3 # This shell script will generate an X509 certificate for
4 # your gnunet-gns-proxy and install it (for both GNUnet
7 # TODO: Implement support for more browsers
8 # TODO: Debug and switch to the new version
9 # TODO - The only remaining task is fixing the getopts
12 # The current version partially reuses and recycles
13 # code from build.sh by NetBSD (although not entirely
14 # used because it needs debugging):
16 # Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
17 # All rights reserved.
19 # This code is derived from software contributed to
20 # The NetBSD Foundation by Todd Vierling and Luke Mewburn.
22 # Redistribution and use in source and binary forms, with or
23 # without modification, are permitted provided that the following
25 # 1. Redistributions of source code must retain the above
26 # copyright notice, this list of conditions and the following
28 # 2. Redistributions in binary form must reproduce the above
29 # copyright notice, this list of conditions and the following
30 # disclaimer in the documentation and/or other materials
31 # provided with the distribution.
33 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34 # CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35 # INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36 # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 # IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
39 # ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
40 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
41 # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42 # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
45 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
46 # THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
54 #TOP=$( (exec pwd -P 2>/dev/null) || (exec pwd 2>/dev/null) )
69 statusmsg "WARNING: $@"
79 statusmsg "========================================="
82 # Given a variable name in $1, modify the variable in place
84 # Convert possibly-relative path to absolute path by prepending
85 # ${TOP} if necessary. Also delete trailing "/", if any.
90 eval val=\"\${${var}}\"
101 eval ${var}=\"\${val}\"
106 # if [ -n "$*" ]; then
108 # echo "${progname}: $*"
112 # Usage: ${progname} [-fhv] [-c FILE] operation [...]
115 # cert Create the GNS certificate and only insert
117 # browser Create the GNS certificate, insert it in
118 # GNS and install it in webbrowsers found.
119 # all Create the GNS certificate, insert it in
120 # GNS and install it in webbrowsers found.
121 # help Print this help message.
124 # -c FILE Use the configuration file FILE.
125 # -f Perform expansions of the variables used in the config
126 # value of gns-proxy. This will usually expand
127 # $GNUNET_DATA_HOME to represent its path.
128 # -h Print this help message.
129 # -v Print the version.
139 echo "${progname}: $*"
143 Usage: ${progname} [-hv] [-c FILE] [...]
146 -c FILE Use the configuration file FILE.
147 -h Print this help message.
148 -v Print the version and exit.
159 # # For now use POSIX getopts. For the future, refer to
160 # # the shell capabilities check build.sh has?
161 # if type getopts >/dev/null 2>&1; then
162 # # we are a posix shell, we can use the builtin getopts
163 # getoptcmd='getopts ${opts} opt && opt=-${opt}'
165 # optremcmd='shift $((${OPTIND} -1))'
168 # # parse command line options.
169 # while eval ${getoptcmd}; do
173 # eval ${optargcmd}; resolvepath OPTARG
174 # GNUNET_CONFIG_FILE="${OPTARG}"
175 # export GNUNET_CONFIG_FILE
178 # GNUNET_PASS_FILENAME=1
179 # export GNUNET_PASS_FILENAME
195 # while [ $# -gt 0 ]; do
197 # operations="${operations} ${op}"
207 # usage "Unknown operation \`${op}'"
210 # op="$( echo "$op" | tr -s '.-' '__')"
214 #[ -n "${operations}" ] || usage "Missing operation to perform."
216 # while getopts "c:" opt; do
219 # options="$options -c $OPTARG"
222 # echo "Invalid option: -$OPTARG" >&2
226 # echo "Option -$OPTARG requires an argument." >&2
235 infomsg "Generating CA"
236 TMPDIR=${TMPDIR:-/tmp}
237 if [ -e "$TMPDIR" ]; then
238 GNSCERT=`mktemp -t ${00##*/}.pem` || exit 1
239 GNSCAKY=`mktemp -t ${00##*/}.pem` || exit 1
240 GNSCANO=`mktemp -t ${00##*/}.pem` || exit 1
242 # This warning is mostly pointless.
243 warning "You need to export the TMPDIR variable"
246 # # SETUP_TMPDIR="$HOME/gns_setup"
247 # # if [ ! -e "$SETUP_TMPDIR" ]; then
248 # # mkdir -p $SETUP_TMPDIR
250 # GNSCERT=`mktemp ${00##*/}.pem` || exit 1
251 # GNSCAKY=`mktemp ${00##*/}.pem` || exit 1
252 # GNSCANO=`mktemp ${00##*/}.pem` || exit 1
255 OPENSSLCFG=@pkgdatadir@/openssl.cnf
256 if ! which openssl > /dev/null
258 warningmsg "'openssl' command not found. Please install it."
259 infomsg "Cleaning up."
260 rm -f $GNSCAKY $GNSCANO $GNSCERT
263 if [ -n "${GNUNET_CONFIG}" ]; then
264 GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
268 if [ GNUNET_PASS_FILENAME ]; then
273 GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT ${GNUNET_OPT_F} -f ${options}`
274 mkdir -p `dirname $GNS_CA_CERT_PEM`
277 if [ verbosity ]; then
280 VERBOSE_OUTPUT="2>/dev/null"
282 openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" ${VERBOSE_OUTPUT}
284 statusmsg "Removing passphrase from key"
285 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO ${VERBOSE_OUTPUT}
287 statusmsg "Making private key available to gnunet-gns-proxy"
288 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
293 if ! which certutil > /dev/null
295 warningmsg "The 'certutil' command was not found."
296 warningmsg "Not importing into browsers."
297 warningmsg "For 'certutil' install nss."
299 statusmsg "Importing CA into browsers"
300 # TODO: Error handling?
301 for f in ~/.mozilla/firefox/*.*/
304 statusmsg "Importing CA into Firefox at $f"
305 # delete old certificate (if any)
306 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
307 # add new certificate
308 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
311 # TODO: Error handling?
312 if [ -d ~/.pki/nssdb/ ]; then
313 statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
314 # delete old certificate (if any)
315 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
316 # add new certificate
317 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
324 GNUNET_ARM_VERSION=`gnunet-arm -v`
325 echo $GNUNET_ARM_VERSION
330 infomsg "Cleaning up."
331 rm -f $GNSCAKY $GNSCANO $GNSCERT
332 if [ -e $SETUP_TMPDIR ]; then
337 infomsg "You can now start gnunet-gns-proxy."
338 infomsg "Afterwards, configure your browser "
339 infomsg "to use a SOCKS proxy on port 7777. "
345 while getopts "vhVc:" opt; do
358 options="$options -c $OPTARG"
359 infomsg "Using configuration file $OPTARG"
362 echo "Invalid option: -$OPTARG" >&2
366 echo "Option -$OPTARG requires an argument." >&2
380 # for op in ${operations}; do
383 # ${runcmd} "${generate_ca}"
384 # ${runcmd} "${clean_up}"
387 # ${runcmd} "${generate_ca}"
388 # ${runcmd} "${importbrowsers}"
389 # ${runcmd} "${clean_up}"
392 # ${runcmd} "${generate_ca}"
393 # ${runcmd} "${importbrowsers}"
394 # ${runcmd} "${clean_up}"
397 # infomsg "Unknown operation \`${op}'"