update tls-install.sh

Reviewed by: gshapiro
svn path=/head/; revision=68415
2002-10-20 14:05:47 +00:00 · 2002-10-20 14:05:47 +00:00 · ce29408741 · 2021-03-31 03:12:20 +00:00
commit ce29408741
parent ec1cfc9a70
4 changed files with 50 additions and 38 deletions
--- a/mail/sendmail/Makefile
+++ b/mail/sendmail/Makefile
@ -225,6 +225,7 @@ ${DESTDIR}/etc/mail/submit.cf:	${DESTDIR}/etc/mail/submit.mc
 root-sasldb:
 	@${ECHO_CMD} "# Links:"
 	@${ECHO_CMD} "#"
+	@${ECHO_CMD} "# http://www.sendmail.org/~gshapiro/
 	@${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
 	@${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
 	@${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
--- a/mail/sendmail/files/tls-install.sh
+++ b/mail/sendmail/files/tls-install.sh
@ -1,18 +1,18 @@
 #!/bin/sh
 #
-CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}"
 FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
 REALM=`hostname`

 echo "creating: ${CADIR} on ${REALM}"
-for i in certs crl newcerts private
+for i in certs crl newcerts private ../private
 do
 	if test ! -d "${CADIR}/${i}"
 	then
 		mkdir -p "${CADIR}/${i}"
 	fi
 done
-chmod 0600 "${CADIR}/private"
+chmod 0700 "${CADIR}/private" "${CADIR}/../private"
 cd "${CADIR}" || exit 65

 if test ! -f openssl.cnf
@ -24,47 +24,50 @@ fi
 if test ! -f "serial"
 then
 	echo "generating: serial"
+	umask 0022
 	echo "01" > "serial"
 fi

 if test ! -f "index.txt"
 then
 	echo "generating: index.txt"
+	umask 0022
 	cp /dev/null "index.txt"
 fi

 if test ! -f "cacert.pem"
 then
 	echo "generating CA"
+	umask 0077
 	openssl req -new -x509 -config openssl.cnf \
 		-keyout private/cakey.pem \
 		-out cacert.pem
-	chmod 0600 "private/cakey.pem"
 fi

-if test ! -f "sendmailcert.pem"
+if test ! -f "../sendmailcert.pem"
 then
-	if test ! -f "private/sendmailkey.pem"
+	if test ! -f "../private/sendmailkey.pem"
 	then
-		echo "generating server CERT"
+		echo "creating cert signing request"
 		umask 0066
 		openssl req -nodes -new -x509 -config openssl.cnf \
-			-keyout private/sendmailkey.pem \
-			-out private/sendmailkey.pem
+			-keyout ../private/sendmailkey.pem \
+			-out ../private/sendmailkey.pem
 	fi
 	if test ! -f "newcsr.pem"
 	then
-		echo "signing CERT1"
+		echo "self signing cert"
+		umask 0066
 		openssl x509 -x509toreq \
-			-in private/sendmailkey.pem \
-			-signkey private/sendmailkey.pem \
+			-in ../private/sendmailkey.pem \
+			-signkey ../private/sendmailkey.pem \
 			-out newcsr.pem
 	fi
 	if test ! -f "sendmailcert.pem"
 	then
-		echo "signing CERT2"
+		echo "signing cert"
 		openssl ca -config openssl.cnf -policy policy_anything \
-			-out sendmailcert.pem \
+			-out ../sendmailcert.pem \
 			-infiles newcsr.pem
 		rm -f newcsr.pem
 	fi
@ -72,16 +75,18 @@ fi

 sed 's/^X//' << 'END-of-files/tls.m4'
 X# links:
+X# http://www.sendmail.org/~gshapiro/
 X# http://www.sendmail.org/~ca/email/starttls.html
 X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
 X#
 X# You may need to add this to your sendmail.mc file:
 X
-Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
-Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
-Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
-Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
-Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl
+Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl
+Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl
 X
 END-of-files/tls.m4
 exit
--- a/mail/sendmail812/Makefile
+++ b/mail/sendmail812/Makefile
@ -225,6 +225,7 @@ ${DESTDIR}/etc/mail/submit.cf:	${DESTDIR}/etc/mail/submit.mc
 root-sasldb:
 	@${ECHO_CMD} "# Links:"
 	@${ECHO_CMD} "#"
+	@${ECHO_CMD} "# http://www.sendmail.org/~gshapiro/
 	@${ECHO_CMD} "# http://www.sendmail.org/~ca/email/auth.html"
 	@${ECHO_CMD} "# http://www.asp.ogi.edu/people/paja/linux/sendmail/"
 	@${ECHO_CMD} "# http://blue-labs.org/clue/sendmail.php"
--- a/mail/sendmail812/files/tls-install.sh
+++ b/mail/sendmail812/files/tls-install.sh
@ -1,18 +1,18 @@
 #!/bin/sh
 #
-CADIR="${CADIR-${DESTDIR}/etc/mail/certs}"
+CADIR="${CADIR-${DESTDIR}/etc/mail/certs/CA}"
 FILSEDIR="${FILESDIR-/usr/ports/mail/sendmail/files}"
 REALM=`hostname`

 echo "creating: ${CADIR} on ${REALM}"
-for i in certs crl newcerts private
+for i in certs crl newcerts private ../private
 do
 	if test ! -d "${CADIR}/${i}"
 	then
 		mkdir -p "${CADIR}/${i}"
 	fi
 done
-chmod 0600 "${CADIR}/private"
+chmod 0700 "${CADIR}/private" "${CADIR}/../private"
 cd "${CADIR}" || exit 65

 if test ! -f openssl.cnf
@ -24,47 +24,50 @@ fi
 if test ! -f "serial"
 then
 	echo "generating: serial"
+	umask 0022
 	echo "01" > "serial"
 fi

 if test ! -f "index.txt"
 then
 	echo "generating: index.txt"
+	umask 0022
 	cp /dev/null "index.txt"
 fi

 if test ! -f "cacert.pem"
 then
 	echo "generating CA"
+	umask 0077
 	openssl req -new -x509 -config openssl.cnf \
 		-keyout private/cakey.pem \
 		-out cacert.pem
-	chmod 0600 "private/cakey.pem"
 fi

-if test ! -f "sendmailcert.pem"
+if test ! -f "../sendmailcert.pem"
 then
-	if test ! -f "private/sendmailkey.pem"
+	if test ! -f "../private/sendmailkey.pem"
 	then
-		echo "generating server CERT"
+		echo "creating cert signing request"
 		umask 0066
 		openssl req -nodes -new -x509 -config openssl.cnf \
-			-keyout private/sendmailkey.pem \
-			-out private/sendmailkey.pem
+			-keyout ../private/sendmailkey.pem \
+			-out ../private/sendmailkey.pem
 	fi
 	if test ! -f "newcsr.pem"
 	then
-		echo "signing CERT1"
+		echo "self signing cert"
+		umask 0066
 		openssl x509 -x509toreq \
-			-in private/sendmailkey.pem \
-			-signkey private/sendmailkey.pem \
+			-in ../private/sendmailkey.pem \
+			-signkey ../private/sendmailkey.pem \
 			-out newcsr.pem
 	fi
 	if test ! -f "sendmailcert.pem"
 	then
-		echo "signing CERT2"
+		echo "signing cert"
 		openssl ca -config openssl.cnf -policy policy_anything \
-			-out sendmailcert.pem \
+			-out ../sendmailcert.pem \
 			-infiles newcsr.pem
 		rm -f newcsr.pem
 	fi
@ -72,16 +75,18 @@ fi

 sed 's/^X//' << 'END-of-files/tls.m4'
 X# links:
+X# http://www.sendmail.org/~gshapiro/
 X# http://www.sendmail.org/~ca/email/starttls.html
 X# http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml
 X#
 X# You may need to add this to your sendmail.mc file:
 X
-Xdefine(`CERT_DIR', `MAIL_SETTINGS_DIR`'certs')dnl
-Xdefine(`confCACERT_PATH', `CERT_DIR')dnl
-Xdefine(`confCACERT', `CERT_DIR/cacert.pem')dnl
-Xdefine(`confSERVER_CERT', `CERT_DIR/sendmailcert.pem')dnl
-Xdefine(`confSERVER_KEY', `CERT_DIR/private/sendmailkey.pem')dnl
+Xdefine(`confCACERT_PATH', `MAIL_SETTINGS_DIR`'certs')dnl
+Xdefine(`confCACERT', `confCACERT_PATH/CA/cacert.pem')dnl
+Xdefine(`confSERVER_CERT', `confCACERT_PATH/sendmailcert.pem')dnl
+Xdefine(`confSERVER_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl
+Xdefine(`confCLIENT_CERT', `confCACERT_PATH/sendmailcert.pem')dnl
+Xdefine(`confCLIENT_KEY', `confCACERT_PATH/private/sendmailkey.pem')dnl
 X
 END-of-files/tls.m4
 exit