Improve the process for GNU tools
[minix3.git] / external / bsd / pkg_install / dist / x509 / pkgsrc.sh
blobaab77c8032554a55bae2ae233db0f0c10b3b210c
1 #!/bin/sh
3 # $NetBSD: pkgsrc.sh,v 1.1.1.1 2009/02/02 20:44:09 joerg Exp $
6 CA="openssl ca -config pkgsrc.cnf"
7 REQ="openssl req -config pkgsrc.cnf"
9 set -e
11 new_ca() {
12 if [ -f $1/serial ]; then
13 echo "CA already exists, exiting" >& 2
14 exit 1
17 mkdir -p $1/certs $1/crl $1/newcerts $1/private
18 echo "00" > $1/serial
19 touch $1/index.txt
21 echo "Making CA certificate ..."
22 $REQ -new -keyout $1/private/cakey.pem \
23 -out $1/careq.pem
24 $CA -out $1/cacert.pem -batch \
25 -keyfile $1/private/cakey.pem -selfsign \
26 -infiles $1/careq.pem
29 new_pkgkey() {
30 $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
31 $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
32 rm pkgkey_req.pem
33 echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
36 new_pkgsec() {
37 $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
38 $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
39 rm pkgsec_req.pem
40 echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
43 usage() {
44 echo "$0:"
45 echo "setup - create new CA in ./pkgsrc for use by pkg_install"
46 echo "pkgkey - create and sign a certificate for binary packages"
47 echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
50 case "$1" in
51 setup)
52 new_ca ./pkgsrc
54 pkgkey)
55 new_pkgkey
57 pkgsec)
58 new_pkgsec
61 usage
63 esac