[csw-devel] SF.net SVN: gar:[11634] csw/mgar/pkg/apache2/trunk

Tue Nov 16 02:41:06 CET 2010

Revision: 11634
          http://gar.svn.sourceforge.net/gar/?rev=11634&view=rev
Author:   bdwalton
Date:     2010-11-16 01:41:06 +0000 (Tue, 16 Nov 2010)

Log Message:
-----------
apache2: change the way server.{crt,key} are handled to prevent possibly storing sentitive info in /tmp during removal (package upgrade)

Modified Paths:
--------------
    csw/mgar/pkg/apache2/trunk/Makefile
    csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas

Modified: csw/mgar/pkg/apache2/trunk/Makefile
===================================================================

--- csw/mgar/pkg/apache2/trunk/Makefile	2010-11-15 21:24:47 UTC (rev 11633)
+++ csw/mgar/pkg/apache2/trunk/Makefile	2010-11-16 01:41:06 UTC (rev 11634)
@@ -198,7 +198,7 @@
 PKGFILES_CSWap2worker = .*share/doc/ap2_worker.* .*sbin/httpd.worker
 PKGFILES_CSWapache2rt = .*share/doc/apache2rt.*
 
-PROTOTYPE_FILTER = gawk '$$$$3 ~ /apache2\/etc/ && $$$$1 == "f" && $$$$3 !~ /CSW/ && $$$$3 !~ /original/ {$$$$1 = "e"; $$$$2 = "build"}; $$$$3 ~ /server.crt/ { $$$$4 = "0600" }; {print}'
+PROTOTYPE_FILTER = gawk '$$$$3 ~ /apache2\/etc/ && $$$$1 == "f" && $$$$3 !~ /CSW/ && $$$$3 !~ /original/ {$$$$1 = "e"; $$$$2 = "build"}; $$$$3 ~ /server.crt.CSW/ { $$$$1 = "e"; $$$$2 = "build"; $$$$4 = "0600" }; {print}'
 
 include gar/category.mk
 
@@ -250,7 +250,6 @@
 			$(abspath $(FILEDIR))/build_cas_template $$f > $$f; \
 		done )
 	@echo "  => Creating ssl server.crt build CAS template."
-	@(cp -p $(WORKDIR)/server.crt.build_cas $(PKGROOT)/$(prefix)/apache2/etc/server.crt; \
-		chmod 600 $(PKGROOT)/$(prefix)/apache2/etc/server.crt )
+	@(cp -p $(WORKDIR)/server.crt.build_cas $(PKGROOT)/$(prefix)/apache2/etc/server.crt.CSW; \
+		chmod 600 $(PKGROOT)/$(prefix)/apache2/etc/server.crt.CSW )
 	@$(MAKECOOKIE)
-

Modified: csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas
===================================================================
--- csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas	2010-11-15 21:24:47 UTC (rev 11633)
+++ csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas	2010-11-16 01:41:06 UTC (rev 11634)
@@ -9,6 +9,10 @@
 if [ "$1" = install ]; then
     if [ ! -f $PIR/$AP2_CONFDIR/server.crt -a ! -f $PIR/$AP2_CONFDIR/server.key ]; then
 	echo Generating dummy ssl key and certificate... >&2
+	# this gets captured and placed by the build CAS
+	echo This is a dummy file but still a part of CSWapache2
+	echo Please do not remove.
+
         # this is likely overkill for a dummy cert, but why not
 	cat <<EOF | /usr/sbin/chroot ${PIR} /opt/csw/bin/openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout $AP2_CONFDIR/server.key  -out $AP2_CONFDIR/server.crt >/dev/null 2>&1
 TS
@@ -24,7 +28,9 @@
 	chmod 600 $AP2_CONFDIR/server.key $AP2_CONFDIR/server.crt
 	chown root:bin $AP2_CONFDIR/server.key $AP2_CONFDIR/server.crt
     fi
-else
-    # this is so that the build class picks up the file and re-instates it
-    cat $PIR/$AP2_CONFDIR/server.crt
 fi
+
+# No output on a remove action will see the file purged.
+# As this is server.crt.CSW, that doesn't matter.  The
+# real files will be left behind in place whether they
+# are the pretend or replaced with real files by the admin.


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
