1#!/bin/sh 2# 3# $NetBSD: pkgsrc.sh,v 1.2 2017/04/20 13:18:23 joerg Exp $ 4# 5 6CA="openssl ca -config pkgsrc.cnf" 7REQ="openssl req -config pkgsrc.cnf" 8 9set -e 10 11new_ca() { 12 if [ -f $1/serial ]; then 13 echo "CA already exists, exiting" >& 2 14 exit 1 15 fi 16 17 mkdir -p $1/certs $1/crl $1/newcerts $1/private 18 echo "00" > $1/serial 19 touch $1/index.txt 20 21 echo "Making CA certificate ..." 22 $REQ -new -keyout $1/private/cakey.pem \ 23 -out $1/careq.pem 24 $CA -out $1/cacert.pem -batch \ 25 -keyfile $1/private/cakey.pem -selfsign \ 26 -infiles $1/careq.pem 27} 28 29new_pkgkey() { 30 $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem 31 $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem 32 rm pkgkey_req.pem 33 echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem" 34} 35 36new_pkgsec() { 37 $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem 38 $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem 39 rm pkgsec_req.pem 40 echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem" 41} 42 43usage() { 44 echo "$0:" 45 echo "setup - create new CA in ./pkgsrc for use by pkg_install" 46 echo "pkgkey - create and sign a certificate for binary packages" 47 echo "pkgsec - create and sign a certificate for pkg-vulnerabilities" 48} 49 50case "$1" in 51setup) 52 new_ca ./pkgsrc 53 ;; 54pkgkey) 55 new_pkgkey 56 ;; 57pkgsec) 58 new_pkgsec 59 ;; 60*) 61 usage 62 ;; 63esac 64