Mail archive
alpine-aports

Re: [alpine-aports] [PATCH] testing/csync2: cleanups in strlcpy patch. ssl key&cert MUST be generated or csync2 does not sync. ssl defaults must be configured in /etc/ssl/openssl.conf

From: Sören Tempel <soeren_at_soeren-tempel.net>
Date: Tue, 6 Oct 2015 16:10:52 +0200

On 05.10.15, Valery Kartel wrote:
> diff --git a/testing/csync2/csync2.post-install b/testing/csync2/csync2.post-install
> new file mode 100644
> index 0000000..8d6331f
> --- /dev/null
> +++ b/testing/csync2/csync2.post-install
> _at_@ -0,0 +1,12 @@
> +#!/bin/sh
> +
> +SSL="/etc/csync2/csync2_ssl_"
> +
> +if [ ! -f ${SSL}key.pem -o ! -f ${SSL}cert.pem ]; then
> + openssl genrsa -out ${SSL}key.pem 1024 >/dev/null 2>&1
> + yes '' | openssl req -new -key ${SSL}key.pem -out ${SSL}cert.csr >/dev/null 2>&1
> + openssl x509 -req -days 3600 -in ${SSL}cert.csr -out ${SSL}cert.pem -signkey ${SSL}key.pem >/dev/null 2>&1
> + rm ${SSL}cert.csr
> +fi
> +
> +exit 0

I told you this 3 times already: I doesn't make much sense to generate
an openssl certificate which uses the default values for all fields. The
fact that csync2 doesn't csync without an OpenSSL certificate doesn't
change my opinion on this. For other aports like testing/opensmtpd you
also have to generate your SSL cert manually, it's not that hard...

Sören.


---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Tue Oct 06 2015 - 16:10:52 GMT