryptographic Packages
NSS="nss"
NSS_DEVEL="nss-devel"
NSS_TOOLS="nss-tools"

# Tomcat Cryptographic Bridge Packages
JSS="jss"
JSS_JAVADOC="jss-javadoc"
TOMCATJSS="tomcatjss"

# Apache Cryptographic Bridge Packages
MOD_NSS="mod_nss"
MOD_PERL="mod_perl"
MOD_REVOCATOR="mod_revocator"

# Console Packages
IDM_CONSOLE_FRAMEWORK="idm-console-framework"

# LDAP Support Packages
CYRUS_SASL="cyrus-sasl"
CYRUS_SASL_DEVEL="cyrus-sasl-devel"
LDAPJDK="ldapjdk"
OPENLDAP="openldap"
OPENLDAP_CLIENTS="openldap-clients"
OPENLDAP_DEVEL="openldap-devel"

# Perl Modules
PERL_CRYPT_SSLEAY="perl-Crypt-SSLeay"
PERL_DBD_SQLITE="perl-DBD-SQLite"
PERL_DBI="perl-DBI"
PERL_HTML_PARSER="perl-HTML-Parser"
PERL_HTML_TAGSET="perl-HTML-Tagset"
PERL_LIBWWW_PERL="perl-libwww-perl"
PERL_MOZILLA_LDAP="perl-Mozilla-LDAP"
PERL_PARSE_RECDESCENT="perl-Parse-RecDescent"
PERL_URI="perl-URI"
PERL_XML_NAMESPACESUPPORT="perl-XML-NamespaceSupport"
PERL_XML_PARSER="perl-XML-Parser"
PERL_XML_SAX="perl-XML-SAX"
PERL_XML_SIMPLE="perl-XML-Simple"

# PKI Clients
ESC="esc"

# Security Packages
SVRCORE="svrcore"
SVRCORE_DEVEL="svrcore-devel"

# SELinux Packages
POLICYCOREUTILS="policycoreutils"
SELINUX_POLICY_DEVEL="selinux-policy-devel"
SELINUX_POLICY_TARGETED="selinux-policy-targeted"

# SQLite Packages
SQLITE="sqlite"
SQLITE_DEVEL="sqlite-devel"

# Velocity Packages
VELOCITY="velocity"
BCEL="bcel"
JAKARTA_ORO="jakarta-oro"
JDOM="jdom"
LOG4J="log4j"
REGEXP="regexp"
WERKEN_XPATH="werken-xpath"
XALAN_J2="xalan-j2"
XERCES_J2="xerces-j2"
XML_COMMONS_APIS="xml-commons-apis"
XML_COMMONS_RESOLVER="xml-commons-resolver"

# Create a catch-all variable for PKI Support Packages
PKI_SUPPORT_PACKAGES="${APR} ${APR_DEVEL} ${APR_UTIL} ${APR_UTIL_DEVEL} ${EXPAT} ${EXPAT_DEVEL} ${HTTPD} ${HTTPD_DEVEL} ${HTTPD_TOOLS} ${PCRE} ${PCRE_DEVEL} ${TOMCAT6} ${TOMCAT6_LIB} ${APACHE_COMMONS_LANG} ${APACHE_COMMONS_LANG} ${APACHE_COMMONS_LOGGING} ${APACHE_COMMONS_CODEC} ${JAKARTA_COMMONS_COLLECTIONS} ${JAKARTA_COMMONS_DBCP} ${JAKARTA_COMMONS_POOL} ${NSPR} ${NSPR_DEVEL} ${NSS} ${NSS_DEVEL} ${NSS_TOOLS} ${JSS} ${JSS_JAVADOC} ${TOMCATJSS} ${MOD_NSS} ${MOD_PERL} ${MOD_REVOCATOR} ${IDM_CONSOLE_FRAMEWORK} ${CYRUS_SASL} ${CYRUS_SASL_DEVEL} ${LDAPJDK} ${OPENLDAP} ${OPENLDAP_CLIENTS} ${OPENLDAP_DEVEL} ${PERL_CRYPT_SSLEAY} ${PERL_DBD_SQLITE} ${PERL_DBI} ${PERL_HTML_PARSER} ${PERL_HTML_TAGSET} ${PERL_LIBWWW_PERL} ${PERL_MOZILLA_LDAP} ${PERL_PARSE_RECDESCENT} ${PERL_URI} ${PERL_XML_NAMESPACESUPPORT} ${PERL_XML_PARSER} ${PERL_XML_SAX} ${PERL_XML_SIMPLE} ${ESC} ${SVRCORE} ${SVRCORE_DEVEL} ${POLICYCOREUTILS} ${SELINUX_POLICY_DEVEL} ${SELINUX_POLICY_TARGETED} ${SQLITE} ${SQLITE_DEVEL} ${VELOCITY} ${BCEL} ${JAKARTA_ORO} ${JDOM} ${LOG4J} ${REGEXP} ${WERKEN_XPATH} ${XALAN_J2} ${XERCES_J2} ${XML_COMMONS_APIS} ${XML_COMMONS_RESOLVER}"

###########################################
# Establish PKI Installation Dependencies #
###########################################

# LDAP Packages (for non-remote use)
LDAP="389-ds"
LDAP_ADMIN="389-admin"
LDAP_ADMIN_CONSOLE="389-admin-console"
LDAP_ADMIN_CONSOLE_DOC="389-admin-console-doc"
LDAP_ADMINUTIL="389-adminutil"
LDAP_BASE="389-ds-base"
LDAP_CONSOLE="389-console"
LDAP_DS_CONSOLE="389-ds-console"
LDAP_DS_CONSOLE_DOC="389-ds-console-doc"
LDAP_DSGW="389-dsgw"

# Create a catch-all variable for LDAP Packages
if [ ${skip_directory_server_installation} -eq 1 ]; then
    LDAP_PACKAGES=""
else
    LDAP_PACKAGES="${LDAP} ${LDAP_ADMIN} ${LDAP_ADMIN_CONSOLE} ${LDAP_ADMIN_CONSOLE_DOC} ${LDAP_ADMINUTIL} ${LDAP_BASE} ${LDAP_CONSOLE} ${LDAP_DS_CONSOLE} ${LDAP_DS_CONSOLE_DOC} ${LDAP_DSGW}"
fi


# Build and install PKI Development Packages, PKI Support Packages, and
# optionally, LDAP Packages
${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_DEVELOPMENT_PACKAGES} ${PKI_SUPPORT_PACKAGES} ${LDAP_PACKAGES}