[BACK]Return to pkgsrc.sh CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / external / bsd / pkg_install / dist / x509

Annotation of src/external/bsd/pkg_install/dist/x509/pkgsrc.sh, Revision 1.2

1.1       joerg       1: #!/bin/sh
                      2: #
                      3: # $NetBSD: pkgsrc.sh,v 1.2 2009/02/02 12:49:16 joerg Exp $
                      4: #
                      5:
                      6: CA="openssl ca -config pkgsrc.cnf"
                      7: REQ="openssl req -config pkgsrc.cnf"
                      8:
                      9: set -e
                     10:
                     11: new_ca() {
                     12:        if [ -f $1/serial ]; then
                     13:                echo "CA already exists, exiting" >& 2
                     14:                exit 1
                     15:        fi
                     16:
                     17:        mkdir -p $1/certs $1/crl $1/newcerts $1/private
                     18:        echo "00" > $1/serial
                     19:        touch $1/index.txt
                     20:
                     21:        echo "Making CA certificate ..."
                     22:        $REQ -new -keyout $1/private/cakey.pem \
                     23:                   -out $1/careq.pem
                     24:        $CA -out $1/cacert.pem -batch \
                     25:                   -keyfile $1/private/cakey.pem -selfsign \
                     26:                   -infiles $1/careq.pem
                     27: }
                     28:
                     29: new_pkgkey() {
                     30:        $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
                     31:        $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
                     32:        rm pkgkey_req.pem
                     33:        echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
                     34: }
                     35:
                     36: new_pkgsec() {
                     37:        $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
                     38:        $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
                     39:        rm pkgsec_req.pem
                     40:        echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
                     41: }
                     42:
                     43: usage() {
                     44:        echo "$0:"
                     45:        echo "setup - create new CA in ./pkgsrc for use by pkg_install"
                     46:        echo "pkgkey - create and sign a certificate for binary packages"
                     47:        echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
                     48: }
                     49:
                     50: case "$1" in
                     51: setup)
                     52:        new_ca ./pkgsrc
                     53:        ;;
                     54: pkgkey)
                     55:        new_pkgkey
                     56:        ;;
                     57: pkgsec)
                     58:        new_pkgsec
                     59:        ;;
                     60: *)
                     61:        usage
                     62:        ;;
                     63: esac

CVSweb <webmaster@jp.NetBSD.org>