From b732b45bcefa1414e984bc2a9c023336f4ebfe90 Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Fri, 30 Oct 2009 12:17:06 -0400
Subject: Never ask the user for a password in stap-gen-cert. Read from
 /dev/random as a last resort. Cert db passwords will be going away soon(tm).

---
 stap-gen-cert | 26 +-------------------------
 1 file changed, 1 insertion(+), 25 deletions(-)

(limited to 'stap-gen-cert')

diff --git a/stap-gen-cert b/stap-gen-cert
index 574df351..44ec817e 100755
--- a/stap-gen-cert
+++ b/stap-gen-cert
@@ -13,30 +13,6 @@
 # Initialize the environment
 . `dirname $0`/stap-env
 
-# Obtain a password from stdin and echo it.
-function user_enter_password
-{
-    while true
-    do
-	while true
-	do
-	    read -sp "Enter new password for systemtap server certificate/key database:" pw1 junk
-	    echo "" >&2
-	    test "X$pw1" != "X" && break
-	done
-	while true
-	do
-	    read -sp "Reenter new password:" pw2 junk
-	    echo "" >&2
-	    test "X$pw2" != "X" && break
-	done
-	test "$pw1" = "$pw2" && break
-	echo "Passwords do not match" >&2
-    done
-
-    echo $pw1
-}
-
 # Obtain the certificate database directory name.
 serverdb=$1
 if  test "X$serverdb" = "X"; then
@@ -60,7 +36,7 @@ fi
 # Generate a random password.
 mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \
 apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \
-user_enter_password > $serverdb/pw
+(read -n20 password </dev/random; echo "$password" > $serverdb/pw)
 
 # Generate the server certificate database
 if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then
-- 
cgit 


From 3a2a1e27684edaef813eeb968ba693e0ff6d021d Mon Sep 17 00:00:00 2001
From: Dave Brolley <brolley@redhat.com>
Date: Fri, 30 Oct 2009 12:32:01 -0400
Subject: Use /dev/urandom (non-blocking) instead of /dev/random.

---
 stap-gen-cert | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'stap-gen-cert')

diff --git a/stap-gen-cert b/stap-gen-cert
index 44ec817e..b8397881 100755
--- a/stap-gen-cert
+++ b/stap-gen-cert
@@ -36,7 +36,7 @@ fi
 # Generate a random password.
 mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \
 apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \
-(read -n20 password </dev/random; echo "$password" > $serverdb/pw)
+(read -n20 password </dev/urandom; echo "$password" > $serverdb/pw)
 
 # Generate the server certificate database
 if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then
-- 
cgit