aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2021-07-04 05:23:26 -0300
committerLeo <thinkabit.ukim@gmail.com>2021-07-04 05:26:48 -0300
commit37e97cc8faa2af364bbcee65069542b3791c2911 (patch)
treed45f54b8fef58924f32d0041a925dc3c46c346a6
parentbd26becbfe7151a7264faec3987fb66fb39099ff (diff)
downloadaports-37e97cc8faa2af364bbcee65069542b3791c2911.tar.gz
aports-37e97cc8faa2af364bbcee65069542b3791c2911.tar.bz2
aports-37e97cc8faa2af364bbcee65069542b3791c2911.tar.xz
community/xrdp: generate key and certificate at runtime
See: #12811
-rw-r--r--community/xrdp/APKBUILD16
-rw-r--r--community/xrdp/openssl.conf46
-rw-r--r--community/xrdp/xrdp.post-install13
3 files changed, 73 insertions, 2 deletions
diff --git a/community/xrdp/APKBUILD b/community/xrdp/APKBUILD
index 9c3b85f6b1..75c6e3a994 100644
--- a/community/xrdp/APKBUILD
+++ b/community/xrdp/APKBUILD
@@ -2,11 +2,12 @@
# Maintainer: Alan Lacerda <alacerda@alpinelinux.org>
pkgname=xrdp
pkgver=0.9.13.1
-pkgrel=0
+pkgrel=1
pkgdesc="Open source RDP server"
url="https://www.xrdp.org/"
arch="all"
license="Apache-2.0"
+install="$pkgname.post-install"
makedepends="autoconf automake libtool openssl-dev libx11-dev
libxfixes-dev libxrandr-dev libjpeg-turbo-dev fuse-dev linux-headers
nasm"
@@ -14,6 +15,7 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-openrc"
source="https://github.com/neutrinolabs/xrdp/releases/download/v$pkgver/xrdp-$pkgver.tar.gz
xrdp.initd
dynamic-link.patch
+ openssl.conf
"
# secfixes:
@@ -46,11 +48,21 @@ build() {
package() {
make DESTDIR="$pkgdir" install
+ install -Dm0644 "$srcdir"/openssl.conf -t "$pkgdir"/etc/xrdp
+
install -m755 -D "$srcdir"/$pkgname.initd \
"$pkgdir"/etc/init.d/$pkgname
ln -s $pkgname $pkgdir/etc/init.d/$pkgname-sesman
+
+ # Remove keys and its configuration generated during the
+ # build process
+ rm -f \
+ "$pkgdir"/etc/xrdp/*.pem \
+ "$pkgdir"/etc/xrdp/rsakeys.ini
}
sha512sums="36350aaf4bf4b49907cb31fd15c375a50a0d13d4b66aa14982c9d4da64212395391ff7e169def853337ef97960a109d6d7c85d510834fac44de12caed3632a26 xrdp-0.9.13.1.tar.gz
22b44398f4014ee67831051d1a1a859c6f4a601d75a03b33142ce7ea1e3f00082134337efb7da69e964f4a369d2b22114973221be2131f384f9459cc8e82fc13 xrdp.initd
-c20de35c4623bcdeae2ba8a740f965b5f320c506ff9a7b9444ec0c8300af518fd3a84b8c28f6e775b7bab73bdac7433be9261d133fc767d953ac54cb2d3b0afd dynamic-link.patch"
+c20de35c4623bcdeae2ba8a740f965b5f320c506ff9a7b9444ec0c8300af518fd3a84b8c28f6e775b7bab73bdac7433be9261d133fc767d953ac54cb2d3b0afd dynamic-link.patch
+c06de34e3f926d3d580a54a95a97c0fb3069c9fbade65b23bf424609aabb2a42db68eaeaa9540716b93b8d96bc3e75616612eedfa6cd55e736eee3b79c585d4f openssl.conf
+"
diff --git a/community/xrdp/openssl.conf b/community/xrdp/openssl.conf
new file mode 100644
index 0000000000..faa269c379
--- /dev/null
+++ b/community/xrdp/openssl.conf
@@ -0,0 +1,46 @@
+[req]
+distinguished_name = req_distinguished_name
+# The extensions to add to the self signed cert
+x509_extensions = v3_ca
+# Run non-interactively
+prompt = no
+
+[req_distinguished_name]
+# Certificate subject
+#countryName = US
+#stateOrProvinceName = CA
+#localityName = Sunnyvale
+#organizationName = xrdp
+#organizationalUnitName =
+commonName = XRDP
+#emailAddress =
+
+[v3_ca]
+# Extensions for a typical CA - PKIX recommendation.
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always, issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical, CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+#keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+#nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+#subjectAltName = email:copy
+# Copy issuer details
+#issuerAltName = issuer:copy
+
+# DER hex encoding of an extension: experts only!
+#obj = DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+#basicConstraints = critical, DER:30:03:01:01:FF
diff --git a/community/xrdp/xrdp.post-install b/community/xrdp/xrdp.post-install
new file mode 100644
index 0000000000..0f3b702ab7
--- /dev/null
+++ b/community/xrdp/xrdp.post-install
@@ -0,0 +1,13 @@
+#!/bin/sh
+if [ ! -s /etc/xrdp/rsakeys.ini ]; then
+ (umask 377; touch /etc/xrdp/rsakeys.ini; /usr/bin/xrdp-keygen xrdp /etc/xrdp/rsakeys.ini)
+fi
+
+if [ ! -s /etc/xrdp/cert.pem ]; then
+ (umask 377; openssl req -x509 -newkey rsa:2048 -sha256 -nodes -days 3652 \
+ -keyout /etc/xrdp/key.pem \
+ -out /etc/xrdp/cert.pem \
+ -config /etc/xrdp/openssl.conf)
+fi
+
+exit 0