Renamed sandbox TLS key, added dime config variables, and sample keys.

MNS82 · Jan 22, 2017 · 2ceb21c · 2ceb21c
1 parent e18c42a
commit 2ceb21c
Show file tree

Hide file tree

Showing 27 changed files with 1,842 additions and 170 deletions.
diff --git a/.cproject b/.cproject
diff --git a/.project b/.project
@@ -78,7 +78,7 @@
 	</natures>
 	<filteredResources>
 		<filter>
-			<id>1485097706844</id>
+			<id>1485107284273</id>
 			<name></name>
 			<type>30</type>
 			<matcher>
@@ -87,7 +87,7 @@
 			</matcher>
 		</filter>
 		<filter>
-			<id>1485097706848</id>
+			<id>1485107284281</id>
 			<name></name>
 			<type>30</type>
 			<matcher>
@@ -96,7 +96,7 @@
 			</matcher>
 		</filter>
 		<filter>
-			<id>1485097706858</id>
+			<id>1485107284287</id>
 			<name></name>
 			<type>30</type>
 			<matcher>
@@ -105,12 +105,12 @@
 			</matcher>
 		</filter>
 		<filter>
-			<id>1485097706863</id>
+			<id>1485107284294</id>
 			<name></name>
 			<type>30</type>
 			<matcher>
 				<id>org.eclipse.ui.ide.multiFilter</id>
-				<arguments>1.0-projectRelativePath-matches-false-true-dev/tools/x</arguments>
+				<arguments>1.0-projectRelativePath-matches-false-true-dev/tools/*</arguments>
 			</matcher>
 		</filter>
 	</filteredResources>

diff --git a/.settings/language.settings.xml b/.settings/language.settings.xml
@@ -15,12 +15,10 @@
 		<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
 			<provider copy-of="extension" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider"/>
 			<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
-			<provider class="org.eclipse.cdt.managedbuilder.language.settings.providers.GCCBuildCommandParser" id="org.eclipse.cdt.managedbuilder.core.GCCBuildCommandParser" keep-relative-paths="false" name="CDT GCC Build Output Parser" parameter="(g?cc)|([gc]\+\+)|(clang)" prefer-non-shared="true"/>
-			<provider class="org.eclipse.cdt.managedbuilder.language.settings.providers.GCCBuiltinSpecsDetector" console="false" env-hash="-477849277999684695" id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" keep-relative-paths="false" name="CDT GCC Built-in Compiler Settings" parameter="${COMMAND} ${FLAGS} -E -P -v -dD &quot;${INPUTS}&quot;" prefer-non-shared="true">
-				<language-scope id="org.eclipse.cdt.core.gcc"/>
-				<language-scope id="org.eclipse.cdt.core.g++"/>
-			</provider>
+			<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuildCommandParser" ref="shared-provider"/>
+			<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
 			<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
+			<provider-reference id="org.eclipse.cdt.debug.application.DwarfLanguageSettingsProvider" ref="shared-provider"/>
 		</extension>
 	</configuration>
 	<configuration id="cdt.managedbuild.toolchain.gnu.base.1042491499.540148943" name="Default">

diff --git a/dev/docs/config.readme.txt b/dev/docs/config.readme.txt
@@ -444,8 +444,8 @@ magma.dkim.enabled
 Possible values:	true or false
 Default value:		false
 Description:		Specifies whether DKIM signing is enabled for outbound messages.
-Related:			magma.dkim.domain, magma.dkim.selector, magma.dkim.privkey
-Note:				If magma.dkim.enabled is set, then magma.dkim.domain, magma.dkim.selector, and magma.dkim.privkey must all be set.
+Related:			magma.dkim.domain, magma.dkim.selector, magma.dkim.key
+Note:				If magma.dkim.enabled is set, then magma.dkim.domain, magma.dkim.selector, and magma.dkim.key must all be set.
 
 magma.dkim.selector
 Possible values:	any string containing a valid DKIM selector.
@@ -459,7 +459,7 @@ Default value:		[empty]
 Description:		This is the domain name for which DKIM message signing is being performed.
 Related:			magma.dkim.enabled
 
-magma.dkim.privkey
+magma.dkim.key
 Possible values:	a pathname to a file with the DKIM private key.
 Default value:		[empty]
 Description:		The DKIM private key must contain a PEM-encoded private key and cannot be world-readable.

diff --git a/dev/install/magmad.config.sql b/dev/install/magmad.config.sql
@@ -25,7 +25,9 @@ INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad'
 INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dkim.enabled', 'true', NOW());
 INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dkim.selector', '$SELECTOR', NOW());
 INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dkim.domain', '$DOMAIN', NOW());
-INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dkim.privkey', '/etc/pki/dkim/private/$DKIMFILE', NOW());
+INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dkim.key', '/etc/pki/dkim/private/$DKIMFILE', NOW());
+INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dime.key', '/etc/pki/dime/private/$DIMEFILE', NOW());
+INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.dime.signet', '/etc/pki/dime/private/$DIMEFILE', NOW());
 
 INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.servers[1].name', 'SMTP', NOW());
 INSERT INTO Host_Config (application, name, `value`, timestamp) VALUES ('magmad', 'magma.servers[1].protocol', 'SMTP', NOW());

diff --git a/dev/scripts/builders/build.lib.sh b/dev/scripts/builders/build.lib.sh
@@ -2145,24 +2145,27 @@ load() {
 
 keys() {
 
-	printf "Fixing the permissions for the TLS and DKIM keys in the magma sandbox...\n\n"
+	printf "Fixing the permissions for the DIME, DKIM and TLS keys in the magma sandbox...\n\n"
 
-	chmod 600 "$M_PROJECT_ROOT/sandbox/etc/localhost.localdomain.pem"; error
+	chmod 600 "$M_PROJECT_ROOT/sandbox/etc/tls.localhost.localdomain.pem"; error
 	chmod 600 "$M_PROJECT_ROOT/sandbox/etc/dkim.localhost.localdomain.pem"; error
+	chmod 600 "$M_PROJECT_ROOT/sandbox/etc/dime.localhost.localdomain.key"; error
+	chmod 600 "$M_PROJECT_ROOT/sandbox/etc/dime.localhost.localdomain.signet"; error
 
 	# Tell git to skip checking for changes to the key files, but only if git is on the system and the files
 	# are stored inside a repo.
 	GIT_IS_AVAILABLE=`which git &> /dev/null && git log &> /dev/null && echo 1`
 	if [[ "$GIT_IS_AVAILABLE" == "1" ]]; then
-		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/localhost.localdomain.pem"
+		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/tls.localhost.localdomain.pem"
 		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/dkim.localhost.localdomain.pub"
-		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/dkim.localhost.localdomain.pem"
+		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/dime.localhost.localdomain.key"
+		git update-index --assume-unchanged "$M_PROJECT_ROOT/sandbox/etc/dime.localhost.localdomain.signet"
 	fi
 }
 
 generate() {
 
-	printf "Generating TLS and DKIM keys for the magma sandbox...\n"
+	printf "Generating DIME, DKIM and TLS keys for the magma sandbox...\n"
 
 	# Generate a DKIM private key.
 	"$M_LOCAL/bin/"openssl genrsa -out "$M_PROJECT_ROOT/sandbox/etc/dkim.localhost.localdomain.pem" 2048 2>&1 >& /dev/null
@@ -2175,8 +2178,8 @@ generate() {
 
 	# The TLS private key and a self-signed certificate.
 	"$M_LOCAL/bin/"openssl req -x509 -nodes -batch -days 1826 -newkey rsa:4096 \
-	-keyout "$M_PROJECT_ROOT/sandbox/etc/localhost.localdomain.pem" \
-	-out "$M_PROJECT_ROOT/sandbox/etc/localhost.localdomain.pem" >& /dev/null ; error
+	-keyout "$M_PROJECT_ROOT/sandbox/etc/tls.localhost.localdomain.pem" \
+	-out "$M_PROJECT_ROOT/sandbox/etc/tls.localhost.localdomain.pem" >& /dev/null ; error
 
 	keys
 }

diff --git a/res/config/magma.config.stub b/res/config/magma.config.stub
@@ -23,7 +23,7 @@ magma.web.statistics = true
 magma.dkim.enabled = true
 magma.dkim.selector = bazinga
 magma.dkim.domain = example.com
-magma.dkim.privkey = ${BASE_DIR}/res/config/dkim.localhost.localdomain.pem
+magma.dkim.key = ${BASE_DIR}/res/config/dkim.localhost.localdomain.pem
 
 magma.config.output_config = false
 

diff --git a/sandbox/etc/dime.localhost.localdomain.key b/sandbox/etc/dime.localhost.localdomain.key
@@ -0,0 +1,5 @@
+-----BEGIN ORGANIZATIONAL KEY-----
+B6AAAEQBINmVRpNEhJ5e0gCvMXqZIXbGS8HxqbTdzxNTv2qw/9OVAyC2toI+UsBY
+PkT9wQamLr5x3Ghnni0116X4T0Vls8eo1Q==
+=zI2V
+-----END ORGANIZATIONAL KEY-----
diff --git a/sandbox/etc/dime.localhost.localdomain.signet b/sandbox/etc/dime.localhost.localdomain.signet
@@ -0,0 +1,11 @@
+-----BEGIN ORGANIZATIONAL SIGNET-----
+BvAAAWkBIUCI6ukxuqAuT9NNrnzR27BVpV4u4n1P6kS197LUqlU1VgMhAtlzegCh
+6D2kdCNC3LxZ+4LXo7UmxtARjoHjaUPWbD7YBFtalSZ/1FXFOSkUdykn0mI1LW/E
+SgjuUcCQlXswCdjo5IJQYn3X2YzGUhJPDJCRrlXpEz06QQvO0Hsi/IS0qw4QE01h
+Z21hIFRlc3QgSWRlbnRpdHkRFzEwMCBFeGFtcGxlIEFkZHJlc3MgV2F5EwJVUxQF
+MjAwMDEVDigyMDIpIDU1NS0xMjEy/Y1jxpiT3mYG72ktRb8nc2Y8Q3yZobhTMT+A
+oozDc3IC11WvSccg7sBUOie8EjKk+i+D5dlJLMHPs7KuRo1ezAj+FWxvY2FsaG9z
+dC5sb2NhbGRvbWFpbv8ONS3JyyAFtVRyWKmY8AM9RprlsasGpognYud4mLEe9GSz
+ntdJ8+6bcF0EdHFSCQGQWWzbncQKMIeKU31R0CcL
+=hAX2
+-----END ORGANIZATIONAL SIGNET-----
diff --git a/sandbox/etc/localhost.localdomain.pem b/sandbox/etc/localhost.localdomain.pem