[BACK]Return to pkgsrc.sh CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install / files / x509

File: [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install / files / x509 / pkgsrc.sh (download)

Revision 1.2, Mon Feb 2 12:49:16 2009 UTC (13 years, 6 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4, pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, HEAD
Changes since 1.1: +63 -0 lines

Merge x509 setup and documentation from pkg_install-renovation.

# $NetBSD: pkgsrc.sh,v 1.2 2009/02/02 12:49:16 joerg Exp $

CA="openssl ca -config pkgsrc.cnf"
REQ="openssl req -config pkgsrc.cnf"

set -e

new_ca() {
	if [ -f $1/serial ]; then
		echo "CA already exists, exiting" >& 2
		exit 1

	mkdir -p $1/certs $1/crl $1/newcerts $1/private
	echo "00" > $1/serial
	touch $1/index.txt

	echo "Making CA certificate ..."
	$REQ -new -keyout $1/private/cakey.pem \
		   -out $1/careq.pem
	$CA -out $1/cacert.pem -batch \
		   -keyfile $1/private/cakey.pem -selfsign \
		   -infiles $1/careq.pem

new_pkgkey() {
	$REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
	$CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
	rm pkgkey_req.pem
	echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"

new_pkgsec() {
	$REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
	$CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
	rm pkgsec_req.pem
	echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"

usage() {
	echo "$0:"
	echo "setup - create new CA in ./pkgsrc for use by pkg_install"
	echo "pkgkey - create and sign a certificate for binary packages"
	echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"

case "$1" in
	new_ca ./pkgsrc