blob: b36212cb6b52def31847bc7ac851a60c89d7a49e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
#!/bin/sh
#
# $NetBSD: pkgsrc.sh,v 1.1.2.2 2008/09/08 23:06:41 joerg Exp $
#
CA="openssl ca -config pkgsrc.cnf"
REQ="openssl req -config pkgsrc.cnf"
set -e
new_ca() {
if [ -f $1/serial ]; then
echo "CA already exists, exiting" >& 2
exit 1
fi
mkdir -p $1/certs $1/crl $1/newcerts $1/private
echo "00" > $1/serial
touch $1/index.txt
echo "Making CA certificate ..."
$REQ -new -keyout $1/private/cakey.pem \
-out $1/careq.pem
$CA -out $1/cacert.pem -batch \
-keyfile $1/private/cakey.pem -selfsign \
-infiles $1/careq.pem
}
new_pkgkey() {
$REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
$CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
rm pkgkey_req.pem
echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
}
new_pkgsec() {
$REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
$CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
rm pkgsec_req.pem
echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
}
usage() {
echo "$0:"
echo "setup - create new CA in ./pkgsrc for use by pkg_install"
echo "pkgkey - create and sign a certificate for binary packages"
echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
}
case "$1" in
setup)
new_ca ./pkgsrc
;;
pkgkey)
new_pkgkey
;;
pkgsec)
new_pkgsec
;;
*)
usage
;;
esac
|
