[ssl_mgmt] Sign email sent to notifiedUsers
This commit is contained in:
parent
de8cb3e014
commit
72c930a8b8
|
@ -152,6 +152,12 @@ set_variables ()
|
||||||
fi
|
fi
|
||||||
managedCerts=${managedCerts:-}
|
managedCerts=${managedCerts:-}
|
||||||
notifiedUsers=${notifiedUsers:-}
|
notifiedUsers=${notifiedUsers:-}
|
||||||
|
if [ -n "${notifiedUsers}" -a -z "${keyId:-}" ]
|
||||||
|
then
|
||||||
|
echo -n "You must set keyId to the ID of the key to sign" >&2
|
||||||
|
echo " the message sent to users to be" >&2
|
||||||
|
echo "notified of new certificate." >&2
|
||||||
|
fi
|
||||||
notifySubject=${notifySubject:-'New fingerprint for service $service'}
|
notifySubject=${notifySubject:-'New fingerprint for service $service'}
|
||||||
if [ -z "${notifyTemplate:-}" ]
|
if [ -z "${notifyTemplate:-}" ]
|
||||||
then
|
then
|
||||||
|
@ -355,11 +361,21 @@ generate_cert ()
|
||||||
mv $keySubdir/$keycertFile $keyDestDir
|
mv $keySubdir/$keycertFile $keyDestDir
|
||||||
fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
|
fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
|
||||||
fingerprint=${fingerprint#*=}
|
fingerprint=${fingerprint#*=}
|
||||||
if [ -n "$notifiedUsers" ]
|
if [ -n "$notifiedUsers" -a -n "$keyId" ]
|
||||||
then
|
then
|
||||||
eval notifySubject="\"$notifySubject\""
|
eval notifySubject="\"$notifySubject\""
|
||||||
eval notifyTemplate="\"$notifyTemplate\""
|
eval notifyTemplate="\"$notifyTemplate\""
|
||||||
mail -s "$notifySubject" $notifiedUsers <<EOF
|
if [ -z "${keyPwdPath:-}" ]
|
||||||
|
then
|
||||||
|
pwdOpt="--passphrase-fd 3"
|
||||||
|
pwdRedir='3<&0'
|
||||||
|
else
|
||||||
|
pwdOpt="--passphrase-file $keyPwdPath"
|
||||||
|
pwdRedir=""
|
||||||
|
fi
|
||||||
|
{ gpg -u $keyId --clearsign -a $pwdOpt \
|
||||||
|
| mail -s "$notifySubject" $notifiedUsers ; } \
|
||||||
|
3<&0 <<EOF
|
||||||
$notifyTemplate
|
$notifyTemplate
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -29,6 +29,16 @@
|
||||||
# DEFAULT: <none>
|
# DEFAULT: <none>
|
||||||
#managedCerts=
|
#managedCerts=
|
||||||
|
|
||||||
|
# ID of the key to use to sign the message sent to $notifiedUsers when a
|
||||||
|
# certificate is created or renewed.
|
||||||
|
# DEFAULT: <none>
|
||||||
|
#keyId=
|
||||||
|
|
||||||
|
# File containing the password to unlock the key to sign the message sent to
|
||||||
|
# $notifiedUsers when a certificate is created or renewed.
|
||||||
|
# DEFAULT: read from STDIN
|
||||||
|
#keyPwdPath=
|
||||||
|
|
||||||
# List of users to be notified when a certificate is created or renewed.
|
# List of users to be notified when a certificate is created or renewed.
|
||||||
# DEFAULT: <none>
|
# DEFAULT: <none>
|
||||||
#notifiedUsers=
|
#notifiedUsers=
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
|
GNUPGHOME=../gnupg keyId=CAF0A71C keyPwdPath=../gpg_pwd cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
|
||||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1 @@
|
||||||
|
toto42
|
|
@ -16,3 +16,5 @@ for file in foo-key.pem foo-keycert.pem
|
||||||
do
|
do
|
||||||
mv ./destdir/private/${file}.backup ./destdir/private/$file
|
mv ./destdir/private/${file}.backup ./destdir/private/$file
|
||||||
done
|
done
|
||||||
|
|
||||||
|
rm -f ./gnupg/random_seed
|
||||||
|
|
Loading…
Reference in New Issue