3 # This shell script will generate an X509 certificate for
4 # your gnunet-gns-proxy and install it (for both GNUnet
7 # TODO: Implement support for more browsers
8 # TODO: Debug and switch to the new version
9 # TODO - The only remaining task is fixing the getopts
12 # The current version partially reuses and recycles
13 # code from build.sh by NetBSD (although not entirely
14 # used because it needs debugging):
16 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
17 # All rights reserved.
19 # This code is derived from software contributed to
20 # The NetBSD Foundation by Todd Vierling and Luke Mewburn.
22 # Redistribution and use in source and binary forms, with or
23 # without modification, are permitted provided that the following
25 # 1. Redistributions of source code must retain the above
26 # copyright notice, this list of conditions and the following
28 # 2. Redistributions in binary form must reproduce the above
29 # copyright notice, this list of conditions and the following
30 # disclaimer in the documentation and/or other materials
31 # provided with the distribution.
33 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
39 # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
40 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
41 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
45 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
46 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
54 #TOP=$( (exec pwd -P 2>/dev/null) || (exec pwd 2>/dev/null) )
69 statusmsg "WARNING: $@"
79 statusmsg "========================================="
82 # Given a variable name in $1, modify the variable in place
84 # Convert possibly-relative path to absolute path by prepending
85 # ${TOP} if necessary. Also delete trailing "/", if any.
90 eval val=\"\${${var}}\"
101 eval ${var}=\"\${val}\"
106 # if [ -n "$*" ]; then
108 # echo "${progname}: $*"
112 # Usage: ${progname} [-fhv] [-c FILE] operation [...]
115 # cert Create the GNS certificate and only insert
117 # browser Create the GNS certificate, insert it in
118 # GNS and install it in webbrowsers found.
119 # all Create the GNS certificate, insert it in
120 # GNS and install it in webbrowsers found.
121 # help Print this help message.
124 # -c FILE Use the configuration file FILE.
125 # -f Perform expansions of the variables used in the config
126 # value of gns-proxy. This will usually expand
127 # $GNUNET_DATA_HOME to represent its path.
128 # -h Print this help message.
129 # -v Print the version.
139 echo "${progname}: $*"
143 Usage: ${progname} [-hv] [-c FILE] [...]
146 -c FILE Use the configuration file FILE.
147 -h Print this help message.
148 -v Print the version and exit.
159 # # For now use POSIX getopts. For the future, refer to
160 # # the shell capabilities check build.sh has?
161 # if type getopts >/dev/null 2>&1; then
162 # # we are a posix shell, we can use the builtin getopts
163 # getoptcmd='getopts ${opts} opt && opt=-${opt}'
165 # optremcmd='shift $((${OPTIND} -1))'
168 # # parse command line options.
169 # while eval ${getoptcmd}; do
173 # eval ${optargcmd}; resolvepath OPTARG
174 # GNUNET_CONFIG_FILE="${OPTARG}"
175 # export GNUNET_CONFIG_FILE
178 # GNUNET_PASS_FILENAME=1
179 # export GNUNET_PASS_FILENAME
195 # while [ $# -gt 0 ]; do
197 # operations="${operations} ${op}"
207 # usage "Unknown operation \`${op}'"
210 # op="$( echo "$op" | tr -s '.-' '__')"
214 #[ -n "${operations}" ] || usage "Missing operation to perform."
216 # while getopts "c:" opt; do
219 # options="$options -c $OPTARG"
222 # echo "Invalid option: -$OPTARG" >&2
226 # echo "Option -$OPTARG requires an argument." >&2
235 infomsg "Generating CA"
236 TMPDIR=${TMPDIR:-/tmp}
237 if [ -e "$TMPDIR" ]; then
238 GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1
239 GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1
240 GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1
242 # This warning is mostly pointless.
243 warning "You need to export the TMPDIR variable"
246 # # SETUP_TMPDIR="$HOME/gns_setup"
247 # # if [ ! -e "$SETUP_TMPDIR" ]; then
248 # # mkdir -p $SETUP_TMPDIR
250 # GNSCERT=`mktemp ${00##*/}.pem` || exit 1
251 # GNSCAKY=`mktemp ${00##*/}.pem` || exit 1
252 # GNSCANO=`mktemp ${00##*/}.pem` || exit 1
255 # # ------------- gnutls
257 # if ! which certutil > /dev/null
259 # warningmsg "The 'certutil' command was not found."
260 # warningmsg "Not importing into browsers."
261 # warningmsg "For 'certutil' install nss."
264 # # pkcs#8 password-protects key
265 # certtool --pkcs8 --generate-privkey --sec-param high --outfile ca-key.pem
266 # # self-sign the CA to create public certificate
267 # certtool --generate-self-signed --load-privkey ca-key.pem --template ca.cfg --outfile ca.pem
269 # ------------- openssl
271 OPENSSLCFG=@pkgdatadir@/openssl.cnf
272 if test -z "`openssl version`" > /dev/null
274 warningmsg "'openssl' command not found. Please install it."
275 infomsg "Cleaning up."
276 rm -f $GNSCAKY $GNSCANO $GNSCERT
279 if [ -n "${GNUNET_CONFIG}" ]; then
280 GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
284 if [ GNUNET_PASS_FILENAME ]; then
289 GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT ${GNUNET_OPT_F} -f ${options}`
290 mkdir -p `dirname $GNS_CA_CERT_PEM`
293 if [ verbosity ]; then
296 VERBOSE_OUTPUT="2>/dev/null"
298 openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" ${VERBOSE_OUTPUT}
300 statusmsg "Removing passphrase from key"
301 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO ${VERBOSE_OUTPUT}
303 statusmsg "Making private key available to gnunet-gns-proxy"
304 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
309 # Don't check with -H, -H defies any method to not
310 # print the output on screen! Let's hope that every
311 # certutil gets build with some kind of build flags
312 # which end up being printed here:
313 if test -z "`certutil --build-flags`" > /dev/null 2>&1
315 warningmsg "The 'certutil' command was not found."
316 warningmsg "Not importing into browsers."
317 warningmsg "For 'certutil' install nss."
319 statusmsg "Importing CA into browsers"
320 # TODO: Error handling?
321 for f in ~/.mozilla/firefox/*.*/
324 statusmsg "Importing CA into Firefox at $f"
325 # delete old certificate (if any)
326 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
327 # add new certificate
328 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
331 # TODO: Error handling?
332 if [ -d ~/.pki/nssdb/ ]; then
333 statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
334 # delete old certificate (if any)
335 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
336 # add new certificate
337 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
344 GNUNET_ARM_VERSION=`gnunet-arm -v`
345 echo $GNUNET_ARM_VERSION
350 infomsg "Cleaning up."
351 rm -f $GNSCAKY $GNSCANO $GNSCERT
352 if [ -e $SETUP_TMPDIR ]; then
357 infomsg "You can now start gnunet-gns-proxy."
358 infomsg "Afterwards, configure your browser "
359 infomsg "to use a SOCKS proxy on port 7777. "
365 while getopts "vhVc:" opt; do
378 options="$options -c $OPTARG"
379 infomsg "Using configuration file $OPTARG"
382 echo "Invalid option: -$OPTARG" >&2
386 echo "Option -$OPTARG requires an argument." >&2
400 # for op in ${operations}; do
403 # ${runcmd} "${generate_ca}"
404 # ${runcmd} "${clean_up}"
407 # ${runcmd} "${generate_ca}"
408 # ${runcmd} "${importbrowsers}"
409 # ${runcmd} "${clean_up}"
412 # ${runcmd} "${generate_ca}"
413 # ${runcmd} "${importbrowsers}"
414 # ${runcmd} "${clean_up}"
417 # infomsg "Unknown operation \`${op}'"