diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rwxr-xr-x | stap-gen-server-cert | 30 |
2 files changed, 37 insertions, 2 deletions
@@ -1,3 +1,11 @@ +2009-01-05 Dave Brolley <brolley@redhat.com> + + PR9702 + * stap-gen-server-cert: Try mkpasswd, apg and then user_enter_password + when generating the password for the server certificate/key + database. + (user_enter_password): New function. + 2008-12-31 Frank Ch. Eigler <fche@elastic.org> * translate.cxx (dump_unwindsyms): Adapt to elfutils build-id @@ -8,6 +16,7 @@ 2008-12-30 Dave Brolley <brolley@redhat.com> PR9692 + From Eugeniy Meshcheryakov <eugen@debian.org> * Makefile.am (stap_client_connect_CFLAGS): Use $(nss_CFLAGS) and $(nspr_CFLAGS). (stap_server_connect_CFLAGS): Likewise. diff --git a/stap-gen-server-cert b/stap-gen-server-cert index 06665c48..9cc15b3f 100755 --- a/stap-gen-server-cert +++ b/stap-gen-server-cert @@ -3,13 +3,37 @@ # Generate a certificate for the systemtap server and add it to the # database of trusted servers for the client. # -# Copyright (C) 2008 Red Hat Inc. +# Copyright (C) 2008, 2009 Red Hat Inc. # # This file is part of systemtap, and is free software. You can # redistribute it and/or modify it under the terms of the GNU General # Public License (GPL); either version 2, or (at your option) any # later version. +# Obtain a password from stdin and echo it. +function user_enter_password +{ + while true + do + while true + do + read -sp "Enter new password for systemtap server certificate/key database:" pw1 junk + echo "" >&2 + test "X$pw1" != "X" && break + done + while true + do + read -sp "Reenter new password:" pw2 junk + echo "" >&2 + test "X$pw2" != "X" && break + done + test "$pw1" = "$pw2" && break + echo "Passwords do not match" >&2 + done + + echo $pw1 +} + # Obtain the certificate database directory name. if test "X$1" = "X"; then echo "Certificate database directory must be specified" >&2 @@ -32,7 +56,9 @@ if ! (touch $serverdb/pw && chmod 600 $serverdb/pw); then fi # Generate a random password. -mkpasswd -l 20 > $serverdb/pw +mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \ +apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \ +user_enter_password > $serverdb/pw # Generate the server certificate database if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then |