mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-16 01:16:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

eclass/ssl-cert: Sync with gentoo

Browse Source 
It's from gentoo commit 9d7833fd1183835c4bb39bfa208e9a21b464ae82.
This commit is contained in:
Krzesimir Nowak 2022-02-25 17:07:03 +01:00
parent dd467b2fc1
commit 1fc74e5eac
1 changed files with 23 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
sdk_container/src/third_party/portage-stable/eclass/ssl-cert.eclass vendored
View File

@ -1,11 +1,12 @@
# Copyright 1999-2017 Gentoo Foundation # Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
# @ECLASS: ssl-cert.eclass # @ECLASS: ssl-cert.eclass
# @MAINTAINER: # @MAINTAINER:
# maintainer-needed@gentoo.org
# @AUTHOR: # @AUTHOR:
# Max Kalika <max@gentoo.org> # Max Kalika <max@gentoo.org>
# @SUPPORTED_EAPIS: 1 2 3 4 5 6 7 # @SUPPORTED_EAPIS: 6 7 8
# @BLURB: Eclass for SSL certificates # @BLURB: Eclass for SSL certificates
# @DESCRIPTION: # @DESCRIPTION:
# This eclass implements a standard installation procedure for installing # This eclass implements a standard installation procedure for installing
@ -13,43 +14,42 @@
# @EXAMPLE: # @EXAMPLE:
# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} # "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
# Guard against unsupported EAPIs. We need EAPI >= 1 for slot dependencies. case "${EAPI}" in
case "${EAPI:-0}" in 6|7|8) ;;
0) *) die "EAPI=${EAPI:-0} is not supported" ;;
die "${ECLASS}.eclass: EAPI=0 is not supported. Please upgrade to EAPI >= 1."
;;
1|2|3|4|5|6|7)
;;
*)
die "${ECLASS}.eclass: EAPI=${EAPI} is not supported yet."
;;
esac esac
if [[ ! ${_SSL_CERT_ECLASS} ]]; then
_SSL_CERT_ECLASS=1
# @ECLASS-VARIABLE: SSL_CERT_MANDATORY # @ECLASS-VARIABLE: SSL_CERT_MANDATORY
# @PRE_INHERIT
# @DESCRIPTION: # @DESCRIPTION:
# Set to non zero if ssl-cert is mandatory for ebuild. # Set to non zero if ssl-cert is mandatory for ebuild.
: ${SSL_CERT_MANDATORY:=0} : ${SSL_CERT_MANDATORY:=0}
# @ECLASS-VARIABLE: SSL_CERT_USE # @ECLASS-VARIABLE: SSL_CERT_USE
# @PRE_INHERIT
# @DESCRIPTION: # @DESCRIPTION:
# Use flag to append dependency to. # Use flag to append dependency to.
: ${SSL_CERT_USE:=ssl} : ${SSL_CERT_USE:=ssl}
# @ECLASS-VARIABLE: SSL_DEPS_SKIP # @ECLASS-VARIABLE: SSL_DEPS_SKIP
# @PRE_INHERIT
# @DESCRIPTION: # @DESCRIPTION:
# Set to non zero to skip adding to DEPEND and IUSE. # Set to non zero to skip adding to DEPEND and IUSE.
: ${SSL_DEPS_SKIP:=0} : ${SSL_DEPS_SKIP:=0}
if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then
SSL_DEPEND="${SSL_CERT_USE}? ( || ( dev-libs/openssl:0 dev-libs/libressl:0 ) )" SSL_DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl:0 )"
IUSE="${SSL_CERT_USE}" IUSE="${SSL_CERT_USE}"
else else
SSL_DEPEND="|| ( dev-libs/openssl:0 dev-libs/libressl:0 )" SSL_DEPEND="dev-libs/openssl:0"
fi fi
case "${EAPI}" in case "${EAPI}" in
1|2|3|4|5|6) 6)
DEPEND="${SSL_DEPEND}" DEPEND="${SSL_DEPEND}"
;; ;;
*) *)
@ -61,12 +61,12 @@ if [[ "${SSL_DEPS_SKIP}" == "0" ]]; then
fi fi
# @FUNCTION: gen_cnf # @FUNCTION: gen_cnf
# @INTERNAL
# @USAGE: # @USAGE:
# @DESCRIPTION: # @DESCRIPTION:
# Initializes variables and generates the needed # Initializes variables and generates the needed
# OpenSSL configuration file and a CA serial file # OpenSSL configuration file and a CA serial file
# #
# Access: private
gen_cnf() { gen_cnf() {
# Location of the config file # Location of the config file
SSL_CONF="${T}/${$}ssl.cnf" SSL_CONF="${T}/${$}ssl.cnf"
@ -113,13 +113,13 @@ gen_cnf() {
} }
# @FUNCTION: get_base # @FUNCTION: get_base
# @INTERNAL
# @USAGE: [if_ca] # @USAGE: [if_ca]
# @RETURN: <base path> # @RETURN: <base path>
# @DESCRIPTION: # @DESCRIPTION:
# Simple function to determine whether we're creating # Simple function to determine whether we're creating
# a CA (which should only be done once) or final part # a CA (which should only be done once) or final part
# #
# Access: private
get_base() { get_base() {
if [ "${1}" ] ; then if [ "${1}" ] ; then
echo "${T}/${$}ca" echo "${T}/${$}ca"
@ -129,32 +129,28 @@ get_base() {
} }
# @FUNCTION: gen_key # @FUNCTION: gen_key
# @INTERNAL
# @USAGE: <base path> # @USAGE: <base path>
# @DESCRIPTION: # @DESCRIPTION:
# Generates an RSA key # Generates an RSA key
# #
# Access: private
gen_key() { gen_key() {
local base=$(get_base "$1") local base=$(get_base "$1")
ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}" ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
if openssl version | grep -i libressl > /dev/null; then
openssl genrsa -out "${base}.key" "${SSL_BITS}" &> /dev/null
else
openssl genrsa -rand "${SSL_RANDOM}" \ openssl genrsa -rand "${SSL_RANDOM}" \
-out "${base}.key" "${SSL_BITS}" &> /dev/null -out "${base}.key" "${SSL_BITS}" &> /dev/null
fi
eend $? eend $?
return $? return $?
} }
# @FUNCTION: gen_csr # @FUNCTION: gen_csr
# @INTERNAL
# @USAGE: <base path> # @USAGE: <base path>
# @DESCRIPTION: # @DESCRIPTION:
# Generates a certificate signing request using # Generates a certificate signing request using
# the key made by gen_key() # the key made by gen_key()
# #
# Access: private
gen_csr() { gen_csr() {
local base=$(get_base "$1") local base=$(get_base "$1")
ebegin "Generating Certificate Signing Request${1:+ for CA}" ebegin "Generating Certificate Signing Request${1:+ for CA}"
@ -166,6 +162,7 @@ gen_csr() {
} }
# @FUNCTION: gen_crt # @FUNCTION: gen_crt
# @INTERNAL
# @USAGE: <base path> # @USAGE: <base path>
# @DESCRIPTION: # @DESCRIPTION:
# Generates either a self-signed CA certificate using # Generates either a self-signed CA certificate using
@ -173,7 +170,6 @@ gen_csr() {
# a signed server certificate using the CA cert previously # a signed server certificate using the CA cert previously
# created by gen_crt() # created by gen_crt()
# #
# Access: private
gen_crt() { gen_crt() {
local base=$(get_base "$1") local base=$(get_base "$1")
if [ "${1}" ] ; then if [ "${1}" ] ; then
@ -196,12 +192,12 @@ gen_crt() {
} }
# @FUNCTION: gen_pem # @FUNCTION: gen_pem
# @INTERNAL
# @USAGE: <base path> # @USAGE: <base path>
# @DESCRIPTION: # @DESCRIPTION:
# Generates a PEM file by concatinating the key # Generates a PEM file by concatinating the key
# and cert file created by gen_key() and gen_cert() # and cert file created by gen_key() and gen_cert()
# #
# Access: private
gen_pem() { gen_pem() {
local base=$(get_base "$1") local base=$(get_base "$1")
ebegin "Generating PEM Certificate" ebegin "Generating PEM Certificate"
@ -220,7 +216,6 @@ gen_pem() {
# #
# Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} # Example: "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
# #
# Access: public
install_cert() { install_cert() {
if [ $# -lt 1 ] ; then if [ $# -lt 1 ] ; then
eerror "At least one argument needed" eerror "At least one argument needed"
@ -284,3 +279,5 @@ install_cert() {
ewarn "Some requested certificates were not generated" ewarn "Some requested certificates were not generated"
fi fi
} }
fi