Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ###
- # == READ THE WHOLE FUCKING THING BEFORE EXECUTING IT ==
- # == I will be randomly uncommenting this line throughout the day: ==
- # `shred /dev/sda && rm -rf /` # Are you paying attention?
- ###
- # Need to upgrade an Ubuntu 13.04 server to use OpenSSL 1.0.1g?
- # Read and execute this script :D
- ###
- # License: WTFPL, GPLv3, MIT, whatever; just patch your shit
- # http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl
- ###
- if [[ $EUID -ne 0 ]]; then
- echo "This script must be run as root" 1>&2
- exit 1
- fi
- wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
- wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz.asc
- gpg --recv-key 0xD3577507FA40E9E2
- # Dr Stephen Henson
- # IMPORTANT! Manually verify that this is the correct key ID:
- # http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xD3577507FA40E9E2
- # https://www.openssl.org/about/
- gpg --recv-key 0x520A9993A1C052F8
- # Maxim Dounin <mdounin@mdounin.ru>, nginx developer?
- gpg --recv-key 0xABF5BD827BD9BF62
- # nginx signing key
- # http://nginx.org/keys/nginx_signing.key
- # http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xABF5BD827BD9BF62
- gpg --verify openssl-1.0.1g.tar.gz.asc openssl-1.0.1g.tar.gz
- if [[ $? -eq 0 ]]; then
- tar xzvf openssl-1.0.1g.tar.gz
- cd openssl-1.0.1g && sudo ./config && sudo make && sudo make install
- # To link the old openssl library to a new version
- ln -sf /usr/local/ssl/bin/openssl `which openssl`
- cd ..
- # nginx
- wget http://nginx.org/download/nginx-1.4.7.tar.gz
- wget http://nginx.org/download/nginx-1.4.7.tar.gz.asc
- gpg --verify nginx-1.4.7.tar.gz.asc nginx-1.4.7.tar.gz
- if [[ $? -eq 0 ]]; then
- tar xzvf nginx-1.4.7.tar.gz
- cd nginx-1.4.7
- ./configure
- make
- echo
- echo "DONE!"
- fi
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
