Univention Bugzilla – Attachment 5791 Details for
Bug 34106
Create relative ssl links, code cleanup
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
SSL related code cleanup
3410x_uss-ssl.diff (text/plain), 15.18 KB, created by
Philipp Hahn
on 2014-02-12 09:59 CET
(
hide
)
Description:
SSL related code cleanup
Filename:
MIME Type:
Creator:
Philipp Hahn
Created:
2014-02-12 09:59 CET
Size:
15.18 KB
patch
obsolete
>diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py >index bd73a4c..47fdb08 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py >@@ -358,8 +358,10 @@ def run_scripts( progressParser, restartServer = False ): > subprocess.call( CMD_DISABLE_EXEC, stdout = f, stderr = f ) > > for scriptpath in sorted_files_in_subdirs( PATH_SETUP_SCRIPTS ): >+ try: > # launch script > MODULE.info('Running script %s\n' % scriptpath) >+ f.write('Running script %s\n' % (scriptpath,)) > p = subprocess.Popen( scriptpath, stdout = subprocess.PIPE, stderr = subprocess.STDOUT ) > while True: > line = p.stdout.readline() >@@ -367,7 +369,11 @@ def run_scripts( progressParser, restartServer = False ): > break > progressParser.parse( line ) > f.write( line ) >- p.wait() >+ rv = p.wait() >+ f.write('Finished script %s: %d\n' % (scriptpath, rv)) >+ except Exception as ex: >+ f.write('Exception script %s: %s\n' % (scriptpath, ex)) >+ raise > > # enable execution of servers again > subprocess.call(CMD_ENABLE_EXEC, stdout=f, stderr=f) >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl >index 923b0d6..00c3d80 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl >@@ -30,12 +30,12 @@ > # /usr/share/common-licenses/AGPL-3; if not, see > # <http://www.gnu.org/licenses/>. > >-force_recreate=0 >+recreate=false > > while [ "$#" -gt 0 ]; do >- case $1 in >+ case "$1" in > --force-recreate) >- force_recreate=1 >+ recreate=true > shift 1 > ;; > *) >@@ -69,12 +69,13 @@ for var in "common" "locality" "organization" "country" "state" "organizationalu > new="new_ssl_$var" > > if [ -n "${!new}" -a "${!old}" != "${!new}" ]; then >- recreate="yes" >+ recreate=true > break > fi > done > >-if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then >+if "$recreate" >+then > # remove old backup > if [ -d /etc/univention/ssl.orig ]; then > rm -rf /etc/univention/ssl.orig >@@ -90,35 +91,28 @@ if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then > > # set UCR variables > for var in "common" "locality" "organization" "country" "state" "organizationalunit" "email"; do >- old="ssl_$var" > new="new_ssl_$var" > if [ -n "${!new}" ]; then >- univention-config-registry set "${old/_//}=${!new}" >+ echo "ssl/$var=${!new}" > fi >- done >+ done | xargs -r -d'\n' univention-config-registry set > > # create new CA und certificates > . /usr/share/univention-ssl/make-certificates.sh > init > ( > cd /etc/univention/ssl.orig >- for fqdn in *; do >+ for fqdn in *.* >+ do > # just check directories for certificates >- if [ ! -d "$fqdn" ]; then >- continue >- fi >- # ignore ucsCA and directory not containing a dot >- if [ "$fqdn" = "ucsCA" ] || ! echo "$fqdn" | grep '\.' &>/dev/null; then >- continue >- fi >+ [ -d "$fqdn" ] || continue > # if there is no certificate, ignore it >- if [ ! -e "$fqdn/cert.pem" ]; then >- continue >+ [ -e "$fqdn/cert.pem" ] || continue >+ univention-certificate new -name "$fqdn" >+ if [ "$fqdn" -ne "${fqdn%.$domainname}" ] >+ then >+ ln -sf "$fqdn" "/etc/univention/ssl/${fqdn%%.*}" > fi >- # get the hostname >- host=$(echo $fqdn | sed 's/\([^.]*\)\..*/\1/') >- univention-certificate new -name $fqdn >- ln -sf /etc/univention/ssl/$host.$domainname /etc/univention/ssl/$host > done > ) > >@@ -126,15 +120,13 @@ if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then > for file in cert.pem private.key; do > if [ -e "/var/lib/cyrus/$file" ] > then >- cp /etc/univention/ssl/$hostname.$domainname/$file /var/lib/cyrus/$file >- chown cyrus /var/lib/cyrus/$file >- chmod 600 /var/lib/cyrus/$file >+ install -o cyrus -m 600 "/etc/univention/ssl/$hostname.$domainname/$file" "/var/lib/cyrus/$file" > fi > done > > # restart services > for service in slapd apache2 cyrus postfix; do >- invoke-rc.d --quiet $service restart >+ invoke-rc.d --quiet "$service" restart > done > fi > >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst b/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst >index faf6cee..f8317f4 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst >@@ -47,7 +47,7 @@ if [ -n "$hostname" -a -n "$domainname" ]; then > if ! test -e /etc/univention/ssl/$hostname/cert.pem; then > . /usr/share/univention-ssl/make-certificates.sh > gencert "$hostname.$domainname" "$hostname.$domainname" >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > fi > >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst b/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst >index 98f2740..790c737 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst >@@ -77,7 +77,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [ > . /usr/share/univention-ssl/make-certificates.sh > init > univention-certificate new -name "$hostname.$domainname" >- ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname" >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > else > echo "skipped. SSL Certificate found in $CERTPATH" > fi >@@ -91,7 +91,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then > fi > > if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then >- ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname" >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > > # update to 3.1 >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname >index 3c5b7dc..f028ae2 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname >@@ -258,9 +258,9 @@ if [ "$server_role" != "basesystem" ]; then > > if [ -d /etc/cups/ssl ]; then > rm -f /etc/cups/ssl/server.crt >- ln -s /etc/univention/ssl/$new_hostname.$domainname/cert.pem /etc/cups/ssl/server.crt >+ ln -s "/etc/univention/ssl/$new_hostname.$domainname/cert.pem" /etc/cups/ssl/server.crt > rm -f /etc/cups/ssl/server.key >- ln -s /etc/univention/ssl/$new_hostname.$domainname/private.key /etc/cups/ssl/server.key >+ ln -s "/etc/univention/ssl/$new_hostname.$domainname/private.key" /etc/cups/ssl/server.key > fi > fi > >@@ -268,7 +268,7 @@ if [ "$server_role" != "basesystem" ]; then > echo `date` : "Create new host certificate" >> /var/log/univention/setup.log > > rm -f /etc/univention/ssl/$new_hostname >- ln -sf /etc/univention/ssl/$new_hostname.$domainname /etc/univention/ssl/$new_hostname >+ ln -sf "$new_hostname.$domainname" /etc/univention/ssl/$new_hostname > > > if [ -d "/var/lib/cyrus/" ]; then >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname >index 96a45ef..3ae8835 100644 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname >@@ -207,7 +207,7 @@ if [ "$server_role" = "domaincontroller_master" ]; then # create the new certif > rm -rf /etc/univention/ssl/univention-directory-manager.$old_domainname > univention-certificate new -name "univention-directory-manager.$new_domainname" > rm -f /etc/univention/ssl/univention-directory-manager >- ln -sf /etc/univention/ssl/univention-directory-manager.$new_domainname /etc/univention/ssl/univention-directory-manager >+ ln -sf "univention-directory-manager.$new_domainname" /etc/univention/ssl/univention-directory-manager > elif [ "$server_role" != "basesystem" ]; then # download certificate from master > if [ -x "/usr/sbin/univention-scp" ]; then > echo `date` : "Download host certificate" >> /var/log/univention/setup.log >@@ -232,7 +232,7 @@ fi > > if [ "$server_role" != "basesystem" ]; then > rm -f /etc/univention/ssl/$hostname >- ln -sf /etc/univention/ssl/$hostname.$new_domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$new_domainname" "/etc/univention/ssl/$hostname" > > if [ -d "/etc/univention/ssl/$hostname.$new_domainname" ]; then > echo `date` : "Include new host certificate for Cyrus" >> /var/log/univention/setup.log >diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh >index 58c9da5..1f3096a 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh >+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh >@@ -151,7 +151,7 @@ if [ "$server_role" = "domaincontroller_master" ]; then > fi > > univention-certificate new -name "$hostname.$domainname" >-ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname" >+ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > > run-parts /usr/lib/univention-system-setup/scripts/45_modules/ > >diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst >index d03deba..2ff2bee 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst >+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst >@@ -77,12 +77,12 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [ > # Bug #13549 > rdate time.fu-berlin.de || rdate 130.133.1.10 || true > >- . /usr/share/univention-ssl/make-certificates.sh; >- init; >+ . /usr/share/univention-ssl/make-certificates.sh >+ init > univention-certificate new -name $hostname.$domainname >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > else >- echo "skipped. SSL Certificate found in $CERTPATH "; >+ echo "skipped. SSL Certificate found in $CERTPATH " > fi > fi > >@@ -94,7 +94,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then > fi > > if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > > if [ "$1" = "$configure" -a -z "$2" ]; then >diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst >index d095b16..40f5e10 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst >+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst >@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [ > . /usr/share/univention-ssl/make-certificates.sh; > init; > univention-certificate new -name $hostname.$domainname >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > else > echo "skipped. SSL Certificate found in $CERTPATH "; > fi >@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then > fi > > if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > > if [ "$1" = "$configure" -a -z "$2" ]; then >diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst >index d095b16..40f5e10 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst >+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst >@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [ > . /usr/share/univention-ssl/make-certificates.sh; > init; > univention-certificate new -name $hostname.$domainname >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > else > echo "skipped. SSL Certificate found in $CERTPATH "; > fi >@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then > fi > > if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > > if [ "$1" = "$configure" -a -z "$2" ]; then >diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst >index d095b16..40f5e10 100755 >--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst >+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst >@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [ > . /usr/share/univention-ssl/make-certificates.sh; > init; > univention-certificate new -name $hostname.$domainname >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > else > echo "skipped. SSL Certificate found in $CERTPATH "; > fi >@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then > fi > > if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then >- ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname >+ ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname" > fi > > if [ "$1" = "$configure" -a -z "$2" ]; then
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5791">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 34106
: 5791