[BACK]Return to pkgsrc.sh CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install / files / x509

Annotation of pkgsrc/pkgtools/pkg_install/files/x509/pkgsrc.sh, Revision 1.2

1.2     ! joerg       1: #!/bin/sh
        !             2: #
        !             3: # $NetBSD: pkgsrc.sh,v 1.1.2.2 2008/09/08 23:06:41 joerg Exp $
        !             4: #
        !             5:
        !             6: CA="openssl ca -config pkgsrc.cnf"
        !             7: REQ="openssl req -config pkgsrc.cnf"
        !             8:
        !             9: set -e
        !            10:
        !            11: new_ca() {
        !            12:        if [ -f $1/serial ]; then
        !            13:                echo "CA already exists, exiting" >& 2
        !            14:                exit 1
        !            15:        fi
        !            16:
        !            17:        mkdir -p $1/certs $1/crl $1/newcerts $1/private
        !            18:        echo "00" > $1/serial
        !            19:        touch $1/index.txt
        !            20:
        !            21:        echo "Making CA certificate ..."
        !            22:        $REQ -new -keyout $1/private/cakey.pem \
        !            23:                   -out $1/careq.pem
        !            24:        $CA -out $1/cacert.pem -batch \
        !            25:                   -keyfile $1/private/cakey.pem -selfsign \
        !            26:                   -infiles $1/careq.pem
        !            27: }
        !            28:
        !            29: new_pkgkey() {
        !            30:        $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
        !            31:        $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
        !            32:        rm pkgkey_req.pem
        !            33:        echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
        !            34: }
        !            35:
        !            36: new_pkgsec() {
        !            37:        $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
        !            38:        $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
        !            39:        rm pkgsec_req.pem
        !            40:        echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
        !            41: }
        !            42:
        !            43: usage() {
        !            44:        echo "$0:"
        !            45:        echo "setup - create new CA in ./pkgsrc for use by pkg_install"
        !            46:        echo "pkgkey - create and sign a certificate for binary packages"
        !            47:        echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
        !            48: }
        !            49:
        !            50: case "$1" in
        !            51: setup)
        !            52:        new_ca ./pkgsrc
        !            53:        ;;
        !            54: pkgkey)
        !            55:        new_pkgkey
        !            56:        ;;
        !            57: pkgsec)
        !            58:        new_pkgsec
        !            59:        ;;
        !            60: *)
        !            61:        usage
        !            62:        ;;
        !            63: esac

CVSweb <webmaster@jp.NetBSD.org>