[ssl_mgmt] Sign email sent to notifiedUsers
This commit is contained in:
parent
de8cb3e014
commit
72c930a8b8
|
@ -152,6 +152,12 @@ set_variables ()
|
|||
fi
|
||||
managedCerts=${managedCerts:-}
|
||||
notifiedUsers=${notifiedUsers:-}
|
||||
if [ -n "${notifiedUsers}" -a -z "${keyId:-}" ]
|
||||
then
|
||||
echo -n "You must set keyId to the ID of the key to sign" >&2
|
||||
echo " the message sent to users to be" >&2
|
||||
echo "notified of new certificate." >&2
|
||||
fi
|
||||
notifySubject=${notifySubject:-'New fingerprint for service $service'}
|
||||
if [ -z "${notifyTemplate:-}" ]
|
||||
then
|
||||
|
@ -355,11 +361,21 @@ generate_cert ()
|
|||
mv $keySubdir/$keycertFile $keyDestDir
|
||||
fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
|
||||
fingerprint=${fingerprint#*=}
|
||||
if [ -n "$notifiedUsers" ]
|
||||
if [ -n "$notifiedUsers" -a -n "$keyId" ]
|
||||
then
|
||||
eval notifySubject="\"$notifySubject\""
|
||||
eval notifyTemplate="\"$notifyTemplate\""
|
||||
mail -s "$notifySubject" $notifiedUsers <<EOF
|
||||
if [ -z "${keyPwdPath:-}" ]
|
||||
then
|
||||
pwdOpt="--passphrase-fd 3"
|
||||
pwdRedir='3<&0'
|
||||
else
|
||||
pwdOpt="--passphrase-file $keyPwdPath"
|
||||
pwdRedir=""
|
||||
fi
|
||||
{ gpg -u $keyId --clearsign -a $pwdOpt \
|
||||
| mail -s "$notifySubject" $notifiedUsers ; } \
|
||||
3<&0 <<EOF
|
||||
$notifyTemplate
|
||||
EOF
|
||||
fi
|
||||
|
|
|
@ -29,6 +29,16 @@
|
|||
# DEFAULT: <none>
|
||||
#managedCerts=
|
||||
|
||||
# ID of the key to use to sign the message sent to $notifiedUsers when a
|
||||
# certificate is created or renewed.
|
||||
# DEFAULT: <none>
|
||||
#keyId=
|
||||
|
||||
# File containing the password to unlock the key to sign the message sent to
|
||||
# $notifiedUsers when a certificate is created or renewed.
|
||||
# DEFAULT: read from STDIN
|
||||
#keyPwdPath=
|
||||
|
||||
# List of users to be notified when a certificate is created or renewed.
|
||||
# DEFAULT: <none>
|
||||
#notifiedUsers=
|
||||
|
|
|
@ -1 +1 @@
|
|||
cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
|
||||
GNUPGHOME=../gnupg keyId=CAF0A71C keyPwdPath=../gpg_pwd cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
toto42
|
|
@ -16,3 +16,5 @@ for file in foo-key.pem foo-keycert.pem
|
|||
do
|
||||
mv ./destdir/private/${file}.backup ./destdir/private/$file
|
||||
done
|
||||
|
||||
rm -f ./gnupg/random_seed
|
||||
|
|
Loading…
Reference in New Issue