[Csync2] [PATCH 2/2] Move pem files to /etc/pki/csync2/*

Mon Feb 14 07:02:51 CET 2011

Signed-off-by: Angus Salkeld <asalkeld at redhat.com>
---
 Makefile.am          |   17 +++++++++--------
 conn.c               |    4 ++--
 csync2.spec          |    2 ++
 debian/README.Debian |    8 ++++----
 doc/csync2_paper.tex |   12 ++++++------
 5 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index a24578e..5229f95 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -52,19 +52,20 @@ AM_CPPFLAGS += -D'ETCDIR="$(sysconfdir)"'
 
 install-data-local:
 	$(mkinstalldirs) $(DESTDIR)$(sysconfdir)
+	$(mkinstalldirs) $(DESTDIR)$(sysconfdir)/pki/csync2
 	$(mkinstalldirs) $(DESTDIR)$(localstatedir)/lib/csync2
 	test -e $(DESTDIR)$(sysconfdir)/csync2.cfg || \
 		$(INSTALL_DATA) $(srcdir)/csync2.cfg $(DESTDIR)$(sysconfdir)/csync2.cfg
 
 cert:
-	$(mkinstalldirs) $(DESTDIR)$(sysconfdir)
-	openssl genrsa -out $(DESTDIR)$(sysconfdir)/csync2_ssl_key.pem 1024
-	yes '' | openssl req -new -key $(DESTDIR)$(sysconfdir)/csync2_ssl_key.pem \
-		-out $(DESTDIR)$(sysconfdir)/csync2_ssl_cert.csr
-	openssl x509 -req -days 600 -in $(DESTDIR)$(sysconfdir)/csync2_ssl_cert.csr \
-		-signkey $(DESTDIR)$(sysconfdir)/csync2_ssl_key.pem \
-		-out $(DESTDIR)$(sysconfdir)/csync2_ssl_cert.pem
-	rm $(DESTDIR)$(sysconfdir)/csync2_ssl_cert.csr
+	$(mkinstalldirs) $(DESTDIR)$(sysconfdir)/pki/csync2
+	openssl genrsa -out $(DESTDIR)$(sysconfdir)/pki/csync2/key.pem 1024
+	yes '' | openssl req -new -key $(DESTDIR)$(sysconfdir)/pki/csync2/key.pem \
+		-out $(DESTDIR)$(sysconfdir)/pki/csync2/cert.csr
+	openssl x509 -req -days 600 -in $(DESTDIR)$(sysconfdir)/pki/csync2/cert.csr \
+		-signkey $(DESTDIR)$(sysconfdir)/pki/csync2/key.pem \
+		-out $(DESTDIR)$(sysconfdir)/pki/csync2/cert.pem
+	rm $(DESTDIR)$(sysconfdir)/pki/csync2/cert.csr
 
 
 ## hack for building private librsync and private libsqlite ##
diff --git a/conn.c b/conn.c
index 113d5d9..1aa02fd 100644
--- a/conn.c
+++ b/conn.c
@@ -140,8 +140,8 @@ int conn_set(int infd, int outfd)
 static void ssl_log(int level, const char* msg)
 { csync_debug(level, "%s", msg); }
 
-static const char *ssl_keyfile = ETCDIR "/csync2_ssl_key.pem";
-static const char *ssl_certfile = ETCDIR "/csync2_ssl_cert.pem";
+static const char *ssl_keyfile = ETCDIR "/pki/csync2/key.pem";
+static const char *ssl_certfile = ETCDIR "/pki/csync2/cert.pem";
 
 int conn_activate_ssl(int server_role)
 {
diff --git a/csync2.spec b/csync2.spec
index 56557c5..6587abb 100644
--- a/csync2.spec
+++ b/csync2.spec
@@ -65,6 +65,7 @@ make all
 mkdir -p $RPM_BUILD_ROOT%{_sbindir}
 mkdir -p $RPM_BUILD_ROOT%{_var}/lib/csync2
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/csync2
 
 %makeinstall
 
@@ -85,6 +86,7 @@ fi
 %{_sbindir}/csync2
 %{_var}/lib/csync2
 %{_mandir}/man1/csync2.1.gz
+%{_sysconfdir}/pki/csync2
 %config(noreplace) %{_sysconfdir}/xinetd.d/csync2
 %config(noreplace) %{_sysconfdir}/csync2.cfg
 
diff --git a/debian/README.Debian b/debian/README.Debian
index 2743435..2c1d990 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -6,10 +6,10 @@ You need to create an SSL certificate for the local Csync2
 server. You can create a certificate using the following
 commands:
 
-openssl genrsa -out /etc/csync2_ssl_key.pem 1024
-openssl req -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr
-openssl x509 -req -days 600 -in /etc/csync2_ssl_cert.csr \
-        -signkey /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.pem
+openssl genrsa -out /etc/pki/csync2/key.pem 1024
+openssl req -new -key /etc/pki/csync2/key.pem -out /etc/pki/csync2/cert.csr
+openssl x509 -req -days 600 -in /etc/pki/csync2/cert.csr \
+        -signkey /etc/pki/csync2/key.pem -out /etc/pki/csync2/cert.pem
 
  -- Michael Prokop <mika at grml.org>, Fri, 23 Sep 2005 12:11:25 +0200
 
diff --git a/doc/csync2_paper.tex b/doc/csync2_paper.tex
index 00f0de0..592a6b2 100644
--- a/doc/csync2_paper.tex
+++ b/doc/csync2_paper.tex
@@ -184,14 +184,14 @@ source around, run the following commands:
 
 \begin{verbatim}
 openssl genrsa \
-    -out /etc/csync2_ssl_key.pem 1024
+    -out /etc/pki/csync2/key.pem 1024
 openssl req -new \
-    -key /etc/csync2_ssl_key.pem \
-    -out /etc/csync2_ssl_cert.csr
+    -key /etc/pki/csync2/key.pem \
+    -out /etc/pki/csync2/cert.csr
 openssl x509 -req -days 600 \
-    -in /etc/csync2_ssl_cert.csr \
-    -signkey /etc/csync2_ssl_key.pem \
-    -out /etc/csync2_ssl_cert.pem
+    -in /etc/pki/csync2/cert.csr \
+    -signkey /etc/pki/csync2/key.pem \
+    -out /etc/pki/csync2/cert.pem
 \end{verbatim}
 
 You have to do that on each host you're running csync2 on. When servers are
-- 
1.7.4

