3 # This shell script will generate an X509 certificate for
4 # your gnunet-gns-proxy and install it (for both GNUnet
7 # TODO: Implement support for more browsers
8 # TODO: Debug and switch to the new version
9 # TODO - The only remaining task is fixing the getopts
12 # The current version partially reuses and recycles
13 # code from build.sh by NetBSD (although not entirely
14 # used because it needs debugging):
16 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
17 # All rights reserved.
19 # This code is derived from software contributed to
20 # The NetBSD Foundation by Todd Vierling and Luke Mewburn.
22 # Redistribution and use in source and binary forms, with or
23 # without modification, are permitted provided that the following
25 # 1. Redistributions of source code must retain the above
26 # copyright notice, this list of conditions and the following
28 # 2. Redistributions in binary form must reproduce the above
29 # copyright notice, this list of conditions and the following
30 # disclaimer in the documentation and/or other materials
31 # provided with the distribution.
33 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
39 # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
40 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
41 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
45 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
46 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
54 #TOP=$( (exec pwd -P 2>/dev/null) || (exec pwd 2>/dev/null) )
69 statusmsg "WARNING: $@"
79 statusmsg "========================================="
82 # Given a variable name in $1, modify the variable in place
84 # Convert possibly-relative path to absolute path by prepending
85 # ${TOP} if necessary. Also delete trailing "/", if any.
90 eval val=\"\${${var}}\"
101 eval ${var}=\"\${val}\"
106 # if [ -n "$*" ]; then
108 # echo "${progname}: $*"
112 # Usage: ${progname} [-fhv] [-c FILE] operation [...]
115 # cert Create the GNS certificate and only insert
117 # browser Create the GNS certificate, insert it in
118 # GNS and install it in webbrowsers found.
119 # all Create the GNS certificate, insert it in
120 # GNS and install it in webbrowsers found.
121 # help Print this help message.
124 # -c FILE Use the configuration file FILE.
125 # -f Perform expansions of the variables used in the config
126 # value of gns-proxy. This will usually expand
127 # $GNUNET_DATA_HOME to represent its path.
128 # -h Print this help message.
129 # -v Print the version.
139 echo "${progname}: $*"
143 Usage: ${progname} [-hv] [-c FILE] [...]
146 -c FILE Use the configuration file FILE.
147 -h Print this help message.
148 -v Print the version and exit.
159 # # For now use POSIX getopts. For the future, refer to
160 # # the shell capabilities check build.sh has?
161 # if type getopts >/dev/null 2>&1; then
162 # # we are a posix shell, we can use the builtin getopts
163 # getoptcmd='getopts ${opts} opt && opt=-${opt}'
165 # optremcmd='shift $((${OPTIND} -1))'
168 # # parse command line options.
169 # while eval ${getoptcmd}; do
173 # eval ${optargcmd}; resolvepath OPTARG
174 # GNUNET_CONFIG_FILE="${OPTARG}"
175 # export GNUNET_CONFIG_FILE
191 # while [ $# -gt 0 ]; do
193 # operations="${operations} ${op}"
203 # usage "Unknown operation \`${op}'"
206 # op="$( echo "$op" | tr -s '.-' '__')"
210 #[ -n "${operations}" ] || usage "Missing operation to perform."
212 # while getopts "c:" opt; do
215 # options="$options -c $OPTARG"
218 # echo "Invalid option: -$OPTARG" >&2
222 # echo "Option -$OPTARG requires an argument." >&2
231 infomsg "Generating CA"
232 TMPDIR=${TMPDIR:-/tmp}
233 if [ -e "$TMPDIR" ]; then
234 GNSCERT=`mktemp -t certXXXXXXXX.pem` || exit 1
235 GNSCAKY=`mktemp -t cakyXXXXXXXX.pem` || exit 1
236 GNSCANO=`mktemp -t canoXXXXXXXX.pem` || exit 1
238 # This warning is mostly pointless.
239 warning "You need to export the TMPDIR variable"
242 # # SETUP_TMPDIR="$HOME/gns_setup"
243 # # if [ ! -e "$SETUP_TMPDIR" ]; then
244 # # mkdir -p $SETUP_TMPDIR
246 # GNSCERT=`mktemp ${00##*/}.pem` || exit 1
247 # GNSCAKY=`mktemp ${00##*/}.pem` || exit 1
248 # GNSCANO=`mktemp ${00##*/}.pem` || exit 1
251 # # ------------- gnutls
253 # if ! which certutil > /dev/null
255 # warningmsg "The 'certutil' command was not found."
256 # warningmsg "Not importing into browsers."
257 # warningmsg "For 'certutil' install nss."
260 # # pkcs#8 password-protects key
261 # certtool --pkcs8 --generate-privkey --sec-param high --outfile ca-key.pem
262 # # self-sign the CA to create public certificate
263 # certtool --generate-self-signed --load-privkey ca-key.pem --template ca.cfg --outfile ca.pem
265 # ------------- openssl
267 OPENSSLCFG=@pkgdatadir@/openssl.cnf
268 if test -z "`openssl version`" > /dev/null
270 warningmsg "'openssl' command not found. Please install it."
271 infomsg "Cleaning up."
272 rm -f $GNSCAKY $GNSCANO $GNSCERT
275 if [ -n "${GNUNET_CONFIG}" ]; then
276 GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
280 GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT -f ${options}`
281 mkdir -p `dirname $GNS_CA_CERT_PEM`
284 if [ verbosity ]; then
287 VERBOSE_OUTPUT="2>/dev/null"
289 openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" ${VERBOSE_OUTPUT}
291 statusmsg "Removing passphrase from key"
292 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO ${VERBOSE_OUTPUT}
294 statusmsg "Making private key available to gnunet-gns-proxy"
295 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
300 # Don't check with -H, -H defies any method to not
301 # print the output on screen! Let's hope that every
302 # certutil gets build with some kind of build flags
303 # which end up being printed here:
304 if test -z "`certutil --build-flags`" > /dev/null 2>&1
306 warningmsg "The 'certutil' command was not found."
307 warningmsg "Not importing into browsers."
308 warningmsg "For 'certutil' install nss."
310 statusmsg "Importing CA into browsers"
311 # TODO: Error handling?
312 for f in ~/.mozilla/firefox/*.*/
315 statusmsg "Importing CA into Firefox at $f"
316 # delete old certificate (if any)
317 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
318 # add new certificate
319 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
322 # TODO: Error handling?
323 if [ -d ~/.pki/nssdb/ ]; then
324 statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
325 # delete old certificate (if any)
326 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
327 # add new certificate
328 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
335 GNUNET_ARM_VERSION=`gnunet-arm -v`
336 echo $GNUNET_ARM_VERSION
341 infomsg "Cleaning up."
342 rm -f $GNSCAKY $GNSCANO $GNSCERT
343 if [ -e $SETUP_TMPDIR ]; then
348 infomsg "You can now start gnunet-gns-proxy."
349 infomsg "Afterwards, configure your browser "
350 infomsg "to use a SOCKS proxy on port 7777. "
356 while getopts "vhVc:" opt; do
369 options="$options -c $OPTARG"
370 infomsg "Using configuration file $OPTARG"
373 echo "Invalid option: -$OPTARG" >&2
377 echo "Option -$OPTARG requires an argument." >&2
391 # for op in ${operations}; do
394 # ${runcmd} "${generate_ca}"
395 # ${runcmd} "${clean_up}"
398 # ${runcmd} "${generate_ca}"
399 # ${runcmd} "${importbrowsers}"
400 # ${runcmd} "${clean_up}"
403 # ${runcmd} "${generate_ca}"
404 # ${runcmd} "${importbrowsers}"
405 # ${runcmd} "${clean_up}"
408 # infomsg "Unknown operation \`${op}'"