#! /usr/bin/perl use strict ; use warnings ; use File::Basename ; my $CONF = '/etc/httpd/conf.d/ssl.conf' ; my $CERTS = '/etc/httpd/certs/' ; my $CERT = 'SSLCertificateFile' ; my $KEY = 'SSLCertificateKeyFile' ; my $CHAIN = 'SSLCertificateChainFile' ; my $MODE1 = 0600 ; my $MODE2 = 0644 ; my $MAKE = 'Makefile' ; my @KEYS = ( $CERT, $KEY, $CHAIN ) ; my $prog = substr $0, rindex ( $0, '/' ) + 1 ; my $Usage = < ; chomp @data ; my @make = map { chomp ; s/^\s+/\t/ ; "$_\n" } @data ; printf "$TAG create $dest\n" ; if ( $opt{f} ) { open MAKE, '>', $dest or Error "can't write $dest ($!)" ; print MAKE "PROG = $prog\n" ; print MAKE "$_" for @make ; close MAKE ; } } if ( $opt{M} ) { make_makefile $MAKE ; exit ; } if ( $SRC eq 'recent' ) { opendir DOT, '.' or Error "can't opendir '.' ($!)" ; my @cands = sort grep /^\d{4}-\d{2}-\d{2}$/, readdir DOT ; closedir DOT ; Error "no 'recent key-set' found" unless @cands ; $SRC = pop @cands ; printf "using 'recent' key-set $SRC\n" ; } Error "can't find $SRC" unless -d $SRC ; # SSLCertificateFile /etc/httpd/certs/server.crt # SSLCertificateKeyFile /etc/httpd/certs/webfarm.prv # SSLCertificateChainFile /etc/httpd/certs/server-chain.crt sub max { return undef unless @_ ; my $res = shift ; for ( @_ ) { $res = $_ if $_ > $res ; } ; $res ; } sub width_nams { my $conf = shift ; max map { length basename $_ ; } values %$conf ; } sub get_conf { my $res = {} ; open CONF, $CONF or Error "can't open $CONF ($!)" ; my $KEYS = join '|', @KEYS ; while ( ) { if ( /^($KEYS)\s+(.*)\s*$/ ) { $res -> { $1 } = $2 ; } } close CONF ; my $errs = join "", map { "\n *** $_ not in $CONF" } grep { ! exists $res -> { $_ } ; } @KEYS ; Error $errs if $errs ; $res ; } sub dmp_conf { my $conf = shift || Error "dmp_conf: no conf ??" ; my $W = max map { length $_ ; } @KEYS ; print "$CONF :\n" ; for ( sort keys %$conf ) { printf " %-${W}s : %s\n", $_, $conf -> { $_ } ; } $conf ; } sub check_src { my @nams = @_ ; my @fils = map { "$SRC/$_" ; } @nams ; my $errs = join '' , ( map { "\n *** file $_ not found" } grep { ! -f $_ ; } @fils ) , ( map { "\n *** file $_ is empty" } grep { -f $_ and ! -s $_ ; } @fils ) ; Error $errs if $errs ; print "key-set $SRC has @nams\n\n" ; @nams ; } sub diff { my $nam = shift ; my $src = "$SRC/$nam" ; my $cmd = "diff -s $src $nam" ; print "$cmd\n" ; system "diff -s $src $nam" ; } sub touch { my $nam = shift ; my $src = "$SRC/$nam" ; if ( ! -f $src ) { printf "$TAG touch $src\n" ; if ( $opt{f} ) { if ( open SRC, ">>$src" ) { close SRC ; } else { Error "can't touch $src ($!)" ; } } } } sub install { my $nam = shift ; my $cnf = shift ; my $src = "$SRC/$nam" ; my $W = 11 + width_nams $cnf ; if ( -f $nam ) { printf "$TAG unlink $nam\n" if $opt{d} ; if ( $opt{f} ) { unlink $nam or Error "can't unlink $nam ($!)" ; } printf "$TAG link %-${W}s => %s\n", $src, $nam ; if ( $opt{f} ) { link $src, $nam or Error "can't link $src => $nam ($!)" ; } } } sub set_mode { my $conf = shift ; my $ckey = shift ; my $MODE = shift ; my $name = basename $conf -> { $ckey } ; my $file = "$SRC/$name" ; my $W = 11 + width_nams $conf ; my $mode = 0777 & ( stat $file ) [ 2 ] ; if ( $mode == $MODE ) { printf "mode: file %-${W}s has mode %o [ok]\n", $file, $mode ; } else { printf "mode: $TAG change %s mode %o -> %o\n", $file, $mode, $MODE ; if ( $opt{f} ) { chmod $MODE, $file or Error sprintf "can't chmod %o %s" , $MODE, $file ; } } } my $conf = dmp_conf get_conf ; my @nams = sort map { basename $_ ; } values %$conf ; if ( $opt{N} ) { print "\n" ; touch $_ for @nams ; exit ; } check_src @nams ; if ( $opt{c} ) { print "\n" ; diff $_ for @nams ; exit ; } set_mode $conf, $KEY , $MODE1 ; set_mode $conf, $CERT , $MODE2 ; set_mode $conf, $CHAIN, $MODE2 ; print "\n" ; install $_, $conf for @nams ; printf "\nNo errors found ; this is a DRY-RUN.\n" unless $opt{f} ; __DATA__ DATE := $(shell date +%F) menu : @echo menu: make compare @echo menu: make newdir \# mkdir ${DATE} @echo menu: make test @echo menu: make install compare : ${PROG} -v -c recent newdir : @if test -d ${DATE} ;\ then echo ${DATE} exists ;\ else mkdir ${DATE} ;\ fi ${PROG} -f -N ${DATE} test : ${PROG} -v recent install : ${PROG} -v -f recent