[opensuse-commit] commit opensuse-openldap-image for openSUSE:Factory

User for buildservice source handling Fri, 13 Nov 2020 03:10:11 -0800

Hello community,

here is the log from the commit of package opensuse-openldap-image for 
openSUSE:Factory checked in at 2020-11-11 20:46:57
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opensuse-openldap-image (Old)
 and      /work/SRC/openSUSE:Factory/.opensuse-openldap-image.new.26437 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "opensuse-openldap-image"

Wed Nov 11 20:46:57 2020 rev:3 rq:847721 version:1.0.0

Changes:
--------
--- 
/work/SRC/openSUSE:Factory/opensuse-openldap-image/opensuse-openldap-image.changes
  2020-10-26 16:23:30.847282636 +0100
+++ 
/work/SRC/openSUSE:Factory/.opensuse-openldap-image.new.26437/opensuse-openldap-image.changes
       2020-11-11 20:47:04.307685291 +0100
@@ -1,0 +2,5 @@
+Wed Nov  4 17:52:32 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Add common scripts tar archive now containing ssl-helper
+
+-------------------------------------------------------------------

New:
----
  common-scripts.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ opensuse-openldap-image.kiwi ++++++
--- /var/tmp/diff_new_pack.Sj0p6O/_old  2020-11-11 20:47:05.103686039 +0100
+++ /var/tmp/diff_new_pack.Sj0p6O/_new  2020-11-11 20:47:05.103686039 +0100
@@ -61,5 +61,6 @@
     <package name="-busybox-findutils"/>
     <package name="-busybox-man"/>
     <archive name="entrypoint.tar.gz"/>
+    <archive name="common-scripts.tar.gz"/>
   </packages>
 </image>

++++++ README.md ++++++
--- /var/tmp/diff_new_pack.Sj0p6O/_old  2020-11-11 20:47:05.151686084 +0100
+++ /var/tmp/diff_new_pack.Sj0p6O/_new  2020-11-11 20:47:05.155686087 +0100
@@ -90,7 +90,7 @@
 certificates into the container and adjusting the following environment 
variables:
 
 ```sh
-podman run --hostname ldap.example.org -v 
/srv/openldap/certs:/etc/openldap/certs:Z \
+podman run -v /srv/openldap/certs:/etc/openldap/certs:Z \
        -e LDAP_TLS_CRT=/etc/openldap/certs/ldap.crt \
        -e LDAP_TLS_KEY=/etc/openldap/certs/ldap.key \
        -e LDAP_TLS_CA_CRT=/etc/openldap/certs/ca.crt \

++++++ _service ++++++
--- /var/tmp/diff_new_pack.Sj0p6O/_old  2020-11-11 20:47:05.175686106 +0100
+++ /var/tmp/diff_new_pack.Sj0p6O/_new  2020-11-11 20:47:05.179686110 +0100
@@ -14,11 +14,15 @@
         <param name="subdir">openldap</param>
         <param name="filename">entrypoint</param>
         <param name="include">entrypoint.sh</param>
-        <param name="include">ssl-helper</param>
         <param name="include">slapd.init.ldif</param>
         <param name="include">ldif</param>
         <param name="include">tls</param>
     </service>
+    <service name="tar" mode="disabled">
+        <param name="subdir">common</param>
+        <param name="filename">common-scripts</param>
+        <param name="include">ssl-helper</param>
+    </service>
     <service name="recompress" mode="disabled">
         <param name="file">*.tar</param>
         <param name="compression">gz</param>

++++++ entrypoint.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/entrypoint/entrypoint.sh new/entrypoint/entrypoint.sh
--- old/entrypoint/entrypoint.sh        2020-10-26 13:40:28.000000000 +0100
+++ new/entrypoint/entrypoint.sh        2020-11-04 18:53:45.000000000 +0100
@@ -275,7 +275,7 @@
        echo "Add TLS config..."
 
        mkdir -p /etc/openldap/certs
-       /entrypoint/ssl-helper "$LDAP_TLS_CRT" "$LDAP_TLS_KEY" 
"$LDAP_TLS_CA_CRT" "$LDAP_TLS_CA_KEY"
+       /common-scripts/ssl-helper "$LDAP_TLS_CRT" "$LDAP_TLS_KEY" 
"$LDAP_TLS_CA_CRT" "$LDAP_TLS_CA_KEY"
        # make sure slapd is allowed to read it the files
        chown ldap:ldap "$LDAP_TLS_CRT" "$LDAP_TLS_KEY"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/entrypoint/ssl-helper new/entrypoint/ssl-helper
--- old/entrypoint/ssl-helper   2020-10-26 13:40:28.000000000 +0100
+++ new/entrypoint/ssl-helper   1970-01-01 01:00:00.000000000 +0100
@@ -1,89 +0,0 @@
-#!/bin/bash
-
-# This tool helps to generate tls certificates
-
-CERT_FILE=$1
-KEY_FILE=$2
-CA_CERT_FILE=$3
-CA_KEY_FILE=$4
-
-# Some defaults
-SSL_CA_CSR_COUNTRY=${SSL_CA_CSR_COUNTRY:-"DE"}
-SSL_CA_CSR_STATE=${SSL_CA_CSR_STATE:-"Bavaria"}
-SSL_CA_CSR_ORGANIZATION_UNIT=${SSL_CA_CSR_ORGANIZATION_UNIT:-"Dummy CA"}
-SSL_CA_CSR_CN=${SSL_CA_CSR_CN:-"$(hostname -f)"}
-SSL_ORGANIZATION_UNIT=${SSL_ORGANIZATION_UNIT:-"Server Certificate"}
-
-if [ -z "${CERT_FILE}" ] || [ -z "${KEY_FILE}" ] || [ -z "${CA_CERT_FILE}" ] 
|| [ -z "${CA_KEY_FILE}" ]; then
-    echo "Usage: ssl-helper cert_file key_file ca_cert_file ca_key_file" >&2
-    exit 1
-fi
-
-if [ ! -e "${CA_CERT_FILE}" ]; then
-    echo "No CA cert file found, generating one"
-
-    if [ ! -e "${CA_KEY_FILE}" ]; then
-        echo "Generating private CA key..."
-       # RSA: openssl genrsa -out "${CA_KEY_FILE}" 4096
-       # ecdsa 384:
-       openssl ecparam -genkey -name secp384r1 -noout -out "${CA_KEY_FILE}"
-       chmod 600 "${CA_KEY_FILE}"
-    fi
-
-    echo "Generating CA certificate..."
-    openssl req -x509 -new -nodes -key "${CA_KEY_FILE}" -sha256 -days 1024 \
-           -subj 
"/C=${SSL_CA_CSR_COUNTRY}/ST=${SSL_CA_CSR_STATE}/O=${SSL_CA_CSR_ORGANIZATION_UNIT}/CN=${SSL_CA_CSR_CN}"
 \
-           -out "${CA_CERT_FILE}"
-fi
-
-if [ ! -e "${CERT_FILE}" ] && [ ! -e "${KEY_FILE}" ]; then
-
-    function buildExtCnf() {
-       cat << EOF > "${WORKDIR}/v3.ext"
-authorityKeyIdentifier=keyid,issuer
-basicConstraints=CA:FALSE
-keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
-subjectAltName = @alt_names
-[alt_names]
-DNS.1 = localhost
-EOF
-
-       if [ -n "${HOSTNAME}" ]; then
-           echo "DNS.2 = ${HOSTNAME}" >> "${WORKDIR}/v3.ext"
-       else
-           echo "DNS.2 = $(hostname -f)" >> "${WORKDIR}/v3.ext"
-           echo "DNS.3 = $(hostname)" >> "${WORKDIR}/v3.ext"
-       fi
-    }
-
-    echo "No certificate file and certificate key provided, generate:"
-    echo "${CERT_FILE} and ${KEY_FILE}"
-
-    WORKDIR="$(mktemp -d)"
-
-    buildExtCnf
-
-    echo "Generating certificate key..."
-    openssl genrsa -out "${KEY_FILE}" 2048
-    echo "Generating sign request..."
-    openssl req -new -sha256 -key "${KEY_FILE}" \
-           -subj "/O=${SSL_ORGANIZATION_UNIT}/CN=${HOSTNAME}" \
-           -out "${WORKDIR}/cert.csr"
-
-    echo "Generating certificate..."
-    openssl x509 -req -in "${WORKDIR}/cert.csr" -CA "${CA_CERT_FILE}" \
-           -CAkey "${CA_KEY_FILE}" -CAcreateserial -days 365 -sha256 \
-           -extfile "${WORKDIR}/v3.ext" \
-           -out "${CERT_FILE}"
-
-    rm -rf "${WORKDIR}"
-
-elif [ ! -e "${KEY_FILE}" ]; then
-    echo "ERROR: Certificate file ${CERT_FILE} exists but not key file 
${KEY_FILE}" >&2
-    exit 1
-elif [ ! -e "${CERT_FILE}" ]; then
-    echo "ERROR: Key file ${KEY_FILE} exists but not certificate file 
${CERT_FILE}" >&2
-    exit 1
-else
-    echo "Files ${CERT_FILE} and ${KEY_FILE} exists, do nothing..."
-fi
_______________________________________________
openSUSE Commits mailing list -- [email protected]
To unsubscribe, email [email protected]
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives: 
https://lists.opensuse.org/archives/list/[email protected]

[opensuse-commit] commit opensuse-openldap-image for openSUSE:Factory

Reply via email to