Annotation of pkgsrc/pkgtools/pkg_install/files/x509/pkgsrc.sh, Revision 1.2
1.2 ! joerg 1: #!/bin/sh
! 2: #
! 3: # $NetBSD: pkgsrc.sh,v 1.1.2.2 2008/09/08 23:06:41 joerg Exp $
! 4: #
! 5:
! 6: CA="openssl ca -config pkgsrc.cnf"
! 7: REQ="openssl req -config pkgsrc.cnf"
! 8:
! 9: set -e
! 10:
! 11: new_ca() {
! 12: if [ -f $1/serial ]; then
! 13: echo "CA already exists, exiting" >& 2
! 14: exit 1
! 15: fi
! 16:
! 17: mkdir -p $1/certs $1/crl $1/newcerts $1/private
! 18: echo "00" > $1/serial
! 19: touch $1/index.txt
! 20:
! 21: echo "Making CA certificate ..."
! 22: $REQ -new -keyout $1/private/cakey.pem \
! 23: -out $1/careq.pem
! 24: $CA -out $1/cacert.pem -batch \
! 25: -keyfile $1/private/cakey.pem -selfsign \
! 26: -infiles $1/careq.pem
! 27: }
! 28:
! 29: new_pkgkey() {
! 30: $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
! 31: $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
! 32: rm pkgkey_req.pem
! 33: echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
! 34: }
! 35:
! 36: new_pkgsec() {
! 37: $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
! 38: $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
! 39: rm pkgsec_req.pem
! 40: echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
! 41: }
! 42:
! 43: usage() {
! 44: echo "$0:"
! 45: echo "setup - create new CA in ./pkgsrc for use by pkg_install"
! 46: echo "pkgkey - create and sign a certificate for binary packages"
! 47: echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
! 48: }
! 49:
! 50: case "$1" in
! 51: setup)
! 52: new_ca ./pkgsrc
! 53: ;;
! 54: pkgkey)
! 55: new_pkgkey
! 56: ;;
! 57: pkgsec)
! 58: new_pkgsec
! 59: ;;
! 60: *)
! 61: usage
! 62: ;;
! 63: esac
CVSweb <webmaster@jp.NetBSD.org>