blob: b673d0ad0c4d45cbf6e1e2890bfff6f2a64e0b89 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
#!/bin/bash
## BEGIN COPYRIGHT BLOCK
## (C) 2008 Red Hat, Inc.
## All rights reserved.
## END COPYRIGHT BLOCK
## Always switch into this base directory
## prior to script execution so that all
## of its output is written to this directory
cd `dirname $0`
##
## This script MUST be run as root!
##
ROOTUID=0
OS=`uname`
if [ "${OS}" = "Linux" ] ; then
MY_EUID=`/usr/bin/id -u`
MY_UID=`/usr/bin/id -ur`
USERNAME=`/usr/bin/id -un`
else
printf "ERROR: Unsupported operating system '${OS}'!\n"
exit 255
fi
if [ "${MY_UID}" != "${ROOTUID}" ] &&
[ "${MY_EUID}" != "${ROOTUID}" ] ; then
printf "ERROR: The '$0' script must be run as root!\n"
exit 255
fi
##
## Define DEFAULT PKI Instances
##
PKI_DIR="/var/lib"
PKI_CA="pki-ca"
PKI_DRM="pki-kra"
PKI_OCSP="pki-ocsp"
PKI_TKS="pki-tks"
PKI_RA="pki-ra"
PKI_TPS="pki-tps"
##
## Ask user if any PKI instances need to be removed
##
printf "REMINDER: PKI instances contain user's PKI data, and consist of\n"
printf " DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n"
printf " DEFAULT PKI instances are automatically created whenever\n"
printf " one of the PKI subsystems are installed UNLESS that\n"
printf " particular PKI subsystem's DEFAULT PKI instance\n"
printf " already exists.\n\n"
printf " DEFAULT PKI instances consist of the following:\n\n"
printf " CA - ${PKI_DIR}/${PKI_CA}\n"
printf " DRM - ${PKI_DIR}/${PKI_DRM}\n"
printf " OCSP - ${PKI_DIR}/${PKI_OCSP}\n"
printf " RA - ${PKI_DIR}/${PKI_RA}\n"
printf " TKS - ${PKI_DIR}/${PKI_TKS}\n"
printf " TPS - ${PKI_DIR}/${PKI_TPS}\n\n"
printf " Please use the 'remove_default_pki_instances' script\n"
printf " to remove ALL of these DEFAULT PKI instances, OR\n"
printf " use the 'pkiremove' utility to remove INDIVIDUAL\n"
printf " DEFAULT PKI instances.\n\n"
printf " CUSTOMIZED PKI instances may be named anything and\n"
printf " may be located anywhere. Please use the 'pkiremove'\n"
printf " utility to remove any CUSTOMIZED PKI instances.\n\n"
printf " IMPORTANT: NEITHER CUSTOMIZED PKI instances,\n"
printf " NOR DEFAULT PKI instances will be\n"
printf " REMOVED by this script!\n\n"
while :
do
printf "Do any DEFAULT or CUSTOMIZED PKI instances need to be removed\n"
printf "PRIOR to uninstalling ALL of the PKI components? [yn] "
read ANSWER
printf "\n"
if [ "${ANSWER}" = "Y" ] ||
[ "${ANSWER}" = "y" ] ; then
printf "\n"
printf "Please REMOVE the desired CUSTOMIZED and/or DEFAULT\n"
printf "PKI instances PRIOR to re-running this script.\n\n"
exit 255
elif [ "${ANSWER}" = "N" ] ||
[ "${ANSWER}" = "n" ] ; then
printf "\n"
break
else
continue
fi
done
##
## Check for PKI components present on this operating system
##
printf "Processing PKI components present on system . . . "
# (1) grab all PKI components
PKI_COMPONENTS=`rpm -qa --queryformat '%{NAME}\n' | grep pki`
# (2) check for symkey (legacy package)
`rpm -q --quiet symkey`
SYMKEY_PRESENCE=$?
if [ "${SYMKEY_PRESENCE}" = "0" ] ; then
PKI_COMPONENTS="${PKI_COMPONENTS} symkey"
fi
printf "done.\n\n"
##
## Place the PKI components into a list
##
PKI_COMPONENT_LIST=""
for COMPONENT in ${PKI_COMPONENTS} ; do
if [ "${COMPONENT}" = "bouncycastle-pkix" ] ; then
continue
fi
if [ "${PKI_COMPONENT_LIST}" = "" ] ; then
PKI_COMPONENT_LIST="${COMPONENT}"
else
PKI_COMPONENT_LIST="${PKI_COMPONENT_LIST} ${COMPONENT}"
fi
done
##
## Remove ALL PKI components in the list
##
if [ "${PKI_COMPONENT_LIST}" != "" ] ; then
printf "Removing the following PKI packages:\n"
printf " ${PKI_COMPONENT_LIST}\n\n"
rpm -ev ${PKI_COMPONENT_LIST}
printf "\n"
else
printf "No PKI packages need to be removed.\n\n"
fi
exit 0
|