initramfs-tools-tcos 0.89.86 / usr / share / tcos / hooks-addons / 10ssl_tunnel

This file is indexed.

/usr/share/tcos/hooks-addons/10ssl_tunnel is in initramfs-tools-tcos 0.89.86.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# hooks addon for stunnel4
# need stunnel4 package

if [ ! $TCOS_ENABLE_SSL ]; then
  _verbose "(10ssl_tunnel) TCOS_ENABLE_SSL disabled"
else
 stat_before

   [ -x /usr/bin/stunnel4 ]  && cpifexists /usr/bin/stunnel4   /usr/bin/
   [ -x /usr/sbin/stunnel4 ]  && cpifexists /usr/sbin/stunnel4   /usr/bin/
   [ -x /usr/bin/openssl ]  && cpifexists /usr/bin/openssl   /usr/bin/

   mkdir -p $DESTDIR/etc/stunnel
   mkdir -p $DESTDIR/usr/lib/ssl
   cpifexists /usr/lib/ssl/openssl.cnf /usr/lib/ssl
   #cpifexists /usr/lib/libcrypto.so.0.9.8 /usr/lib/
   #cpifexists /usr/lib/libssl.so.0.9.8 /usr/lib/

   [ -e ${DESTDIR}/usr/lib/i686/cmov/libcrypto.so.0.9.8 ] && mv -f ${DESTDIR}/usr/lib/i686/cmov/libcrypto.so.0.9.8 ${DESTDIR}/usr/lib/libcrypto.so.0.9.8 2>/dev/null
   [ -e ${DESTDIR}/usr/lib/i686/cmov/libssl.so.0.9.8 ] && mv -f ${DESTDIR}/usr/lib/i686/cmov/libssl.so.0.9.8 ${DESTDIR}/usr/lib/libssl.so.0.9.8 2>/dev/null

cat << EOF > ${DESTDIR}/etc/stunnel/stunnel.conf
cert = /etc/stunnel/tcos.pem
sslVersion=all
foreground=yes
syslog=no
session=1
delay=no
chroot=/var/lib/stunnel4/
setuid=root
setgid=root
pid=/stunnel4.pid
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
;socket=a:SO_REUSEADDR=0
;compression=rle
;debug=7
output=/var/log/stunnel.log
pty=no
;transparent=yes
;verify=1

[tcosxmlrpc]
accept=8999
connect=8998
TIMEOUTclose=0
TIMEOUTconnect=2
TIMEOUTidle=2
EOF

   #if [ -e /etc/tcos/ssl/tcos-custom.pem ]; then
   #  cp /etc/tcos/ssl/tcos-custom.pem  ${DESTDIR}/etc/stunnel/tcos.pem
   #else
   #  cp /etc/tcos/ssl/tcos.pem         ${DESTDIR}/etc/stunnel/tcos.pem
   #fi
   #chmod 600 $DESTDIR/etc/stunnel/tcos.pem
   mkdir -p $DESTDIR/var/lib/stunnel4/


   cat << EOF > ${DESTDIR}/scripts/tcos-bottom/60stunnel
#!/bin/sh
#

# new header not using prereqs
if [ "\$1" = "prereqs" ]; then
  echo ""
  exit 0
fi


quiet=n

. /scripts/functions
. /conf/tcos.conf
. /conf/tcos-run-functions

nosslxmlrpc=\$(read_cmdline_var "nosslxmlrpc" "0") 
if [ "\${nosslxmlrpc}" = "1" ]; then 
  _log "SSL XMLRPC disabled from cmdline" 
  exit 0 
fi

  [ -e /etc/stunnel/tcos.pem ] && rm -f /etc/stunnel/tcos.pem 2>/dev/null
  openssl req -new -x509 -nodes -days 365 -out /etc/stunnel/tcos.pem -keyout /etc/stunnel/tcos.pem -subj "/C=/ST=/L=/CN=localhost/emailAddress=root@localhost" 2>/dev/null
  dd if=/dev/urandom of=/tmp/temp_file_ssl count=2 2>/dev/null
  openssl dhparam -rand /tmp/temp_file_ssl 256 >> /etc/stunnel/tcos.pem 2>/dev/null
  chmod 600 /etc/stunnel/tcos.pem 2>/dev/null
  rm -f /tmp/temp_file_ssl 2>/dev/null

  stunnel4 >/dev/null 2>&1 &
exit 0

EOF

   chmod +x  ${DESTDIR}/scripts/tcos-bottom/60stunnel

 stat_after "SSL secure XMLRPC connection"

fi # end of TCOS_ENABLE_SSL

APT Browse - Built by Thomas Orozco.