Generate the VNC server certificates at install time

author Evan Broder <broder@mit.edu>

Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)

committer Evan Broder <broder@mit.edu>

Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)
author Evan Broder <broder@mit.edu>
Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)
committer Evan Broder <broder@mit.edu>
Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)
diff --git a/debian/changelog b/debian/changelog

index 8d9a6b1..4600adf 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,9 @@
  invirt-vnc-server (0.0.2) unstable; urgency=low
  
    * Cleanup the init script to use /lib/init/std-init.sh
+  * Generate the SSL certificates at install-time
  
- -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 20:48:38 -0400
+ -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 21:19:14 -0400
  
  invirt-vnc-server (0.0.1) unstable; urgency=low
  
diff --git a/debian/invirt-vnc-server.postinst b/debian/invirt-vnc-server.postinst

index ee266d9..12f3616 100755 (executable)
--- a/debian/invirt-vnc-server.postinst
+++ b/debian/invirt-vnc-server.postinst
@@ -20,10 +20,16 @@ set -e
  
  case "$1" in
      configure)
-       if [ -z "$2" ]; then
-           echo "Please be sure to copy vncproxy.crt and vncproxykey.pem into /usr/share/invirt-vnc-server/"
-       fi
          mkdir -p /etc/invirt/secrets
+        if ! [ -e /etc/invirt/secrets/vnc.pem ]; then
+            openssl genrsa -out /etc/invirt/secrets/vnc.pem 1024 >/dev/null
+        fi
+        
+        if ! [ -e /etc/invirt/secrets/vnc.crt ]; then
+            openssl req -new -x509 -nodes -sha1 -subj '/' -key /etc/invirt/secrets/vnc.pem \
+                > /etc/invirt/secrets/vnc.crt
+        fi
+        
          if ! [ -e /etc/invirt/secrets/vnc-key ]; then
              openssl rand -base64 33 >/etc/invirt/secrets/vnc-key
          fi
diff --git a/invirt-vnc-getcert b/invirt-vnc-getcert

new file mode 100755 (executable)

index 0000000..11b62c8
--- /dev/null
+++ b/invirt-vnc-getcert
@@ -0,0 +1,8 @@
+#!/usr/bin/python
+
+import sys
+
+try:
+    print open('/etc/invirt/secrets/vnc.crt').read()
+except IOError, e:
+    sys.exit(e.errno)
diff --git a/setup.py b/setup.py

index 4e11026..652b983 100755 (executable)
--- a/setup.py
+++ b/setup.py
@@ -20,5 +20,5 @@ setup(
      
      packages = ['invirt.vnc'],
      package_dir = {'invirt': 'python'},
-    scripts=['invirt-vnc-server', 'invirt-vnc-authtoken']
+    scripts=['invirt-vnc-server', 'invirt-vnc-authtoken', 'invirt-vnc-getcert']
  )
author	Evan Broder <broder@mit.edu>
	Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)
committer	Evan Broder <broder@mit.edu>
	Wed, 29 Oct 2008 02:53:30 +0000 (22:53 -0400)
debian/changelog		patch \| blob \| history
debian/invirt-vnc-server.postinst		patch \| blob \| history
invirt-vnc-getcert	[new file with mode: 0755]	patch \| blob
setup.py		patch \| blob \| history