3 # This shell script will generate an X509 certificate for
4 # your gnunet-gns-proxy and install it (for both GNUnet
7 # TODO: Implement support for more browsers
8 # TODO: Debug and switch to the new version
9 # TODO - The only remaining task is fixing the getopts
12 # The current version partially reuses and recycles
13 # code from build.sh by NetBSD (although not entirely
14 # used because it needs debugging):
16 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
17 # All rights reserved.
19 # This code is derived from software contributed to
20 # The NetBSD Foundation by Todd Vierling and Luke Mewburn.
22 # Redistribution and use in source and binary forms, with or
23 # without modification, are permitted provided that the following
25 # 1. Redistributions of source code must retain the above
26 # copyright notice, this list of conditions and the following
28 # 2. Redistributions in binary form must reproduce the above
29 # copyright notice, this list of conditions and the following
30 # disclaimer in the documentation and/or other materials
31 # provided with the distribution.
33 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
39 # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
40 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
41 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
45 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
46 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
64 if [ $verbosity = 1 ]; then
71 statusmsg "WARNING: $@"
81 statusmsg "========================================="
89 echo "${progname}: $*"
93 Usage: ${progname} [-hv] [-c FILE] [...]
96 -c FILE Use the configuration file FILE.
97 -h Print this help message.
98 -v Print the version and exit.
109 infomsg "Generating CA"
110 TMPDIR=${TMPDIR:-/tmp}
111 if [ -e "$TMPDIR" ]; then
112 GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1
113 GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1
114 GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1
116 # This warning is mostly pointless.
117 warning "You need to export the TMPDIR variable"
120 # # ------------- gnutls
122 # if ! which certutil > /dev/null
124 # warningmsg "The 'certutil' command was not found."
125 # warningmsg "Not importing into browsers."
126 # warningmsg "For 'certutil' install nss."
129 # # pkcs#8 password-protects key
130 # certtool --pkcs8 --generate-privkey --sec-param high --outfile ca-key.pem
131 # # self-sign the CA to create public certificate
132 # certtool --generate-self-signed --load-privkey ca-key.pem --template ca.cfg --outfile ca.pem
134 # ------------- openssl
136 OPENSSLCFG=@pkgdatadir@/openssl.cnf
137 if test -z "`openssl version`" > /dev/null
139 warningmsg "'openssl' command not found. Please install it."
140 infomsg "Cleaning up."
141 rm -f $GNSCAKY $GNSCANO $GNSCERT
144 if [ -n "${GNUNET_CONFIG}" ]; then
145 GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
149 GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
150 mkdir -p `dirname $GNS_CA_CERT_PEM`
152 openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
154 infomsg "Removing passphrase from key"
155 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
157 infomsg "Making private key available to gnunet-gns-proxy"
158 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
163 # Don't check with -H, -H defies any method to not
164 # print the output on screen! Let's hope that every
165 # certutil gets build with some kind of build flags
166 # which end up being printed here:
167 if test -z "`certutil --build-flags`" > /dev/null 2>&1
169 warningmsg "The 'certutil' command was not found."
170 warningmsg "Not importing into browsers."
171 warningmsg "For 'certutil' install nss."
173 infomsg "Importing CA into browsers"
174 # TODO: Error handling?
175 for f in ~/.mozilla/firefox/*.*/
178 infomsg "Importing CA into Firefox at $f"
179 # delete old certificate (if any)
180 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
181 # add new certificate
182 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
185 # TODO: Error handling?
186 if [ -d ~/.pki/nssdb/ ]; then
187 infomsg "Importing CA into Chrome at ~/.pki/nssdb/"
188 # delete old certificate (if any)
189 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
190 # add new certificate
191 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
198 GNUNET_ARM_VERSION=`gnunet-arm -v`
199 echo $GNUNET_ARM_VERSION
204 infomsg "Cleaning up."
205 rm -f $GNSCAKY $GNSCANO $GNSCERT
206 if [ -e $SETUP_TMPDIR ]; then
211 statusmsg "You can now start gnunet-gns-proxy."
212 statusmsg "Afterwards, configure your browser "
213 statusmsg "to use a SOCKS proxy on port 7777. "
219 while getopts "vhVc:" opt; do
232 options="$options -c $OPTARG"
233 infomsg "Using configuration file $OPTARG"
236 echo "Invalid option: -$OPTARG" >&2
240 echo "Option -$OPTARG requires an argument." >&2