Mercurial > hg > freeDiameter
comparison contrib/OpenWRT/packages/freeDiameter/Makefile @ 510:48d306c0db29
Improved documentation in postinst script
author | Sebastien Decugis <sdecugis@nict.go.jp> |
---|---|
date | Fri, 20 Aug 2010 14:28:45 +0900 |
parents | f82bf741cd10 |
children | 875fcc02f98b |
comparison
equal
deleted
inserted
replaced
509:f82bf741cd10 | 510:48d306c0db29 |
---|---|
92 $(SED) 's,TLS_Cred,#TLS_Cred,g' $(1)/etc/freeDiameter/freeDiameter.conf | 92 $(SED) 's,TLS_Cred,#TLS_Cred,g' $(1)/etc/freeDiameter/freeDiameter.conf |
93 echo "" >> $(1)/etc/freeDiameter/freeDiameter.conf | 93 echo "" >> $(1)/etc/freeDiameter/freeDiameter.conf |
94 echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/freeDiameter.conf | 94 echo "### OPENWRT specific" >> $(1)/etc/freeDiameter/freeDiameter.conf |
95 echo "TLS_Cred = \"/etc/freeDiameter/freeDiameter.pem\", \"/etc/freeDiameter/freeDiameter.key\";" \ | 95 echo "TLS_Cred = \"/etc/freeDiameter/freeDiameter.pem\", \"/etc/freeDiameter/freeDiameter.key\";" \ |
96 >> $(1)/etc/freeDiameter/freeDiameter.conf | 96 >> $(1)/etc/freeDiameter/freeDiameter.conf |
97 echo "TLS_CA = \"/etc/freeDiameter/freeDiameter.ca.pem\";" \ | |
98 >> $(1)/etc/freeDiameter/freeDiameter.conf | |
97 echo "TLS_DH_Bits = 768;" >> $(1)/etc/freeDiameter/freeDiameter.conf | 99 echo "TLS_DH_Bits = 768;" >> $(1)/etc/freeDiameter/freeDiameter.conf |
98 echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf | 100 echo "LoadExtension = \"dict_nasreq.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf |
99 echo "LoadExtension = \"dict_eap.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf | 101 echo "LoadExtension = \"dict_eap.fdx\";" >> $(1)/etc/freeDiameter/freeDiameter.conf |
100 echo "LoadExtension = \"app_radgw.fdx\":\"rgw.conf\";" \ | 102 echo "LoadExtension = \"app_radgw.fdx\":\"rgw.conf\";" \ |
101 >> $(1)/etc/freeDiameter/freeDiameter.conf | 103 >> $(1)/etc/freeDiameter/freeDiameter.conf |
168 echo "country = net" >>/tmp/template.cnf | 170 echo "country = net" >>/tmp/template.cnf |
169 echo "cn = $$localid" >>/tmp/template.cnf | 171 echo "cn = $$localid" >>/tmp/template.cnf |
170 echo "expiration_days = 3650" >>/tmp/template.cnf | 172 echo "expiration_days = 3650" >>/tmp/template.cnf |
171 echo "signing_key" >>/tmp/template.cnf | 173 echo "signing_key" >>/tmp/template.cnf |
172 echo "encryption_key" >>/tmp/template.cnf | 174 echo "encryption_key" >>/tmp/template.cnf |
173 certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ | 175 if [ ! -f "/etc/freeDiameter/freeDiameter.csr" ]; then |
176 echo "Creating a new CSR" | |
177 certtool -q --load-privkey /etc/freeDiameter/freeDiameter.key \ | |
174 --outfile /etc/freeDiameter/freeDiameter.csr \ | 178 --outfile /etc/freeDiameter/freeDiameter.csr \ |
175 --template /tmp/template.cnf | 179 --template /tmp/template.cnf |
180 fi | |
176 certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ | 181 certtool -s --load-privkey /etc/freeDiameter/freeDiameter.key \ |
177 --outfile /etc/freeDiameter/freeDiameter.pem \ | 182 --outfile /etc/freeDiameter/freeDiameter.pem \ |
178 --template /tmp/template.cnf | 183 --template /tmp/template.cnf |
179 rm -f /tmp/template.cnf | 184 rm -f /tmp/template.cnf |
185 cat /etc/freeDiameter/freeDiameter.pem >> /etc/freeDiameter/freeDiameter.ca.pem | |
180 echo "Done." | 186 echo "Done." |
181 echo "========================================================================" | 187 echo "========================================================================" |
182 echo "To enable TLS communication, you should either:" | 188 echo "To enable TLS communication, you should either:" |
183 echo " - use a real certificate signed by your server's CA" | 189 echo " - use a real certificate signed by your server's CA:" |
184 echo " (CSR provided in /etc/freeDiameter/freeDiameter.csr)" | 190 echo " Use the CSR provided in /etc/freeDiameter/freeDiameter.csr" |
185 echo " - or, copy the two certificates (client & server) in a ca.pem file and " | 191 echo " Save the new certificate as /etc/freeDiameter/freeDiameter.pem" |
186 echo " add this file in both freeDiameter configurations (as TLS_CA)." | 192 echo " Replace the contents of /etc/freeDiameter/freeDiameter.ca.pem with your CA's certificate" |
193 echo " - or, declare the certificates as trusted as follow: " | |
194 echo " Add your server's CA certificate into /etc/freeDiameter/freeDiameter.ca.pem" | |
195 echo " Add the content of /etc/freeDiameter/freeDiameter.pem into your server's trusted CA file" | |
187 echo "========================================================================" | 196 echo "========================================================================" |
188 fi | 197 fi |
189 endef | 198 endef |
190 | 199 |
191 $(eval $(call BuildPackage,freeDiameter)) | 200 $(eval $(call BuildPackage,freeDiameter)) |