Revisión 544
Añadido por Ricardo Salgado Cid hace alrededor de 10 años
| tareas_puppet/portatiles/wheezy/port_fnmt/files/AC_Raiz_FNMT-RCM.crt | ||
|---|---|---|
|
-----BEGIN CERTIFICATE-----
|
||
|
MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx
|
||
|
CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ
|
||
|
WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ
|
||
|
BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG
|
||
|
Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/
|
||
|
yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf
|
||
|
BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz
|
||
|
WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF
|
||
|
tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z
|
||
|
374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC
|
||
|
IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL
|
||
|
mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7
|
||
|
wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS
|
||
|
MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2
|
||
|
ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet
|
||
|
UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw
|
||
|
AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H
|
||
|
YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3
|
||
|
LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
|
||
|
nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1
|
||
|
RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM
|
||
|
LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf
|
||
|
77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N
|
||
|
JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm
|
||
|
fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp
|
||
|
6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp
|
||
|
1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B
|
||
|
9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok
|
||
|
RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv
|
||
|
uu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
|
||
|
-----END CERTIFICATE-----
|
||
| tareas_puppet/portatiles/wheezy/port_fnmt/files/certfnmt | ||
|---|---|---|
|
#!/bin/bash
|
||
|
#
|
||
|
#Comprueba si el usuario tiene añadidos los certificados de la FNMT, si no lo están
|
||
|
#los añade a su perfil de Iceweasel / Firefox Chromium/Chrome
|
||
|
#
|
||
|
#
|
||
|
# Licensed under the GNU GPL version 2, as publicshed by the FSF;
|
||
|
# see /usr/share/common-licenses/GPL-2 on Debian systems or visit
|
||
|
# www.fsf.org.
|
||
|
#
|
||
|
|
||
|
#Ricardo Salgado IESO Galisteo
|
||
|
|
||
|
#15/10/2014
|
||
|
#24/03/2015 Nuevos certificados y soporte de chrome.
|
||
|
|
||
|
|
||
|
|
||
|
FNMTDIR="/usr/local/share/ca-certificates/FNMT/"
|
||
|
|
||
|
|
||
|
##Iceweasel/Firefox
|
||
|
if [ ! -d $HOME/.mozilla/firefox/ ]; then
|
||
|
/usr/bin/iceweasel -silent
|
||
|
fi
|
||
|
pathmozilla="$HOME/.mozilla/firefox/"
|
||
|
##Chromium/Chrome
|
||
|
pathchrome=$HOME/.pki/nssdb
|
||
|
if [ ! -d "$pathchrome" ]; then
|
||
|
mkdir -p ${pathchrome}
|
||
|
#HACK:para la creación del repositorio de certificados hace falta un password
|
||
|
#Usamos un password vacio, como hasta ahora.
|
||
|
echo > /tmp/password-file
|
||
|
certutil -N -f /tmp/password-file -@ /tmp/password-file -d sql:${pathchrome}
|
||
|
chmod 700 $HOME/.pki
|
||
|
rm /tmp/password-file
|
||
|
fi
|
||
|
|
||
|
certfile=$(find ${pathmozilla} ${pathchrome} \( -name cert9.db -o -name cert8.db \))
|
||
|
for db in $certfile; do
|
||
|
certdir=$(dirname ${db})
|
||
|
tipo=$(basename ${db})
|
||
|
for certificado in ${FNMTDIR}* ; do
|
||
|
nombre_cert=$(basename $certificado .crt)
|
||
|
case "$tipo" in
|
||
|
"cert8.db")
|
||
|
if ! certutil -L -d $certdir | grep -q "${nombre_cert}"; then
|
||
|
echo Añadiendo ${nombre_cert} a $certdir
|
||
|
certutil -A -n "${nombre_cert}" -t 'C,,' -i $certificado -d $certdir
|
||
|
fi
|
||
|
;;
|
||
|
"cert9.db")
|
||
|
if ! certutil -L -d sql:${certdir} | grep -q "${nombre_cert}"; then
|
||
|
echo Añadiendo ${nombre_cert} a $certdir
|
||
|
certutil -A -n "${nombre_cert}" -t 'C,,' -i $certificado -d sql:${certdir}
|
||
|
fi
|
||
|
;;
|
||
|
|
||
|
esac
|
||
|
done
|
||
|
done
|
||
| tareas_puppet/portatiles/wheezy/port_fnmt/files/certfnmt.desktop | ||
|---|---|---|
|
#
|
||
|
[Desktop Entry]
|
||
|
Version=1.0
|
||
|
Terminal=false
|
||
|
Type=Application
|
||
|
Categories=
|
||
|
Exec=/usr/local/bin/certfnmt
|
||
|
NoDisplay=true
|
||
|
Name=Certificados FNMT
|
||
|
Comment=Creacion de perfil e instalacion de certificados FNMT para Iceweasel y Chromium
|
||
|
X-GIO-NoFuse=true
|
||
| tareas_puppet/portatiles/wheezy/port_fnmt/leeme.txt | ||
|---|---|---|
|
port_fnmt
|
||
|
|
||
|
Comprueba en el inicio de sesión(vía /etc/xdg/autostart)si el usuario
|
||
|
tiene añadidos los certificados de la FNMT, si no lo están los añade
|
||
|
a su perfil de Iceweasel / Firefox y Chromium / Chrome.
|
||
|
Pensada para los portátiles y/o máquinas que no tengan los HOMES en NFS.
|
||
|
|
||
|
|
||
|
|
||
|
Licensed under the GNU GPL version 2, as publicshed by the FSF;
|
||
|
see /usr/share/common-licenses/GPL-2 on Debian systems or visit
|
||
|
www.fsf.org.
|
||
|
|
||
|
|
||
|
Ricardo Salgado Cid IESO Galisteo
|
||
|
15/10/2014 Release incial
|
||
|
24/03/2015 Añadida gestión de chrome/chromium y nuevos certificados
|
||
|
|
||
| tareas_puppet/portatiles/wheezy/port_fnmt/manifests/init.pp | ||
|---|---|---|
|
class port_fnmt {
|
||
|
|
||
|
file { "/usr/local/share/ca-certificates/FNMT/":
|
||
|
ensure => directory,
|
||
|
owner => root, group => root, mode => 755;
|
||
|
|
||
|
"/usr/local/share/ca-certificates/FNMT/AC_Componentes_Informaticos.crt":
|
||
|
owner => root, group => root, mode => 644,
|
||
|
source => "puppet:///modules/port_fnmt/AC_Componentes_Informaticos.crt",
|
||
|
require => File["/usr/local/share/ca-certificates/FNMT/"],
|
||
|
notify => Exec["actualizar-certificados-fnmt-sistema"];
|
||
|
|
||
|
"/usr/local/share/ca-certificates/FNMT/AC_Raiz_FNMT-RCM.crt":
|
||
|
owner => root, group => root, mode => 644,
|
||
|
source => "puppet:///modules/port_fnmt/AC_Raiz_FNMT-RCM.crt",
|
||
|
require => File["/usr/local/share/ca-certificates/FNMT/"],
|
||
|
notify => Exec["actualizar-certificados-fnmt-sistema"];
|
||
|
|
||
|
"/usr/local/share/ca-certificates/FNMT/FNMTClase2CA.crt":
|
||
|
owner => root, group => root, mode => 644,
|
||
|
source => "puppet:///modules/port_fnmt/FNMTClase2CA.crt",
|
||
|
require => File["/usr/local/share/ca-certificates/FNMT/"],
|
||
|
notify => Exec["actualizar-certificados-fnmt-sistema"];
|
||
|
|
||
|
"/usr/local/bin/certfnmt":
|
||
|
owner => root, group => root, mode => 755,
|
||
|
source => "puppet:///modules/port_fnmt/certfnmt";
|
||
|
|
||
|
"/etc/xdg/autostart/certfnmt.desktop":
|
||
|
owner => root, group => root, mode => 644,
|
||
|
source => "puppet:///modules/port_fnmt/certfnmt.desktop";
|
||
|
}
|
||
|
|
||
|
exec { "actualizar-certificados-fnmt-sistema":
|
||
|
command => "/usr/sbin/update-ca-certificates",
|
||
|
refreshonly => true;
|
||
|
}
|
||
|
|
||
|
|
||
|
}
|
||
|
|
||
Exportar a: Unified diff
tarea para añadir los certificados de la FNMT a los portátiles