From 630d3fb1249d69e7578e528808a8bf9219356af5 Mon Sep 17 00:00:00 2001 From: Fabian Arrotin Date: Mar 27 2021 15:07:49 +0000 Subject: Bumped to centos-cert with CA verify step Signed-off-by: Fabian Arrotin --- diff --git a/SOURCES/centos-cert b/SOURCES/centos-cert index e0fc0df..9dc37a7 100644 --- a/SOURCES/centos-cert +++ b/SOURCES/centos-cert @@ -31,7 +31,20 @@ function f_log() { function verify_cert() { echo "" f_log "Verifying if TLS cert is still valid ..." + if [ ! -e ~/.centos-server-ca.cert ] ; then + f_log "[ERROR] No CA cert found to validate your TLS cert" + f_log "Please retrieve it first with [$0 -u]" + exit 1 + fi if [ -e ~/.centos.cert ] ; then + f_log "Validating TLS cert against ~/.centos-server-ca.cert ..." + openssl verify -CAfile ~/.centos-server-ca.cert ~/.centos.cert + if [ "$?" -ne "0" ] ; then + f_log "[ERROR] your TLS cert is not signed by correct CA" + exit 1 + else + f_log "[SUCCESS] ~/.centos.cert TLS cert verified by ~/.centos-server-ca.cert CA crt" + fi end_date=$(openssl x509 -in ~/.centos.cert -noout -text|sed -n 's/ *Not After : *//p') end_date_seconds=$(date '+%s' --date "$end_date") now_seconds=$(date '+%s') @@ -73,6 +86,8 @@ function get_cert(){ f_log "Concatenating cert to ~/.centos.cert" cat ~/.centos-${fasjson_user}.key ~/.centos-${fasjson_user}.crt > ~/.centos.cert fi + f_log "Downloading correct CA cert .." + curl --fail --silent ${ca_url} > ~/.centos-server-ca.cert CA crt echo "" } @@ -108,6 +123,11 @@ done fasjson_user=${opt_user:-$USER} fasjson_realm=${opt_realm:-FEDORAPROJECT.ORG} fasjson_url=${opt_fasjson_url:-https://fasjson.fedoraproject.org} +if [[ "$fasjson_url" =~ "fasjson.stg*" ]] ; then + ca_url="https://id.stg.fedoraproject.org/ipa/config/ca.crt" +else + ca_url="https://id.fedoraproject.org/ipa/config/ca.crt" +fi # Now the real work and calling functions diff --git a/SPECS/centos-packager.spec b/SPECS/centos-packager.spec index 46f6b4b..9aed19b 100644 --- a/SPECS/centos-packager.spec +++ b/SPECS/centos-packager.spec @@ -1,7 +1,7 @@ Name: centos-packager Version: 0.7.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Tools and files necessary for building CentOS packages Group: Applications/Productivity @@ -37,7 +37,7 @@ cp %{SOURCE1} . %{__install} -m 0644 %{SOURCE0} %{buildroot}/etc/koji.conf.d/cbs-koji.conf %{__mkdir_p} %{buildroot}/%{_bindir} -%{__install} -m 0755 %{SOURCE3} %{buildroot}%{_bindir}/cbs +ln -sf %{_bindir}/koji %{buildroot}%{_bindir}/cbs %{__install} -m 0755 %{SOURCE2} %{buildroot}%{_bindir}/centos-cert @@ -48,6 +48,9 @@ cp %{SOURCE1} . %{_bindir}/centos-cert %changelog +* Sat Mar 27 2021 Fabian Arrotin - 0.7.0-2 +- Bumped centos-cert for additional verification with CA + * Mon Feb 1 2021 Fabian Arrotin - 0.7.0-2 - Fixed the cbs call for correct profile