[opensuse] bash/expect - Help! I can't get around the prompt
Listmates,
I am stumped. I can't automate an openssl call from a script and it's driving
me nuts. Most of the openssl commands will accept here doc or the -passin
option for passing the password to openssl and eliminating the user prompt, but
the genrsa call is kicking my ....
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey
openssl genrsa -des3 -out server.key 1024 <
Hello, On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK The passphrase is for the output file, which I found in the "usage" of the genrsa call. HTH, -dnh -- Subtlety is the art of saying what you think and getting out of the way before it is understood. -- BSD fortune file -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David Haller wrote:
Hello,
On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
The passphrase is for the output file, which I found in the "usage" of the genrsa call.
HTH, -dnh
Your kidding me! I read that and I didn't want to output the passphrase (at least that is how I read it) -passout arg the output file password source. Reading a second time, I get it now. Thanks Dave! -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David Haller wrote:
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
Dave, You also single-quoted the start-tag, why? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hello, On Fri, 06 Feb 2009, David C. Rankin wrote:
David Haller wrote:
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
Dave,
You also single-quoted the start-tag, why?
*Oops!* Sorry.
That's actually wrong in this case, as you want $TPHRASE
expanded. Generally though, you should quote the tag just like a
variable to keep from expansion.
==== man bash / Here documents section ====
<<[-]word
here-document
delimiter
[..]
If any characters in word are quoted, the delimiter is the
result of quote removal on word, and the lines in the
here-document are not expanded. If word is unquoted, all
lines of the here-document are subjected to parameter
expansion, command substitution, and arithmetic expansion.
====
Usually, you don't want expansions/substitutions in your
here-documents, which is why I tend to quote the "word". And only
conciously choose not to quote it, if I actually want
expansion/substitution.
For clarification:
$ echo $TPHRASE
somekey
$ cat < $TPHRASE
EOF
somekey
$ cat <<"EOF"
$TPHRASE
EOF
$TPHRASE
$ cat <<'EOF'
$TPHRASE
EOF
$TPHRASE
$ Without the quotes, you need to escape ``, $(), $, etc. if you don't
want them expanded.
Using a quoted word is esp. useful if you want to pass on
"shellscripts" via ssh -- unless you want e.g. some variables
expanded. But that can be amended by using a combination of
here-documents and echos "gathered together" by braces:
{
cat <<'PART_OF_SCRIPT'
unexpanded $stuff and remotely run $(command)
and an remotely expanded $variable.
PART_OF_SCRIPT
echo "$foo"
cat <
David Haller wrote:
Hello,
On Fri, 06 Feb 2009, David C. Rankin wrote:
No matter what I try, I can't automate:
openssl genrsa -des3 -out server.key 1024
I have tried:
TPHRASE=somekey openssl genrsa -des3 -out server.key 1024 <
TPHRASE=somekey openssl genrsa -passout stdin -des3 -out server.key 1024 <<'GENPSK' $TPHRASE GENPSK
The passphrase is for the output file, which I found in the "usage" of the genrsa call.
HTH, -dnh
Got it!
But, I had to get rid of the single quotes around the here doc tags. From man
bash on here docs:
<quote>
If any characters in word are quoted, the delimiter is the result of quote
removal on word, and the lines in the here-document are not expanded.
</quote>
So what was happening is that the passphrase for the genrsa was being set to
'$TPHRASE' instead of 'somekey'. This caused problems with the line:
openssl req -new -key server.key -out server.csr <
participants (2)
-
David C. Rankin
-
David Haller