Annotation of src/external/bsd/pkg_install/dist/x509/pkgsrc.sh, Revision 1.2
1.1 joerg 1: #!/bin/sh
2: #
3: # $NetBSD: pkgsrc.sh,v 1.2 2009/02/02 12:49:16 joerg Exp $
4: #
5:
6: CA="openssl ca -config pkgsrc.cnf"
7: REQ="openssl req -config pkgsrc.cnf"
8:
9: set -e
10:
11: new_ca() {
12: if [ -f $1/serial ]; then
13: echo "CA already exists, exiting" >& 2
14: exit 1
15: fi
16:
17: mkdir -p $1/certs $1/crl $1/newcerts $1/private
18: echo "00" > $1/serial
19: touch $1/index.txt
20:
21: echo "Making CA certificate ..."
22: $REQ -new -keyout $1/private/cakey.pem \
23: -out $1/careq.pem
24: $CA -out $1/cacert.pem -batch \
25: -keyfile $1/private/cakey.pem -selfsign \
26: -infiles $1/careq.pem
27: }
28:
29: new_pkgkey() {
30: $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
31: $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
32: rm pkgkey_req.pem
33: echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
34: }
35:
36: new_pkgsec() {
37: $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
38: $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
39: rm pkgsec_req.pem
40: echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
41: }
42:
43: usage() {
44: echo "$0:"
45: echo "setup - create new CA in ./pkgsrc for use by pkg_install"
46: echo "pkgkey - create and sign a certificate for binary packages"
47: echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
48: }
49:
50: case "$1" in
51: setup)
52: new_ca ./pkgsrc
53: ;;
54: pkgkey)
55: new_pkgkey
56: ;;
57: pkgsec)
58: new_pkgsec
59: ;;
60: *)
61: usage
62: ;;
63: esac
CVSweb <webmaster@jp.NetBSD.org>