summaryrefslogtreecommitdiffstats
path: root/scripts/remove_pki_components
blob: 63dab7c00c24050c8f1e008b9b705fbb9c9826ac (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
#!/bin/bash
##  BEGIN COPYRIGHT BLOCK
##  (C) 2008 Red Hat, Inc.
##  All rights reserved.
##  END COPYRIGHT BLOCK

##  Always switch into this base directory
##  prior to script execution so that all
##  of its output is written to this directory

cd `dirname $0`


##
##  This script MUST be run as root!
##

ROOTUID=0

OS=`uname`
if [ "${OS}" = "Linux" ] ; then
    MY_EUID=`/usr/bin/id -u`
    MY_UID=`/usr/bin/id -ur`
    USERNAME=`/usr/bin/id -un`
else
    printf "ERROR:  Unsupported operating system '${OS}'!\n"
    exit 255
fi

if [ "${MY_UID}"  != "${ROOTUID}" ] &&
   [ "${MY_EUID}" != "${ROOTUID}" ] ; then
    printf "ERROR:  The '$0' script must be run as root!\n"
    exit 255
fi



##
##  Define DEFAULT PKI Instances
##

PKI_DIR="/var/lib"

PKI_CA="pki-ca"
PKI_DRM="pki-kra"
PKI_OCSP="pki-ocsp"
PKI_TKS="pki-tks"
PKI_RA="pki-ra"
PKI_TPS="pki-tps"



##
##  Ask user if any PKI instances need to be removed
##

printf "REMINDER:  PKI instances contain user's PKI data, and consist of\n"
printf "           DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n"
printf "           DEFAULT PKI instances are automatically created whenever\n"
printf "           one of the PKI subsystems are installed UNLESS that\n"
printf "           particular PKI subsystem's DEFAULT PKI instance\n"
printf "           already exists.\n\n"
printf "           DEFAULT PKI instances consist of the following:\n\n"
printf "               CA   - ${PKI_DIR}/${PKI_CA}\n"
printf "               DRM  - ${PKI_DIR}/${PKI_DRM}\n"
printf "               OCSP - ${PKI_DIR}/${PKI_OCSP}\n"
printf "               RA   - ${PKI_DIR}/${PKI_RA}\n"
printf "               TKS  - ${PKI_DIR}/${PKI_TKS}\n"
printf "               TPS  - ${PKI_DIR}/${PKI_TPS}\n\n"
printf "           Please use the 'remove_default_pki_instances' script\n"
printf "           to remove ALL of these DEFAULT PKI instances, OR\n"
printf "           use the 'pkiremove' utility to remove INDIVIDUAL\n"
printf "           DEFAULT PKI instances.\n\n"
printf "           CUSTOMIZED PKI instances may be named anything and\n"
printf "           may be located anywhere.  Please use the 'pkiremove'\n"
printf "           utility to remove any CUSTOMIZED PKI instances.\n\n"
printf "           IMPORTANT:  NEITHER CUSTOMIZED PKI instances,\n"
printf "                       NOR DEFAULT PKI instances will be\n"
printf "                       REMOVED by this script!\n\n"
while :
do
    printf "Do any DEFAULT or CUSTOMIZED PKI instances need to be removed\n"
    printf "PRIOR to uninstalling ALL of the PKI components?  [yn]  "
    read ANSWER
    printf "\n"
    if [ "${ANSWER}" = "Y" ] ||
       [ "${ANSWER}" = "y" ] ; then
        printf "\n"
        printf "Please REMOVE the desired CUSTOMIZED and/or DEFAULT\n"
        printf "PKI instances PRIOR to re-running this script.\n\n"
        exit 255
    elif [ "${ANSWER}" = "N" ] ||
         [ "${ANSWER}" = "n" ] ; then
        printf "\n"
        break
    else
        continue
    fi
done



##
##  Check for PKI components present on this operating system
##

printf "Processing PKI components present on system . . . "
    # (1) grab all PKI components
    PKI_COMPONENTS=`rpm -qa --queryformat '%{NAME}\n' | grep pki`

    # (2) check for symkey (legacy package)
    `rpm -q --quiet symkey`
    SYMKEY_PRESENCE=$?
    if [ "${SYMKEY_PRESENCE}" = "0" ] ; then
        PKI_COMPONENTS="${PKI_COMPONENTS} symkey"
    fi
printf "done.\n\n"



##
##  Place the PKI components into a list
##

PKI_COMPONENT_LIST=""
for COMPONENT in ${PKI_COMPONENTS} ; do
    if [ "${PKI_COMPONENT_LIST}" = "" ] ; then
        PKI_COMPONENT_LIST="${COMPONENT}"
    else
        PKI_COMPONENT_LIST="${PKI_COMPONENT_LIST} ${COMPONENT}"
    fi
done



##
##  Remove ALL PKI components in the list
##

if [ "${PKI_COMPONENT_LIST}" != "" ] ; then
    printf "Removing the following PKI packages:\n"
    printf "    ${PKI_COMPONENT_LIST}\n\n"
    rpm -ev ${PKI_COMPONENT_LIST}
    printf "\n"
else
    printf "No PKI packages need to be removed.\n\n"
fi

exit 0