[Fusionforge-commits] FusionForge branch feature/concurrent-ssh-http-for-scm updated. b886d7bcb29f9eb02be58c7362f66b0617dc83d7

Roland Mas lolando at fusionforge.org
Fri Oct 17 11:49:40 CEST 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, feature/concurrent-ssh-http-for-scm has been updated
       via  b886d7bcb29f9eb02be58c7362f66b0617dc83d7 (commit)
      from  5aa9253b3a6382b1b0ea3b2fea3cde9185af0edf (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b886d7bcb29f9eb02be58c7362f66b0617dc83d7
Author: Roland Mas <lolando at debian.org>
Date:   Fri Oct 17 11:49:34 2014 +0200

    Generate (and use) a specific SSL certificate for the SCM host.

diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh
index 06ed0b2..58a854b 100755
--- a/src/post-install.d/web/web.sh
+++ b/src/post-install.d/web/web.sh
@@ -58,7 +58,8 @@ case "$1" in
 	    echo "*** Note: please install $config_path/httpd.conf in your Apache configuration"
 	fi
 	
-	# Generate SSL cert if needed
+	# Generate SSL certs if needed
+	web_host=$(forge_get_config web_host)
 	cert=$config_path/ssl-cert.pem
 	key=$config_path/ssl-cert.key
 	if [ ! -e $key ] ; then
@@ -66,7 +67,13 @@ case "$1" in
 	    chmod 600 $key
 	fi
 	if [ ! -e $cert ] ; then
-	    openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -out $cert
+	    openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$web_host" -out $cert
+	fi
+
+	scm_host=$(forge_get_config scm_host)
+	scmcert=$config_path/ssl-cert-scm.pem
+	if [ ! -e $scmcert ] ; then
+	    openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$scm_host" -out $scmcert
 	fi
 	
 	# Setup Docman/FRS/Tracker attachments
diff --git a/src/templates/httpd.conf.d/20-vhosts-scm.conf b/src/templates/httpd.conf.d/20-vhosts-scm.conf
index 93396e9..7b7579b 100644
--- a/src/templates/httpd.conf.d/20-vhosts-scm.conf
+++ b/src/templates/httpd.conf.d/20-vhosts-scm.conf
@@ -15,5 +15,5 @@
   Include {core/config_path}/httpd.conf.d/vhost-scm.inc
   Include {core/config_path}/httpd.conf.d/block-trace.inc
   Include {core/config_path}/httpd.conf.d/log.inc
-  Include {core/config_path}/httpd.conf.d/ssl-on.inc
+  Include {core/config_path}/httpd.conf.d/ssl-on-scm.inc
 </VirtualHost>
diff --git a/src/templates/httpd.conf.d/ssl-on-scm.inc b/src/templates/httpd.conf.d/ssl-on-scm.inc
new file mode 100644
index 0000000..0ae2322
--- /dev/null
+++ b/src/templates/httpd.conf.d/ssl-on-scm.inc
@@ -0,0 +1,25 @@
+# Not using IfModule: the name changes between distros
+# and user can disable SSL in ssl-on.inc
+#<IfModule mod_ssl.c>
+  SSLEngine on
+  
+  SSLCertificateFile {core/config_path}/ssl-cert-scm.pem
+  SSLCertificateKeyFile {core/config_path}/ssl-cert.key
+  # Add extra SSL configuration (e.g. SSLCACertificatePath) here
+  
+  <Files ~ "\.(cgi|shtml)$">
+    SSLOptions +StdEnvVars
+  </Files>
+  
+  <Directory "/usr/lib/cgi-bin">
+    SSLOptions +StdEnvVars
+  </Directory>
+  
+  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+#</IfModule>
+
+<IfModule apache_ssl.c>
+  SSLEnable
+  
+  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</IfModule>

-----------------------------------------------------------------------

Summary of changes:
 src/post-install.d/web/web.sh                               |   11 +++++++++--
 src/templates/httpd.conf.d/20-vhosts-scm.conf               |    2 +-
 .../httpd.conf.d/{ssl-really-on.inc => ssl-on-scm.inc}      |    2 +-
 3 files changed, 11 insertions(+), 4 deletions(-)
 copy src/templates/httpd.conf.d/{ssl-really-on.inc => ssl-on-scm.inc} (91%)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list