rpms/crypto-utils/devel Makefile, 1.1, 1.2 certwatch.c, 1.6, 1.7 certwatch.cron, 1.2, 1.3 certwatch.xml, 1.1, 1.2 crypto-utils.spec, 1.12, 1.13 genkey.xml, 1.1, 1.2
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Apr 26 09:20:47 UTC 2005
Author: jorton
Update of /cvs/dist/rpms/crypto-utils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15888
Modified Files:
Makefile certwatch.c certwatch.cron certwatch.xml
crypto-utils.spec genkey.xml
Log Message:
* Tue Apr 26 2005 Joe Orton <jorton at redhat.com> 2.2-2
- add configuration options for certwatch (#152990)
- allow passing options in certwatch.cron via $CERTWATCH_OPTS
- require openssl with /etc/pki/tls
Index: Makefile
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/Makefile,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- Makefile 9 Sep 2004 03:59:24 -0000 1.1
+++ Makefile 26 Apr 2005 09:20:45 -0000 1.2
@@ -4,3 +4,9 @@
SPECFILE = $(firstword $(wildcard *.spec))
include ../common/Makefile.common
+
+certwatch: certwatch.c
+ gcc -Wall -Werror -O2 -g $< -o $@ -lcrypto
+
+test-certwatch: certwatch
+ ./certwatch
Index: certwatch.c
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/certwatch.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- certwatch.c 10 Nov 2004 14:16:02 -0000 1.6
+++ certwatch.c 26 Apr 2005 09:20:45 -0000 1.7
@@ -1,5 +1,5 @@
/*
- Copyright 2004 Red Hat, Inc.
+ Copyright 2005 Red Hat, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -38,6 +38,10 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <getopt.h>
+
+static int warn_period = 30;
+static char *warn_address = "root";
/* Turn an ASN.1 UTCTIME object into a time_t, ish. */
static time_t decode_utctime(const ASN1_UTCTIME *utc)
@@ -84,7 +88,7 @@
strcpy(subj, "will expire today");
} else if (days == 1) {
sprintf(subj, "will expire tomorrow");
- } else if (days < 30) {
+ } else if (days < warn_period) {
sprintf(subj, "will expire in %d days", days);
} else {
return 0; /* nothing to warn about. */
@@ -92,14 +96,17 @@
if (quiet) return 1;
- fputs("To: root\n", out);
+ fprintf(out, "To: %s\n", warn_address);
fprintf(out, "Subject: The certificate for %s %s\n", hostname, subj);
fputs("\n", out);
fprintf(out,
" ################# SSL Certificate Warning ################\n\n");
- fprintf(out, " Certificate for %s, in '%s':\n\n", hostname, filename);
+ fprintf(out,
+ " Certificate for %s, in file:\n"
+ " %s\n\n",
+ hostname, filename);
if (renew) {
fputs(" The certificate needs to be renewed; this can be done\n"
@@ -180,15 +187,29 @@
int main(int argc, char **argv)
{
- int quiet = 0;
-
- if (argc == 3 && strcmp(argv[1], "-q") == 0) {
- quiet = 1;
- argc--;
- argv++;
- }
+ int optc, quiet = 0;
+ static const struct option options[] = {
+ { "quiet", no_argument, NULL, 'q' },
+ { "period", required_argument, NULL, 'p' },
+ { "address", required_argument, NULL, 'a' },
+ { NULL }
+ };
- if (argc != 2) return 0;
+ while ((optc = getopt_long(argc, argv, "qhvp:", options, NULL)) != -1) {
+ switch (optc) {
+ case 'q':
+ quiet = 1;
+ break;
+ case 'p':
+ warn_period = atoi(optarg);
+ break;
+ case 'a':
+ warn_address = strdup(optarg);
+ break;
+ default:
+ exit(2);
+ }
+ }
- return check_cert(argv[1], quiet) == 1 ? EXIT_SUCCESS : EXIT_FAILURE;
+ return check_cert(argv[optind], quiet) == 1 ? EXIT_SUCCESS : EXIT_FAILURE;
}
Index: certwatch.cron
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/certwatch.cron,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- certwatch.cron 15 Feb 2005 16:30:01 -0000 1.2
+++ certwatch.cron 26 Apr 2005 09:20:45 -0000 1.3
@@ -2,7 +2,8 @@
#
# Issue warning e-mails if SSL certificates expire, using
# certwatch(8). Set NOCERTWATCH=yes in /etc/sysconfig/httpd
-# to disable.
+# to disable. Pass additional options to certwatch in the
+# CERTWATCH_OPTS variable.
#
[ -r /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
@@ -27,6 +28,6 @@
for c in $certs; do
# Check whether a warning message is needed, then issue one if so.
- /usr/bin/certwatch -q "$c" &&
- /usr/bin/certwatch "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
+ /usr/bin/certwatch $CERTWATCH_OPTS -q "$c" &&
+ /usr/bin/certwatch $CERTWATCH_OPTS "$c" | /usr/sbin/sendmail -oem -oi -t 2>/dev/null
done
Index: certwatch.xml
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/certwatch.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- certwatch.xml 10 Sep 2004 14:16:06 -0000 1.1
+++ certwatch.xml 26 Apr 2005 09:20:45 -0000 1.2
@@ -5,7 +5,7 @@
<refentryinfo>
<productname>crypto-utils</productname>
- <date>September 2004</date>
+ <date>April 2005</date>
</refentryinfo>
<refmeta>
@@ -21,7 +21,7 @@
<refsynopsisdiv>
<cmdsynopsis>
<command>certwatch</command>
- <arg choice="opt"><option>-q</option></arg>
+ <arg choice="opt">OPTION...</arg>
<arg choice="plain"><replaceable>filename</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -39,18 +39,52 @@
outside its validity period, or approaching expiry. If the
certificate cannot be found, or any errors occur whilst parsing
the certificate, the certificate is ignored and no output is
- produced.</para>
+ produced. In quiet mode, no output is given, but the exit status
+ can still be used.</para>
- <para>In quiet mode (when the <literal>-q</literal> argument is
- given), no output is ever produced.</para>
-
+ </refsect1>
+
+
+ <refsect1>
+ <title>Options</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term><option>--quiet</option> or <option>-q</option></term>
+
+ <listitem><simpara>Enable quiet mode; no output is produced
+ whether the certificate is expired or not</simpara></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--period <replaceable>days</replaceable></option>
+ or <option>-p <replaceable>days</replaceable></option></term>
+
+ <listitem><simpara>Specify the number of days within which an
+ expiry warning will be produced; default is 30. Expiry
+ warnings are always produced if, on the day of invocation, the
+ certificate is not yet valid, has already expired, or is due
+ to expire either that day or the following
+ day.</simpara></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--address <replaceable>address</replaceable></option>
+ or <option>-a <replaceable>address</replaceable></option></term>
+
+ <listitem><simpara>Specify the address used in the To field of
+ the warning e-mail issued if quiet mode is not enabled. The
+ default is <literal>root</literal>.</simpara></listitem>
+ </varlistentry>
+
+ </variablelist>
</refsect1>
<refsect1>
<title>Diagnostics</title>
- <para>In both modes of operation, the exit code indicates the
- state of the certificate:</para>
+ <para>The exit code indicates the state of the certificate:</para>
<variablelist>
<varlistentry>
@@ -78,7 +112,9 @@
imminent expiry of SSL certificates configured for use in the
Apache HTTP server. This warning can be disabled by adding the
line: <literal>NOCERTWATCH=yes</literal> to the file
- <filename>/etc/sysconfig/httpd</filename>.</para>
+ <filename>/etc/sysconfig/httpd</filename>. Options to pass to
+ certwatch can be specified in that file in the
+ <literal>CERTWATCH_OPTS</literal> environment variable.</para>
</refsect1>
@@ -87,5 +123,11 @@
<para><filename>/etc/cron.daily/certwatch</filename></para>
</refsect1>
+
+ <refsect1>
+ <title>See also</title>
+
+ <para>genkey(1)</para>
+ </refsect1>
</refentry>
Index: crypto-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/crypto-utils.spec,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- crypto-utils.spec 25 Apr 2005 14:44:40 -0000 1.12
+++ crypto-utils.spec 26 Apr 2005 09:20:45 -0000 1.13
@@ -4,7 +4,7 @@
Summary: SSL certificate and key management utilities
Name: crypto-utils
Version: 2.2
-Release: 1
+Release: 2
Source: crypto-rand-%{crver}.tar.gz
Source1: genkey.pl
Source2: certwatch.c
@@ -15,7 +15,7 @@
License: Various
BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: openssl-devel, perl, pkgconfig, newt-devel, xmlto
-Requires: newt-perl, openssl
+Requires: newt-perl, openssl >= 0.9.7f-4
Requires: %(eval `perl -V:version`; echo "perl(:MODULE_COMPAT_$version)")
Obsoletes: crypto-rand
@@ -30,8 +30,8 @@
%configure --with-newt=%{_prefix} CFLAGS="-fPIC $RPM_OPT_FLAGS -Wall"
make
-cc $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl -o certwatch \
- $RPM_SOURCE_DIR/certwatch.c -lcrypto
+%{_cc} $RPM_OPT_FLAGS -Wall -Werror -I/usr/include/openssl \
+ $RPM_SOURCE_DIR/certwatch.c -o certwatch -lcrypto
for m in certwatch.xml genkey.xml; do
xmlto man $RPM_SOURCE_DIR/$m
done
@@ -101,6 +101,11 @@
%{_mandir}/man1/*.1*
%changelog
+* Tue Apr 26 2005 Joe Orton <jorton at redhat.com> 2.2-2
+- add configuration options for certwatch (#152990)
+- allow passing options in certwatch.cron via $CERTWATCH_OPTS
+- require openssl with /etc/pki/tls
+
* Mon Apr 25 2005 Joe Orton <jorton at redhat.com> 2.2-1
- adapt to use /etc/pki
Index: genkey.xml
===================================================================
RCS file: /cvs/dist/rpms/crypto-utils/devel/genkey.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- genkey.xml 15 Feb 2005 16:30:01 -0000 1.1
+++ genkey.xml 26 Apr 2005 09:20:45 -0000 1.2
@@ -5,7 +5,7 @@
<refentryinfo>
<productname>crypto-utils</productname>
- <date>February 2005</date>
+ <date>April 2005</date>
</refentryinfo>
<refmeta>
@@ -102,8 +102,14 @@
<refsect1>
<title>Files</title>
- <para><filename>/usr/share/ssl/openssl.cnf</filename></para>
+ <para><filename>/etc/pki/tls/openssl.cnf</filename></para>
</refsect1>
+ <refsect1>
+ <title>See also</title>
+
+ <para>certwatch(8)</para>
+ </refsect1>
+
</refentry>
More information about the fedora-cvs-commits
mailing list