Skip to content

Commit

Permalink
Remove RPM options and feature in rhn-ssl-tool --gen-server
Browse files Browse the repository at this point in the history 
Note that removing the options for --gen-ca is not yet possible since
this RPM is used by the kiwi image building. (bsc#1235696)
  • Loading branch information
@cbosdo
cbosdo committed Jan 22, 2025
1 parent 4062667 commit 7fc03d8
Show file tree
Hide file tree
Showing 13 changed files with 17 additions and 467 deletions.
2 changes: 1 addition & 1 deletion java/code/src/com/suse/manager/ssl/SSLCertManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public SSLCertPair generateCertificate(SSLCertPair caPair, String password, SSLC
FileUtils.writeStringToFile(caPair.getKey(), tempCaKeyFile.getAbsolutePath());

List<String> command = new ArrayList<>();
command.addAll(List.of("rhn-ssl-tool", "--gen-server", "-q", "--no-rpm"));
command.addAll(List.of("rhn-ssl-tool", "--gen-server", "-q"));
command.addAll(List.of("-d", sslBuildDir.getAbsolutePath()));
command.addAll(List.of("--ca-cert", tempCaCertFile.getName()));
command.addAll(List.of("--ca-key", tempCaKeyFile.getName()));
Expand Down
2 changes: 1 addition & 1 deletion java/code/src/com/suse/manager/ssl/test/SSLCertManagerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public void testGenerateSSLCert() throws Exception {
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
context().checking(new Expectations() {{
allowing(runtime).exec(with(IsArrayContainingInAnyOrder.arrayContainingInAnyOrder(
"rhn-ssl-tool", "--gen-server", "-q", "--no-rpm", "-d", tempDir.getAbsolutePath(),
"rhn-ssl-tool", "--gen-server", "-q", "-d", tempDir.getAbsolutePath(),
"--ca-cert", "ca.crt", "--ca-key", "ca.key", "--set-hostname", "server.acme.lab",
"--set-cname", "srv1.acme.lab", "--set-cname", "srv2.acme.lab", "--set-country", "DE",
"--set-state", "Bayern", "--set-city", "Nurnberg", "--set-org", "SUSE",
Expand Down
2 changes: 2 additions & 0 deletions java/spacewalk-java.changes.cbosdo.no-rpm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- Remove rhn-ssl-tool --gen-server RPM feature and options
(bsc#1235696)
2 changes: 2 additions & 0 deletions proxy/installer/spacewalk-proxy-installer.changes.cbosdo.no-rpm
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
- Remove rhn-ssl-tool --gen-server RPM feature and options
(bsc#1235696)
82 changes: 0 additions & 82 deletions spacewalk/certs-tools/mgr-ssl-tool.sgml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@ Generate and maintain SSL keys, certificates and deployment RPMs.
<member>(advanced) <command>mgr-ssl-tool --gen-server --key-only --help</command></member>
<member>(advanced) <command>mgr-ssl-tool --gen-server --cert-req-only --help</command></member>
<member>(advanced) <command>mgr-ssl-tool --gen-server --cert-only --help</command></member>
<member>(advanced) <command>mgr-ssl-tool --gen-server --rpm-only --help</command></member>
</simplelist>
</RefSect1>

Expand Down Expand Up @@ -191,53 +190,11 @@ Generate and maintain SSL keys, certificates and deployment RPMs.
<para>generate a web server's SSL private key: <command>--gen-server --key-only <replaceable>...</replaceable></command></para>
<para>generate a web server's SSL certificate request: <command>--gen-server --cert-req-only <replaceable>...</replaceable></command></para>
<para>generate/sign a web server's SSL certificate: <command>--gen-server --cert-only <replaceable>...</replaceable></command></para>
<para>generate a web server's private RPM (and tar archive used for SUSE Manager Proxy installations): <command>--gen-server --rpm-only <replaceable>...</replaceable></command></para>
<para>generate a web server's private RPM using a custom SSL key and certificate: <command>--gen-server --rpm-only --from-server-key=<replaceable>FILE</replaceable> --from-server-cert=<replaceable>FILE</replaceable></command></para>

</listitem>
</varlistentry></variablelist>
</msgtext></member>

<member><msgtext>
<variablelist><varlistentry>

<term>Using a 3rd party CA (rarely done in the SUSE Manager context):</term>

<listitem>
<para><emphasis>DEPRECATED:</emphasis> Use
<command>--from-ca-cert</command>,
<command>--from-server-key</command> and
<command>--from-server-cert</command> parameters instead as
described in Advanced options section.
</para>

<listitem>
<para></para>

<para><emphasis>CA public certificate:</emphasis> In the "3rd party
CA" case, simply copy the certificate authorities public
certificate to the SSL build directory; renaming it to
<emphasis>RHN-ORG-TRUSTED-SSL-CERT</emphasis>; and then run
<command>--gen-ca --dir BUILD_DIR --rpm-only</command> to package
that certificate in an expected manner ready for client deployment.
See further instructions in <emphasis>step 2</emphasis>.</para>

<para><emphasis>Web server's SSL key pair(set):</emphasis> Usually,
one creates the web server's SSL private key, certificate-request
and certificate in one step. If using a 3rd party CA though, create
a web server's SSL private key and certificate-request via
<command>--gen-server --key-only --dir BUILD_DIR</command> and
<command>--gen-server --cert-req-only --dir BUILD_DIR</command>.
Have the 3rd party sign server.csr which will generate a server.crt
file. Copy that server.crt file into the
<emphasis>BUILD_DIR/MACHINE_NAME</emphasis> directory (where the
server.key file was generated). And then create your deployable RPM
with <command>--gen-server --rpm-only --dir BUILD_DIR</command>.
</para>

</listitem>
</varlistentry></variablelist>
</msgtext></member>
</simplelist></para>

<para>NOTE: each step (<command>--gen-*</command> or <command>--gen-*
Expand Down Expand Up @@ -557,14 +514,6 @@ Generate and maintain SSL keys, certificates and deployment RPMs.
</listitem>
</varlistentry>
<varlistentry>
<term>--server-rpm</term>
<listitem>
<para>(rarely changed) RPM name that houses the web
server's SSL key set (the base filename, not
filename-version-release.noarch.rpm).</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--server-tar</term>
<listitem>
<para>(rarely changed) name of archive (tarball) of the web
Expand All @@ -574,35 +523,6 @@ Generate and maintain SSL keys, certificates and deployment RPMs.
</listitem>
</varlistentry>
<varlistentry>
<term>--rpm-packager</term>
<listitem>
<para>(rarely used) packager of the generated RPM, such as
"SUSE Manager Admin &lt;[email protected]&gt;".</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--rpm-vendor</term>
<listitem>
<para>(rarely used) vendor of the generated RPM, such as
"IS/IT Example Corp.".</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--rpm-only</term>
<listitem>
<para>(rarely used) only generate a deployable RPM.
Try <command>--gen-server --rpm-only --help</command> for
more information.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--no-rpm</term>
<listitem>
<para>(rarely used) do everything *except* generate an
RPM.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h | --help</term>
<listitem>
<para>help message.</para>
Expand Down Expand Up @@ -645,8 +565,6 @@ Generate and maintain SSL keys, certificates and deployment RPMs.
<member>BUILD_DIR/MACHINE_NAME/server.key</member>
<member>BUILD_DIR/MACHINE_NAME/server.csr</member>
<member>BUILD_DIR/MACHINE_NAME/server.crt</member>
<member>BUILD_DIR/MACHINE_NAME/rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.src.rpm</member>
<member>BUILD_DIR/MACHINE_NAME/rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm</member>
<member>BUILD_DIR/MACHINE_NAME/rhn-org-httpd-ssl-archive-MACHINE_NAME-VER-REL.tar</member>
</simplelist>
</RefSect1>
Expand Down
Loading

0 comments on commit 7fc03d8

Please sign in to comment.