/usr/bin/gnunet-gns-proxy-setup-ca is in gnunet 0.10.1-2.1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #!/bin/sh
# This shell script will generate an X509 certificate for your gnunet-gns-proxy
# and install it (for both GNUnet and your browser).
#
echo "Generating CA"
options=''
while getopts "c:" opt; do
case $opt in
c)
options="$options -c $OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
mkdir -p `dirname $GNS_CA_CERT_PEM`
openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
echo "Removing passphrase from key"
openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
echo "Importing CA into browsers"
for f in ~/.mozilla/firefox/*.default
do
if [ -d $f ]; then
echo "Importing CA info Firefox $f"
certutil -D -n "GNS Proxy CA" -d ~/.mozilla/firefox/*.default >/dev/null 2>&1
certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.mozilla/firefox/*.default < $GNSCERT
fi
done
if [ -d ~/.pki/nssdb ]; then
echo "Importing CA into Chrome"
certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb >/dev/null 2>&1
certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb < $GNSCERT
fi
rm $GNSCAKY $GNSCANO $GNSCERT
echo "You can now start gnunet-gns-proxy and configure your browser to use a SOCKS proxy on port 7777"
|