Fixing debian/copyright ; removing ssl-cacert from genpair so keyringer do not have any third-party code

4 files changed, 20 insertions, 169 deletions

diff --git a/Makefile b/Makefile
index d5675ed..8d98a67 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,6 @@ clean:
 	find . -name *~ | xargs rm -f # clean local backups
 
 install_lib:
-	$(INSTALL) -D --mode=0644 lib/keyringer/csr.sh $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/csr.sh
 	$(INSTALL) -D --mode=0644 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions
 
 install_share:
diff --git a/debian/copyright b/debian/copyright
index 7fdacff..0c7a7af 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,21 +4,23 @@ This work was packaged for Debian by:
 
 It was downloaded from:
 
-    <url://example.com>
+    https://git.sarava.org/?p=keyringer.git;a=summary
 
 Upstream Author(s):
 
-    <put author's name and email here>
-    <likewise for another author>
+    Silvio Rhatto <rhatto@riseup.net>
+    Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+    Jamie McClelland <jm@mayfirst.org>
 
 Copyright:
 
-    <Copyright (C) YYYY Firstname Lastname>
-    <likewise for another author>
+    <Copyright (C) 2009-2012 Silvio Rhatto>
+    <Copyright (C) 2010 Daniel Kahn Gillmor>
+    <Copyright (C) 2012 Jamie McClelland>
 
 License:
 
-    <Put the license of the package here indented by 4 spaces>
+    GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007
 
 The Debian packaging is:
 
diff --git a/lib/keyringer/csr.sh b/lib/keyringer/csr.sh
deleted file mode 100755
index 881a46f..0000000
--- a/lib/keyringer/csr.sh
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/bin/sh
-# csr.sh: Certificate Signing Request Generator
-# Copyright(c) 2005 Evaldo Gardenali <evaldo@gardenali.biz>
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
-# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
-# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
-# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-# POSSIBILITY OF SUCH DAMAGE.
-#
-# ChangeLog:
-# Mon May 23 00:14:37 BRT  2005 - evaldo - Initial Release
-# Thu Nov  3 10:11:51 GMT  2005 - chrisc - $HOME removed so that key and csr
-#                                          are generated in the current directory
-# Wed Nov 16 10:42:42 GMT  2005 - chrisc - Updated to match latest version on
-#                                          the CAcert wiki, rev #73
-#                                          http://wiki.cacert.org/wiki/VhostTaskForce 
-# Mon Jan  4 18:37:28 BRST 2010 - rhatto - Support for non-interactive mode
-
-
-# be safe about permissions
-LASTUMASK=`umask`
-umask 077
-
-# OpenSSL for HPUX needs a random file
-RANDOMFILE="$HOME/.rnd"
-
-# create a config file for openssl
-CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
-if [ ! $? -eq 0 ]; then
-    echo "Could not create temporary config file. exiting"
-    exit 1
-fi
-
-echo "Private Key and Certificate Signing Request Generator"
-echo "This script was designed to suit the request format needed by"
-echo "the CAcert Certificate Authority. www.CAcert.org"
-echo
-
-HOST="$1"
-COMMONNAME="$2"
-SAN="$3"
-
-if [ -z "$HOST" ]; then
-  printf "Short Hostname (ie. imap big_srv www2): "
-  read HOST
-fi
-
-if [ -z "$COMMONNAME" ]; then
-  printf "FQDN/CommonName (ie. www.example.com) : "
-  read COMMONNAME
-fi
-
-if [ -z "$SAN" ]; then
-  echo "Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish"
-  SAN=1        # bogus value to begin the loop
-  SANAMES=""   # sanitize
-  while [ ! "$SAN" = "" ]; do
-    printf "SubjectAltName: DNS:"
-    read SAN
-    if [ "$SAN" = "" ]; then break; fi # end of input
-      if [ "$SANAMES" = "" ]; then
-        SANAMES="DNS:$SAN"
-      else
-        SANAMES="$SANAMES,DNS:$SAN"
-      fi
-    done
-else
-  SANAMES="DNS:$SAN"
-fi
-
-# Config File Generation
-
-cat <<EOF > "$CONFIG"
-# -------------- BEGIN custom openssl.cnf -----
- HOME                    = $HOME
-EOF
-
-if [ "`uname -s`" = "HP-UX" ]; then
-    echo " RANDFILE                = $RANDOMFILE" >> "$CONFIG"
-fi
-
-cat <<EOF >> "$CONFIG"
- oid_section             = new_oids
- [ new_oids ]
- [ req ]
- default_days            = 730            # how long to certify for
- default_keyfile         = ${HOST}_privatekey.pem
- distinguished_name      = req_distinguished_name
- encrypt_key             = no
- string_mask = nombstr
-EOF
-
-if [ ! "$SANAMES" = "" ]; then
-    echo "req_extensions = v3_req # Extensions to add to certificate request" >> "$CONFIG"
-fi
-
-cat <<EOF >> "$CONFIG"
- [ req_distinguished_name ]
- commonName              = Common Name (eg, YOUR name)
- commonName_default      = $COMMONNAME
- commonName_max          = 64
- [ v3_req ]
-EOF
-
-if [ ! "$SANAMES" = "" ]; then
-    echo "subjectAltName=$SANAMES" >> "$CONFIG"
-fi
-
-echo "# -------------- END custom openssl.cnf -----" >> "$CONFIG"
-
-echo "Running OpenSSL..."
-# The first one doesn't work, the second one does:
-#openssl req -batch -config "$CONFIG" -newkey rsa -out ${HOST}_csr.pem
-openssl req -batch -config "$CONFIG" -newkey rsa:2048 -out "${HOST}_csr.pem"
-
-echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate."
-echo "When you receive your certificate, you 'should' name it something like ${HOST}_server.pem"
-echo
-cat ${HOST}_csr.pem
-echo
-printf "The Certificate request is also available in '%s_csr.pem'\n" "$HOST"
-printf "The Private Key is stored in '%s_privatekey.pem'\n" "$HOST"
-echo
-
-rm "$CONFIG"
-
-#restore umask
-umask "$LASTUMASK"
-
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
index 140361a..85ec1ac 100755
--- a/share/keyringer/genpair
+++ b/share/keyringer/genpair
@@ -101,10 +101,6 @@ function genpair_ssl {
   cd "$TMPWORK"
 
   # Generate certificate
-  if [ "$KEYTYPE" == "ssl-cacert" ]; then
-    # We use a custom script for CaCert
-    "$LIB/csr.sh" "$NODE"
-  else
 cat <<EOF >> openssl.conf
 [ req ]
 default_keyfile         = ${NODE}_privatekey.pem
@@ -127,22 +123,21 @@ commonName                      = Common Name
 extendedKeyUsage=serverAuth,clientAuth
 EOF
 
-    # Add SubjectAltNames so wildcard certs can work correctly.
-    if [ "$WILDCARD" == "yes" ]; then
+  # Add SubjectAltNames so wildcard certs can work correctly.
+  if [ "$WILDCARD" == "yes" ]; then
 cat <<EOF >> openssl.conf
 subjectAltName=DNS:${NODE}, DNS:${CNAME}
 EOF
-    fi
+  fi
 
-    echo "Please review your OpenSSL configuration:"
-    cat openssl.conf
-    read -p "Hit ENTER to continue." prompt
+  echo "Please review your OpenSSL configuration:"
+  cat openssl.conf
+  read -p "Hit ENTER to continue." prompt
 
-    openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
-            -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
+  openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \
+          -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem
 
-    openssl req -noout -text -in ${NODE}_csr.pem
-  fi
+  openssl req -noout -text -in ${NODE}_csr.pem
 
   # Self-sign
   if [ "$KEYTYPE" == "ssl-self" ]; then
@@ -199,9 +194,9 @@ CWD="`pwd`"
 
 # Verify
 if [ -z "$NODE" ]; then
-  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-cacert|ssl-self> <file> <hostname> [outfile]"
+  echo -e "Usage: keyringer <keyring> $BASENAME <gpg|ssh|ssl|ssl-self> <file> <hostname> [outfile]"
   echo -e "Options:"
-  echo -e "\t gpg|ssh|ssl[-cacert,-self]: key type."
+  echo -e "\t gpg|ssh|ssl[-self]: key type."
   echo -e "\t file                      : base file name for encrypted output (relative to keys folder)"
   echo -e "\t hostname                  : host for the key pair"
   echo -e "\t outfile                   : optional unencrypted output file, useful for deployment"
@@ -216,7 +211,7 @@ keyringer_set_tmpfile genpair -d
 
 # Dispatch
 echo "Generating $KEYTYPE key for $NODE..."
-if [ "$KEYTYPE" == "ssl-self" ] || [ "$KEYTYPE" == "ssl-cacert" ]; then
+if [ "$KEYTYPE" == "ssl-self" ]; then
   genpair_ssl
 else
   genpair_"$KEYTYPE"