rpmspecfile - generate ssl cert for both apache and nginx

This commit is contained in:
Andrew Bauer 2021-01-31 16:14:39 -06:00
parent 49cf55c22c
commit c55b80beab
1 changed files with 26 additions and 26 deletions

View File

@ -260,6 +260,32 @@ fi
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, you must read the README file\nto finish the installation or upgrade!"
echo -e "\nThe README file is located here: %{_pkgdocdir}-common/README\n"
# Neither the Apache nor Nginx packages create an SSL certificate anymore, so lets do that here
if [ -f %{sslkey} -o -f %{sslcert} ]; then
exit 0
fi
umask 077
%{_bindir}/openssl genrsa -rand /proc/cpuinfo:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/uptime 2048 > %{sslkey} 2> /dev/null
FQDN=`hostname`
# A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
FQDN=localhost.localdomain
fi
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
-x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
-out %{sslcert} 2>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
%post httpd
# For the case of changing from nginx <-> httpd, files in these folders must change ownership if they exist
%{_bindir}/chown -R %{zmuid_final}:%{zmgid_final} %{_sharedstatedir}/php/session/* >/dev/null 2>&1 || :
@ -291,32 +317,6 @@ ln -sf %{_sysconfdir}/zm/www/zoneminder.nginx.conf %{_sysconfdir}/zm/www/zonemin
%{_bindir}/gpasswd -a nginx video >/dev/null 2>&1 || :
%{_bindir}/gpasswd -a nginx dialout >/dev/null 2>&1 || :
# Nginx does not create an SSL certificate like the apache package does so lets do that here
if [ -f %{sslkey} -o -f %{sslcert} ]; then
exit 0
fi
umask 077
%{_bindir}/openssl genrsa -rand /proc/cpuinfo:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/uptime 2048 > %{sslkey} 2> /dev/null
FQDN=`hostname`
# A >59 char FQDN means "root@FQDN" exceeds 64-char max length for emailAddress
if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
FQDN=localhost.localdomain
fi
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
-x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req \
-out %{sslcert} 2>/dev/null
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
%preun
%systemd_preun %{name}.service