Re: [CentOS] bash script input password automatically.
On Fri, 22 Jul 2022, Kaushal Shriyan wrote: Hi, I have the below commands to generate keystore.pkcs12 and keystore.jks files on CentOS Linux release 7.9.2009 (Core) openssl pkcs12 -export -clcerts -in fullchain1.pem -inkey privkey1.pem -out keystore.pkcs12 -name javasso keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -alias javasso I have created a small shell script to generate both keystore.pkcs12 and keystore.jks files. It prompts for a password. Is there a way to key in a password without prompt or non-interactive way? For example password is stored in a file and the bash script will source it instead of manually typing the password. Please suggest. Thanks in advance. See the "PASS PHRASE ARGUMENTS" section of the openssl(1) man page for the various ways openssl can get a password. -- Paul Heinlein heinl...@madboa.com 45°22'48" N, 122°35'36" W ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] bash script input password automatically.
Hi, I have the below commands to generate keystore.pkcs12 and keystore.jks files on CentOS Linux release 7.9.2009 (Core) openssl pkcs12 -export -clcerts -in fullchain1.pem -inkey privkey1.pem -out keystore.pkcs12 -name javasso keytool -importkeystore -srckeystore keystore.pkcs12 -srcstoretype pkcs12 -destkeystore keystore.jks -deststoretype jks -alias javasso I have created a small shell script to generate both keystore.pkcs12 and keystore.jks files. It prompts for a password. Is there a way to key in a password without prompt or non-interactive way? For example password is stored in a file and the bash script will source it instead of manually typing the password. Please suggest. Thanks in advance. Best Regards, Kaushal ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] selinux / duplicate subject to a custom named one
Hey everyone, I wonder if I could copy an selinux subject (processes / httpd) to a local named one. So that it gets the same configuration as the source e.g.: httpd_exec_t -> httpd_microservice_exec_t The problem here: Some http microservices written in golang do get the same label as apache httpd (this is intentional for having a confined service): # ls -laZ /usr/libexec/myservice -rwxr-xr-x. 1 root root system_u:object_r:httpd_exec_t:s0 5168952 22. Jul 17:11 /usr/libexec/myservice Unfortunately, these webservices need access to /proc (e.g. for enumerating the sending queue via /proc/sys/net/core/somaxconn). Instead installing a module that allows this for all "httpd_t" allow httpd_t sysctl_net_t:file read; I would like to have a custom configuration thats a duplication of the http_t one. The module would then only allow read access for applications that really need it. Is that possible? Any other straight approach available? -- Thanks Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos