From 46a8c85fde5ba9bcf4fa55e8f435959af4d32fea Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Wed, 24 Dec 2008 14:20:41 -0500
Subject: Complete previous commit.

---
 stap-add-server-cert | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100755 stap-add-server-cert

(limited to 'stap-add-server-cert')

diff --git a/stap-add-server-cert b/stap-add-server-cert
new file mode 100755
index 00000000..6d788160
--- /dev/null
+++ b/stap-add-server-cert
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Add an existing server certificate to the
+# database of trusted servers for the client.
+#
+# Copyright (C) 2008 Red Hat Inc.
+#
+# This file is part of systemtap, and is free software.  You can
+# redistribute it and/or modify it under the terms of the GNU General
+# Public License (GPL); either version 2, or (at your option) any
+# later version.
+
+# Obtain the filename of the certificate
+if  test "X$1" = "X"; then
+    echo "Certificate file must be specified" >&2
+    exit 1
+fi
+if ! test -f $1; then
+    echo "Cannot find certificate file $1" >&2
+    exit 1
+fi
+
+# Obtain the certificate database directory name.
+if  test "X$2" = "X"; then
+    echo "Certificate database directory must be specified" >&2
+    exit 1
+fi
+if ! test -d $2; then
+    echo "Cannot find certificate database directory $2" >&2
+    exit 1
+fi
+
+if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then
+    echo "Unable to add $1 to the client certificate database $2" >&2
+    exit 1
+fi
+
+exit 0
-- 
cgit 


From 64aa100f39dca60999028f83feb31983728ea4d4 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Fri, 9 Jan 2009 15:11:04 -0500
Subject: New framework for creating/using certificate databases for
 client/server.

---
 stap-add-server-cert | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'stap-add-server-cert')

diff --git a/stap-add-server-cert b/stap-add-server-cert
index 6d788160..5f17f165 100755
--- a/stap-add-server-cert
+++ b/stap-add-server-cert
@@ -3,7 +3,7 @@
 # Add an existing server certificate to the
 # database of trusted servers for the client.
 #
-# Copyright (C) 2008 Red Hat Inc.
+# Copyright (C) 2008, 2009 Red Hat Inc.
 #
 # This file is part of systemtap, and is free software.  You can
 # redistribute it and/or modify it under the terms of the GNU General
@@ -26,13 +26,23 @@ if  test "X$2" = "X"; then
     exit 1
 fi
 if ! test -d $2; then
-    echo "Cannot find certificate database directory $2" >&2
-    exit 1
+    if ! mkdir -p $2; then
+	echo "Unable to find or create the client certificate database directory: $2" >&2
+	exit 1
+    fi
 fi
 
+# Add the certificate
 if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then
     echo "Unable to add $1 to the client certificate database $2" >&2
     exit 1
 fi
 
+# Ensure that the database is readable by others
+if ! chmod +r $2/*.db; then
+    echo "Unable to make the client certificate database $2 readable by others" >&2
+    exit 1
+fi
+    
+
 exit 0
-- 
cgit 


From a50cb7894f72eb3ac3301adde9950d12425594b7 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Tue, 13 Jan 2009 11:35:14 -0500
Subject: Ensure that the client cert database and server cert are readable by
 all.

---
 stap-add-server-cert | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'stap-add-server-cert')

diff --git a/stap-add-server-cert b/stap-add-server-cert
index 5f17f165..81424c82 100755
--- a/stap-add-server-cert
+++ b/stap-add-server-cert
@@ -40,9 +40,7 @@ fi
 
 # Ensure that the database is readable by others
 if ! chmod +r $2/*.db; then
-    echo "Unable to make the client certificate database $2 readable by others" >&2
-    exit 1
+    echo "Warning: unable to make the client certificate database $2 readable by others" >&2
 fi
-    
 
 exit 0
-- 
cgit 


From 790c4dd6eff3fbc127b67e23478d7edc6bf1cd08 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Tue, 13 Jan 2009 13:38:41 -0500
Subject: Separate the creation of the server's certificate from its addition
 to the client-side database.

---
 stap-add-server-cert | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'stap-add-server-cert')

diff --git a/stap-add-server-cert b/stap-add-server-cert
index 81424c82..976f323f 100755
--- a/stap-add-server-cert
+++ b/stap-add-server-cert
@@ -25,21 +25,21 @@ if  test "X$2" = "X"; then
     echo "Certificate database directory must be specified" >&2
     exit 1
 fi
-if ! test -d $2; then
-    if ! mkdir -p $2; then
-	echo "Unable to find or create the client certificate database directory: $2" >&2
+if ! test -d $2/client; then
+    if ! mkdir -p $2/client; then
+	echo "Unable to find or create the client certificate database directory: $2/client" >&2
 	exit 1
     fi
 fi
 
 # Add the certificate
-if ! certutil -A -n stap-server -d $2 -i $1 -t "P,P,P" > /dev/null; then
+if ! certutil -A -n stap-server -d $2/client -i $1 -t "P,P,P" > /dev/null; then
     echo "Unable to add $1 to the client certificate database $2" >&2
     exit 1
 fi
 
 # Ensure that the database is readable by others
-if ! chmod +r $2/*.db; then
+if ! chmod +r $2/client/*.db; then
     echo "Warning: unable to make the client certificate database $2 readable by others" >&2
 fi
 
-- 
cgit