diff options
-rw-r--r-- | abs/core/certmaster/PKGBUILD | 35 | ||||
-rw-r--r-- | abs/core/certmaster/acl_fix_fstab.py | 39 | ||||
-rw-r--r-- | abs/core/certmaster/certmaster-0.28.tar.gz | bin | 0 -> 50409 bytes | |||
-rw-r--r-- | abs/core/certmaster/certmaster.conf | 13 | ||||
-rw-r--r-- | abs/core/certmaster/certmaster.install | 65 | ||||
-rw-r--r-- | abs/core/certmaster/logrotate-certmaster.conf | 19 | ||||
-rw-r--r-- | abs/core/certmaster/minion.conf | 8 |
7 files changed, 179 insertions, 0 deletions
diff --git a/abs/core/certmaster/PKGBUILD b/abs/core/certmaster/PKGBUILD new file mode 100644 index 0000000..3ce72f7 --- /dev/null +++ b/abs/core/certmaster/PKGBUILD @@ -0,0 +1,35 @@ +pkgname=certmaster +pkgver=0.28 +pkgrel=1 +pkgdesc="certmaster" +url="https://fedorahosted.org/certmaster/ " +license="gpl" +depends=(pyopenssl) +makedepends=() +conflicts=() +replaces=() +moddir="pkg/usr/lib/python2.6/site-packages/func/minion/modules/" +backup=('etc/certmaster/certmaster.conf' 'etc/certmaster/minion.conf') + +install=certmaster.install +source=($pkgname-$pkgver.tar.gz certmaster.conf minion.conf acl_fix_fstab.py logrotate-certmaster.conf) +arch=('i686') + +build() { + cd $startdir/src/$pkgname-${pkgver} + python setup.py build + python setup.py install --prefix=$startdir/pkg/usr + cd $startdir/src + install -m755 -D minion.conf $startdir/pkg/etc/certmaster/minion.conf + install -m755 -D certmaster.conf $startdir/pkg/etc/certmaster/certmaster.conf + install -m755 -D logrotate-certmaster.conf $startdir/pkg/etc/logrotate.d/certmaster.conf + install -m755 -D acl_fix_fstab.py $startdir/pkg/usr/MythVantage/bin/acl_fix_fstab.py + mkdir -p $startdir/pkg/var/log/certmaster + cd $startdir/pkg + find ./ -name "*.pyc" -print | xargs rm -f +} +md5sums=('f5acc9ff1efa34971296e26d794c5b35' + '953ff601e5381b457383e7a3c4928192' + 'be7bd532ae103ab3c0048980314b4fd9' + '214e34c095f6f29277197a2a6666f8b2' + '6bc28ccd331a6c4c05e0a9c9755a848f') diff --git a/abs/core/certmaster/acl_fix_fstab.py b/abs/core/certmaster/acl_fix_fstab.py new file mode 100644 index 0000000..8e49a15 --- /dev/null +++ b/abs/core/certmaster/acl_fix_fstab.py @@ -0,0 +1,39 @@ +#!/usr/bin/python2 +import os +import sys +cmd="cp -f /etc/fstab /etc/fstab.backup.pre_acl" +os.system(cmd) +f = open('/etc/fstab', 'r') +fstab=f.readlines() +f.close() + + + + +mp=['/' , '/myth', '/data'] +newfstab=[] +for line in fstab: + new_line=line + split_line=line.split() + try: + if split_line[1] in mp: + #print split_line[3] + if "acl" in split_line[3]: + pass + else: + print "Adding ACL" + new_acl=split_line[3]+",acl" + split_line[3]=new_acl + new_line='\t'.join(split_line) + except: + pass + newfstab.append(new_line) + + +f = open('/etc/fstab', 'w') +for i in newfstab: + f.write(i) + f.write("\n") + +f.close() + diff --git a/abs/core/certmaster/certmaster-0.28.tar.gz b/abs/core/certmaster/certmaster-0.28.tar.gz Binary files differnew file mode 100644 index 0000000..3108221 --- /dev/null +++ b/abs/core/certmaster/certmaster-0.28.tar.gz diff --git a/abs/core/certmaster/certmaster.conf b/abs/core/certmaster/certmaster.conf new file mode 100644 index 0000000..186e1b8 --- /dev/null +++ b/abs/core/certmaster/certmaster.conf @@ -0,0 +1,13 @@ +# configuration for certmasterd and certmaster-ca + +[main] +autosign = yes +listen_addr = +listen_port = 51235 +cadir = /etc/pki/certmaster/ca +cert_dir = /etc/pki/certmaster +certroot = /var/lib/certmaster/certmaster/certs +csrroot = /var/lib/certmaster/certmaster/csrs +cert_extension = cert +sync_certs = False + diff --git a/abs/core/certmaster/certmaster.install b/abs/core/certmaster/certmaster.install new file mode 100644 index 0000000..e0dac8c --- /dev/null +++ b/abs/core/certmaster/certmaster.install @@ -0,0 +1,65 @@ +# This is a default template for a post-install scriptlet. You can +# remove any functions you don't need (and this header). + +# arg 1: the new package version +pre_install() { + /bin/true + mkdir -p /var/log/certmaster +} + +# arg 1: the new package version +post_install() { + if [ ! -e /var/log/certmaster ] + then + mkdir -p /var/log/certmaster + fi + /usr/MythVantage/bin/acl_fix_fstab.py + mount -o remount / + if [ ! -e /etc/pki/certmaster/ca ] + then + mkdir -p /etc/pki/certmaster/ca + fi + + setfacl -d -R -m 'u:nobody:rX' /etc/pki/certmaster + setfacl -R -m 'u:nobody:rX' /etc/pki/certmaster + + setfacl -d -R -m 'u:http:rX' /etc/pki/certmaster + setfacl -R -m 'u:http:rX' /etc/pki/certmaster + + setfacl -R -m mask:rwx /etc/pki/certmaster/ + setfacl -d -R -m mask:rwx /etc/pki/certmaster/ + + + + + +} + +# arg 1: the new package version +# arg 2: the old package version +pre_upgrade() { + /bin/true + + + +} + +# arg 1: the new package version +# arg 2: the old package version +post_upgrade() { + post_install +} + +# arg 1: the old package version +pre_remove() { + /bin/true +} + +# arg 1: the old package version +post_remove() { + /bin/true +} + +op=$1 +shift +$op $* diff --git a/abs/core/certmaster/logrotate-certmaster.conf b/abs/core/certmaster/logrotate-certmaster.conf new file mode 100644 index 0000000..39c3537 --- /dev/null +++ b/abs/core/certmaster/logrotate-certmaster.conf @@ -0,0 +1,19 @@ +/var/log/certmaster/audit.log { + missingok + notifempty + rotate 4 + weekly + postrotate + if [ -f /service/certmaster ]; then + sv restart certmaster + fi + endscript +} + +/var/log/certmaster/certmaster.log { + missingok + notifempty + rotate 4 + weekly +} + diff --git a/abs/core/certmaster/minion.conf b/abs/core/certmaster/minion.conf new file mode 100644 index 0000000..47c6540 --- /dev/null +++ b/abs/core/certmaster/minion.conf @@ -0,0 +1,8 @@ +# configuration for minions + +[main] +certmaster = certmaster +certmaster_port = 51235 +log_level = DEBUG +cert_dir = /etc/pki/certmaster + |