external/bsd/pkg_install/dist/x509/pkgsrc.sh

   1 #!/bin/sh
   2 #
   3 # $NetBSD: pkgsrc.sh,v 1.2 2009/02/02 12:49:16 joerg Exp $
   4 #
   5
   6 CA="openssl ca -config pkgsrc.cnf"
   7 REQ="openssl req -config pkgsrc.cnf"
   8
   9 set -e
  10
  11 new_ca() {
  12         if [ -f $1/serial ]; then
  13                 echo "CA already exists, exiting" >& 2
  14                 exit 1
  15         fi
  16
  17         mkdir -p $1/certs $1/crl $1/newcerts $1/private
  18         echo "00" > $1/serial
  19         touch $1/index.txt
  20
  21         echo "Making CA certificate ..."
  22         $REQ -new -keyout $1/private/cakey.pem \
  23                    -out $1/careq.pem
  24         $CA -out $1/cacert.pem -batch \
  25                    -keyfile $1/private/cakey.pem -selfsign \
  26                    -infiles $1/careq.pem
  27 }
  28
  29 new_pkgkey() {
  30         $REQ -new -keyout pkgkey_key.pem -out pkgkey_req.pem
  31         $CA -extensions pkgkey -policy policy_match -out pkgkey_cert.pem -infiles pkgkey_req.pem
  32         rm pkgkey_req.pem
  33         echo "Signed certificate is in pkgkey_cert.pem, key in pkgkey_key.pem"
  34 }
  35
  36 new_pkgsec() {
  37         $REQ -new -keyout pkgsec_key.pem -out pkgsec_req.pem
  38         $CA -extensions pkgsec -policy policy_match -out pkgsec_cert.pem -infiles pkgsec_req.pem
  39         rm pkgsec_req.pem
  40         echo "Signed certificate is in pkgsec_cert.pem, key in pkgsec_key.pem"
  41 }
  42
  43 usage() {
  44         echo "$0:"
  45         echo "setup - create new CA in ./pkgsrc for use by pkg_install"
  46         echo "pkgkey - create and sign a certificate for binary packages"
  47         echo "pkgsec - create and sign a certificate for pkg-vulnerabilities"
  48 }
  49
  50 case "$1" in
  51 setup)
  52         new_ca ./pkgsrc
  53         ;;
  54 pkgkey)
  55         new_pkgkey
  56         ;;
  57 pkgsec)
  58         new_pkgsec
  59         ;;
  60 *)
  61         usage
  62         ;;
  63 esac