From 160fc42e77d44ef39ba84dd6226f61184332a255 Mon Sep 17 00:00:00 2001
From: "J. Daniel Schmidt" <jdsn@suse.de>
Date: Thu, 29 Apr 2010 18:50:44 +0200
Subject: [PATCH] be less verbose by default, add verbose mode (bnc#600829) use
 secure umask to prevent race conditions version 0.5

---
 package/check-create-certificate.changes |  7 ++++++
 package/check-create-certificate.spec    |  2 +-
 script/check-create-certificate          | 29 +++++++++---------------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/package/check-create-certificate.changes b/package/check-create-certificate.changes
index 232ff10..a3474af 100644
--- a/package/check-create-certificate.changes
+++ b/package/check-create-certificate.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Apr 29 18:39:04 CEST 2010 - jdsn@suse.de
+
+- be less verbose by default, add verbose mode (bnc#600829)
+- use secure umask to prevent race conditions
+- 0.5 
+
 -------------------------------------------------------------------
 Tue Mar 30 12:37:22 CEST 2010 - jdsn@suse.de
 
diff --git a/package/check-create-certificate.spec b/package/check-create-certificate.spec
index d3942e2..4c26ff0 100644
--- a/package/check-create-certificate.spec
+++ b/package/check-create-certificate.spec
@@ -16,7 +16,7 @@
 
 
 Name:           check-create-certificate
-Version:        0.4
+Version:        0.5
 Release:        0
 License:        GPLv2
 Group:          Productivity/Networking/System
diff --git a/script/check-create-certificate b/script/check-create-certificate
index 2d9fcae..c5ebfa6 100755
--- a/script/check-create-certificate
+++ b/script/check-create-certificate
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 
 # check-create-certificate: Create a self-signed 2048 bit RSA SSL certificate if it does not exist yet
-# Copyright (C) 2009  J. Daniel Schmidt <jdsn@suse.de>
+# Copyright (C) 2009,2010  J. Daniel Schmidt <jdsn@suse.de>
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -23,7 +23,8 @@
 use strict;
 use Getopt::Long qw(:config no_ignore_case);;
 use File::Basename;
-
+# set umask to securely create certificate files
+umask 0177;
 
 sub usage
 {
@@ -39,6 +40,7 @@ sub usage
     print STDERR "                              if omitted exitance of certificate files will only be checked\n";
     print STDERR "  -f [--force]                force to overwrite certificate\n";
     print STDERR "  -h [--help]                 this help\n";
+    print STDERR "  -v [--verbose]              show status messages (by default no output will be printed)\n";
     print STDERR "  -H [--hostname]     <name>  defines hostname to use as CN for certificate\n";
     print STDERR "                              if omitted it will use the FQDN hostname or just the hostname or the default CN\n";
     print STDERR "  -D [--defaultcn]    <name>  defines the default CN that is used if no FQDN can be found\n";
@@ -96,13 +98,7 @@ emailAddress = root\@$fqdn
         print STDERR "Could not create temporary files. Aborting.\n";
         return 0;
     }
-
-    my @chmodcmdcnf  = ("chmod", "644", "$CNF");
-    my @chmodcmdkey  = ("chmod", "600", "$KEY");
-    my @chmodcmdcert = ("chmod", "644", "$CERT");
-    system( @chmodcmdcnf );
-    system( @chmodcmdkey );
-    system( @chmodcmdcert );
+    system( ("chmod", "644", "$CERT") );
 
     open(CONF, ">$CNF");
     print CONF $config;
@@ -121,11 +117,7 @@ emailAddress = root\@$fqdn
         # create combined file if requested
         if ( defined $COMBINEDFILE )
         {
-            my @touchcom = ("touch", "$COMBINEDFILE");
-            my @chmodcom = ("chmod", "600", "$COMBINEDFILE");
             my $combine  = "cat $KEY $CERT > $COMBINEDFILE";
-            system(@touchcom);
-            system(@chmodcom);
             system($combine);
             $COMBINEDPATH = dirname($COMBINEDFILE);
         }
@@ -151,9 +143,10 @@ emailAddress = root\@$fqdn
 
 ################################# MAIN ########################################
 
-my ($create, $force, $hostname, $certfile, $keyfile, $combinedfile, $help, $organization, $unit, $defaultcn);
+my ($create, $force, $verbose, $hostname, $certfile, $keyfile, $combinedfile, $help, $organization, $unit, $defaultcn);
 my $result = GetOptions ("create|c"         => \$create,
                          "force|f"          => \$force,
+                         "verbose|v"        => \$verbose,
                          "hostname|H=s"     => \$hostname,
                          "defaultcn|D=s"    => \$defaultcn,
                          "organization|O=s" => \$organization,
@@ -187,13 +180,13 @@ if (defined $create)
         {
             if ( defined $F  &&  -e $F )
             {
-                print STDERR "File already exists: $F\n";
+                print "File already exists: $F\n" if $verbose;
                 $ok = 0; 
             }
         }
         unless ( $ok == 1 )
         {
-            print STDERR "Please use --force to overwrite.\n";
+            print "Please use --force to overwrite.\n" if $verbose;
             exit 1;
         }
     }
@@ -214,7 +207,7 @@ if (defined $create)
 
     if ( create_certificate( $hostname, $organization, $unit, $certfile, $keyfile, $combinedfile ) )
     {
-        print "Successfully created certificate.\n";
+        print "Successfully created certificate.\n" if $verbose;
         exit 0;
     }
     else
@@ -237,7 +230,7 @@ else
             }
             else
             {
-                print STDERR "File does not exist: $F\n";
+                print STDERR "File does not exist: $F\n" if $verbose;
                 $exitcode = 1;
             }
         }