Initial revision

1 files changed, 41 insertions, 0 deletions

diff --git a/partimage/build/makecertificate.sh b/partimage/build/makecertificate.sh
new file mode 100644
index 00000000..8dcb99db
--- /dev/null
+++ b/partimage/build/makecertificate.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+#
+# This script creates the certificate that partimaged needs for SSL-encrypted
+# client connections.
+# The script will ask a few questions for which the default answer would
+# suffice, but you may enter whatever you like better.
+# The script will also ask for a passphrase to protect the partimaged key with.
+# Do not choose a passphrase that is too short (less than 6 characters)!
+#
+
+opensslpath="/usr/bin/openssl"
+partconfdir="/etc/partimaged"
+partuser=partimag
+
+# Create certificate for SSL connections
+if test -x ${opensslpath} ; then
+  if test ! -f ${partconfdir}/partimaged.cert ; then
+    echo "generating certificate for partimage/partimaged ssl:"
+    mkdir -p ${partconfdir} >/dev/null
+    touch ${partconfdir}/privkey.pem
+    rm -f ${partconfdir}/privkey.pem
+    ${opensslpath} req -new -x509 -outform PEM \
+      -keyout ${partconfdir}/privkey.pem > ${partconfdir}/partimaged.csr
+    ${opensslpath} rsa -in ${partconfdir}/privkey.pem \
+      -out ${partconfdir}/partimaged.key
+    rm -f ${partconfdir}/privkey.pem
+    ${opensslpath} x509 -in ${partconfdir}/partimaged.csr -out \
+      ${partconfdir}/partimaged.cert -signkey ${partconfdir}/partimaged.key
+    rm ${partconfdir}/partimaged.csr
+    chmod 600 ${partconfdir}/partimaged.key
+    chmod 600 ${partconfdir}/partimaged.cert
+    chown  ${partuser}:root ${partconfdir}/partimaged.key
+    chown  ${partuser}:root ${partconfdir}/partimaged.cert
+  else
+    echo "Found existing certificate; no new certificate will be generated."
+  fi
+else
+  echo "SSL support not found; no certificate can be generated."
+fi
+