pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-12 17:14:46 +02:00
Code Activity

Move "make pem" to "./unrealircd makecert" and make tools use this

Browse Source 
and refer to this as well.

Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6610

This also moves extras/tls.cnf to doc/conf/tls/tls.cnf which
also gets installed in ~/unrealircd/conf/tls/ (or whatever CONFDIR is)

And just to be clear: this means you can run "./unrealircd makecert"
without needing to go into BUILDDIR (or even having it at all).

At the same time, the generation commands have been modified slightly
so two warnings during certificate generation are no longer there.
This commit is contained in:
Bram Matthys
2026-06-05 16:06:47 +02:00
parent cbc9213d5e
commit 982325fc82
7 changed files with 85 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
unrealircd.in
+75 -1
View File
@@ -11,12 +11,13 @@ TMPDIR="@TMPDIR@"
SCRIPTDIR="@SCRIPTDIR@"
MODULESDIR="@MODULESDIR@"
DOCDIR="@DOCDIR@"
OPENSSLPATH="@OPENSSLPATH@"
# When built with --with-asan, ASan does not dump core by default because
# older gcc/clang might dump a 16TB core file. We explicitly enable it here.
export ASAN_OPTIONS="abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1:log_path=$TMPDIR/unrealircd_asan:detect_leaks=0"
if [ ! -f $IRCD ]; then
if [ "$1" != "makecert" ] && [ ! -f $IRCD ]; then
echo "ERROR: Could not find the IRCd binary ($IRCD)"
echo "This could mean two things:"
echo "1) You forgot to run 'make install' after running 'make'"
@@ -268,6 +269,78 @@ __EOF__
echo "Thanks!"
elif [ "$1" = "spki" -o "$1" = "spkifp" ] ; then
$UNREALIRCDCTL $*
elif [ "$1" = "makecert" ] ; then
TLSDIR="$CONFDIR/tls"
KEY="$TLSDIR/server.key.pem"
CERT="$TLSDIR/server.cert.pem"
# Locate the OpenSSL configuration template. After 'make install' it
# lives in the TLS directory. During initial setup (./Config), before
# 'make install' has run, we use the copy in the source directory.
if [ -f "$TLSDIR/tls.cnf" ]; then
CNF="$TLSDIR/tls.cnf"
elif [ -f "$BUILDDIR/doc/conf/tls/tls.cnf" ]; then
CNF="$BUILDDIR/doc/conf/tls/tls.cnf"
else
echo "ERROR: Could not find the OpenSSL template tls.cnf"
echo "(Neither $TLSDIR/tls.cnf nor $BUILDDIR/doc/conf/tls/tls.cnf exists)"
exit 1
fi
if [ ! -d "$TLSDIR" ]; then
mkdir -p "$TLSDIR" || exit 1
chmod 0700 "$TLSDIR"
fi
REPLACED=0
if [ -f "$CERT" ] || [ -f "$KEY" ]; then
echo "This command will replace your existing server certificate and key."
echo "(in $TLSDIR)"
echo -n "Do you wish to proceed? [Y|N] "
read answer
case "$answer" in
[Yy]*)
;;
*)
echo "Aborted."
exit 1
;;
esac
REPLACED=1
fi
# Keep a backup of the previous certificate and key, so it can be
# restored if the newly generated one turns out to be unsuitable.
if [ "$REPLACED" = 1 ]; then
for f in "$KEY" "$CERT"; do
if [ -f "$f" ]; then
cp -p "$f" "$f.old"
fi
done
fi
# Make sure the private key is not briefly world/group readable while
# it is being generated.
umask 077
echo "Generating server key..."
"$OPENSSLPATH" ecparam -out "$KEY" -name secp384r1 -genkey || exit 1
echo "Generating self-signed certificate..."
"$OPENSSLPATH" req -new -x509 -key "$KEY" -config "$CNF" -days 3650 -sha256 -out "$CERT" || exit 1
echo "Setting permissions on server.*.pem files..."
chmod o-rwx "$KEY" "$CERT"
chmod g-rwx "$KEY" "$CERT"
echo ""
echo "A new self-signed certificate and key have been generated in $TLSDIR"
if [ "$REPLACED" = 1 ]; then
echo "Your previous certificate and key were backed up with a .old suffix."
fi
echo "Note: the SPKI fingerprint has changed. If other servers link to you and"
echo " verify a fingerprint, you need to update the link { } block on their side."
echo "If UnrealIRCd is currently running, load the new certificate with:"
echo " $0 reloadtls"
elif [ "$1" = "hot-patch" -o "$1" = "cold-patch" ] ; then
if [ ! -d "$BUILDDIR" ]; then
echo "UnrealIRCd source not found. Sorry, it is not possible to patch."
@@ -434,6 +507,7 @@ else
echo "unrealircd stop Stop (kill) the IRC Server"
echo "unrealircd rehash Reload the configuration file"
echo "unrealircd reloadtls Reload the SSL/TLS certificates"
echo "unrealircd makecert Create or replace the self-signed TLS certificate"
echo "unrealircd restart Restart the IRC Server (stop+start)"
echo "unrealircd status Show current status of the IRC Server"
echo "unrealircd module-status Show all currently loaded modules"