mrc0mmand / rpms / openldap

Forked from rpms/openldap 3 years ago
Clone
767ab2
#!/bin/bash
767ab2
# Author: Jan Vcelak <jvcelak@redhat.com>
767ab2
767ab2
set -e
767ab2
767ab2
# default options
767ab2
767ab2
CERTDB_DIR=/etc/openldap/certs
767ab2
767ab2
# internals
767ab2
767ab2
MODULE_CKBI="$(rpm --eval %{_libdir})/libnssckbi.so"
767ab2
RANDOM_SOURCE=/dev/urandom
767ab2
PASSWORD_BYTES=32
767ab2
767ab2
# parse arguments
767ab2
767ab2
usage() {
767ab2
	printf "usage: create-certdb.sh [-d certdb]\n" >&2
767ab2
	exit 1
767ab2
}
767ab2
767ab2
while getopts "d:" opt; do
767ab2
	case "$opt" in
767ab2
	d)
767ab2
		CERTDB_DIR="$OPTARG"
767ab2
		;;
767ab2
	\?)
767ab2
		usage
767ab2
		;;
767ab2
	esac
767ab2
done
767ab2
767ab2
[ "$OPTIND" -le "$#" ] && usage
767ab2
767ab2
# verify target location
767ab2
767ab2
if [ ! -d "$CERTDB_DIR" ]; then
767ab2
	printf "Directory '%s' does not exist.\n" "$CERTDB_DIR" >&2
767ab2
	exit 1
767ab2
fi
767ab2
767ab2
if [ ! "$(find "$CERTDB_DIR"  -maxdepth 0 -empty | wc -l)" -eq 1 ]; then
767ab2
	printf "Directory '%s' is not empty.\n" "$CERTDB_DIR" >&2
767ab2
	exit 1
767ab2
fi
767ab2
767ab2
# create the database
767ab2
767ab2
printf "Creating certificate database in '%s'.\n" "$CERTDB_DIR" >&2
767ab2
767ab2
PASSWORD_FILE="$CERTDB_DIR/password"
767ab2
OLD_UMASK="$(umask)"
767ab2
umask 0377
767ab2
dd if=$RANDOM_SOURCE bs=$PASSWORD_BYTES count=1 2>/dev/null | base64 > "$PASSWORD_FILE"
767ab2
umask "$OLD_UMASK"
767ab2
767ab2
certutil -d "$CERTDB_DIR" -N -f "$PASSWORD_FILE" &>/dev/null
767ab2
767ab2
# load module with builtin CA certificates
767ab2
767ab2
echo | modutil -dbdir "$CERTDB_DIR" -add "Root Certs" -libfile "$MODULE_CKBI" &>/dev/null
767ab2
767ab2
# tune permissions
767ab2
767ab2
for dbfile in "$CERTDB_DIR"/*.db; do
767ab2
	chmod 0644 "$dbfile"
767ab2
done
767ab2
767ab2
exit 0