[apache2] 02/02: Include ask-for-passphrase from Ubuntu and tweak for systemd
Stefan Fritsch
sf at moszumanska.debian.org
Mon Dec 22 20:02:09 UTC 2014
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch master
in repository apache2.
commit 6da2bfa9c1a337faccadab74031c377372f23db6
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Mon Dec 22 20:20:45 2014 +0100
Include ask-for-passphrase from Ubuntu and tweak for systemd
---
debian/apache2.install | 1 +
debian/ask-for-passphrase | 47 +++++++++++++++++++++++++++++++
debian/changelog | 3 ++
debian/config-dir/mods-available/ssl.conf | 2 +-
4 files changed, 52 insertions(+), 1 deletion(-)
diff --git a/debian/apache2.install b/debian/apache2.install
index 4c391fb..52bbac7 100644
--- a/debian/apache2.install
+++ b/debian/apache2.install
@@ -3,4 +3,5 @@ debian/config-dir/* /etc/apache2
debian/a2enmod /usr/sbin
debian/apache2ctl /usr/sbin
debian/a2query /usr/sbin
+debian/ask-for-passphrase /usr/share/apache2/
debian/debhelper/apache2-maintscript-helper /usr/share/apache2/
diff --git a/debian/ask-for-passphrase b/debian/ask-for-passphrase
new file mode 100755
index 0000000..e7ad3e3
--- /dev/null
+++ b/debian/ask-for-passphrase
@@ -0,0 +1,47 @@
+#!/bin/bash
+#
+# ask-for-passphrase - designed to be used by SSLPassPhraseDialog exec:
+#
+# Copyright Canonical, Ltd. 2010, All Rights Reserved
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+sitename=$1
+keytype=$2
+
+prompt="Apache needs to decrypt your SSL Keys for $sitename ($keytype)
+Please enter passphrase:"
+tty=`tty`
+if [ "$tty" = "not a tty" ] ; then
+ # Apache gives us a pipe for stdin, but we want to
+ # talk to apache's terminal.
+ tty=`tty < /proc/${PPID}/fd/0`
+ if [ "$tty" = "not a tty" ] ; then
+ if [ -x /bin/systemd-ask-password ] ; then
+ exec /bin/systemd-ask-password --timeout=0 "$prompt"
+ elif [ -x /bin/plymouth ] && plymouth --ping ; then
+ echo $prompt | logger
+ exec plymouth ask-for-password --prompt="$prompt"
+ else
+ logger -p daemon.err -t apache2 "No way to ask user for passphrase"
+ exit 1
+ fi
+ logger -p daemon.err -t apache2 "Passphrase prompt failed"
+ exit 1
+ fi
+ # We must not print anything on stdout except the passphrase
+ read -s -p "$prompt" passphrase > $tty 2>&1 < $tty
+ echo "$passphrase"
+fi
diff --git a/debian/changelog b/debian/changelog
index 2086695..98712d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ apache2 (2.4.10-9) UNRELEASED; urgency=medium
* CVE-2014-8109: mod_lua: Fix handling of the Require line when a
LuaAuthzProvider is used in multiple Require directives with different
arguments.
+ * Include ask-for-passphrase script from Ubuntu with some tweaks. This
+ fixes asking for certificate passphrases if started via systemd.
+ Closes: #773405
* Also bump debhelper build-depends to get dh_installdeb with support for
symlink_to_dir. Closes: #770421
diff --git a/debian/config-dir/mods-available/ssl.conf b/debian/config-dir/mods-available/ssl.conf
index 8be989f..1dc4eea 100644
--- a/debian/config-dir/mods-available/ssl.conf
+++ b/debian/config-dir/mods-available/ssl.conf
@@ -33,7 +33,7 @@
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
- SSLPassPhraseDialog builtin
+ SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list