#! /bin/bash # @(#)(CACert) $Id: INSTALL,v 1.4 2015/08/12 10:34:57 wytze Exp $ # install ocspd at CAcert . ./RELINFO ID=${PRODUCT}-${RELEASE} OCSPD_HOME=/usr/local/etc/ocspd # create user ocspd if it does not exist yet if ! id ocspd >/dev/null 2>&1 then echo "Creating user and group ocspd" groupadd --system ocspd useradd --comment "OCSP daemon" \ --gid ocspd \ --home ${OCSPD_HOME} \ --shell /sbin/nologin \ --system \ ocspd fi # install the main software cd ${ID} if [ -f ${OCSPD_HOME}/ocspd.conf ] then # preserve existing configuration file mv ${OCSPD_HOME}/ocspd.conf ${OCSPD_HOME}/ocspd.conf.PRESERVE fi make install # rename sample configuration file mv ${OCSPD_HOME}/ocspd.conf ${OCSPD_HOME}/ocspd.conf.sample if [ -f ${OCSPD_HOME}/ocspd.conf.PRESERVE ] then # restore preserved configuration file mv ${OCSPD_HOME}/ocspd.conf.PRESERVE ${OCSPD_HOME}/ocspd.conf fi rm -rf /usr/local/etc/init.d cd .. # install additional support files cd etc # install certificates for crt in certs/* do if [ ! -f ${OCSPD_HOME}/certs/`basename ${crt}` ] then install -v -p -o root -g root -m 444 ${crt} ${OCSPD_HOME}/certs fi done # install configuration file if [ ! -f ${OCSPD_HOME}/ocspd.conf ] then install -v -p -o root -g root -m 644 ocspd.conf ${OCSPD_HOME} else diff -u ${OCSPD_HOME}/ocspd.conf ocspd.conf fi # install script for creating ocspd key / csr / certificates if [ ! -f ${OCSPD_HOME}/make-ocspd-csr ] then install -v -p -o root -g root -m 755 make-ocspd-csr ${OCSPD_HOME} else diff -u ${OCSPD_HOME}/make-ocspd-csr make-ocspd-csr fi # create directory for storing crls retrieved from main webdb server mkdir -p ${OCSPD_HOME}/crls # install script for updating crls if [ ! -f ${OCSPD_HOME}/update-crls ] then install -v -p -o root -g root -m 755 update-crls ${OCSPD_HOME} else diff -u ${OCSPD_HOME}/update-crls update-crls fi # install script for checking ocspd state if [ ! -f ${OCSPD_HOME}/check-ocspd ] then install -v -p -o root -g root -m 755 check-ocspd ${OCSPD_HOME} else diff -u ${OCSPD_HOME}/check-ocspd check-ocspd fi # install options file in sysconfig if [ ! -f /etc/sysconfig/ocspd ] then install -v -p -o root -g root -m 644 sysconfig/ocspd /etc/sysconfig else diff -u /etc/sysconfig/ocspd sysconfig/ocspd fi # install systemd units for ocspd cd systemd for unit in ocspd* do if [ ! -f /usr/lib/systemd/system/${unit} ] then install -v -p -o root -g root -m 644 ${unit} /usr/lib/systemd/system else diff -u /usr/lib/systemd/system/${unit} ${unit} fi done cd .. systemctl enable ocspd systemctl enable ocspd-check.timer systemctl enable ocspd-update.timer # remove obsolete start/stop script for ocsp daemon if [ -f /etc/init.d/ocspd ] then rm -f /etc/init.d/ocspd fi # invoke the make-ocspd-csr script if no signing certificates are present yet if [ ! -f ${OCSPD_HOME}/certs/class1.crt -o \ ! -f ${OCSPD_HOME}/certs/class3.crt ] then ${OCSPD_HOME}/make-ocspd-csr fi cd ..