diff options
author | Dave Brolley <brolley@redhat.com> | 2009-10-30 12:17:06 -0400 |
---|---|---|
committer | Dave Brolley <brolley@redhat.com> | 2009-10-30 12:17:06 -0400 |
commit | b732b45bcefa1414e984bc2a9c023336f4ebfe90 (patch) | |
tree | 5bb2743efe8ce31045d47422286b622405ebac01 /stap-gen-cert | |
parent | 052e68d45e5511234b592d47ad1444bae62c35fc (diff) | |
download | systemtap-steved-b732b45bcefa1414e984bc2a9c023336f4ebfe90.tar.gz systemtap-steved-b732b45bcefa1414e984bc2a9c023336f4ebfe90.tar.xz systemtap-steved-b732b45bcefa1414e984bc2a9c023336f4ebfe90.zip |
Never ask the user for a password in stap-gen-cert. Read from /dev/random as
a last resort. Cert db passwords will be going away soon(tm).
Diffstat (limited to 'stap-gen-cert')
-rwxr-xr-x | stap-gen-cert | 26 |
1 files changed, 1 insertions, 25 deletions
diff --git a/stap-gen-cert b/stap-gen-cert index 574df351..44ec817e 100755 --- a/stap-gen-cert +++ b/stap-gen-cert @@ -13,30 +13,6 @@ # Initialize the environment . `dirname $0`/stap-env -# Obtain a password from stdin and echo it. -function user_enter_password -{ - while true - do - while true - do - read -sp "Enter new password for systemtap server certificate/key database:" pw1 junk - echo "" >&2 - test "X$pw1" != "X" && break - done - while true - do - read -sp "Reenter new password:" pw2 junk - echo "" >&2 - test "X$pw2" != "X" && break - done - test "$pw1" = "$pw2" && break - echo "Passwords do not match" >&2 - done - - echo $pw1 -} - # Obtain the certificate database directory name. serverdb=$1 if test "X$serverdb" = "X"; then @@ -60,7 +36,7 @@ fi # Generate a random password. mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \ apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \ -user_enter_password > $serverdb/pw +(read -n20 password </dev/random; echo "$password" > $serverdb/pw) # Generate the server certificate database if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then |