OpenPKG CVS Repository http://cvs.openpkg.org/ ____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall Root: /v/openpkg/cvs Email: [email protected] Module: openpkg-src Date: 25-Jan-2009 19:28:10 Branch: HEAD Handle: 2009012518280900 Modified files: openpkg-src/x509 x509-example.sh x509-util.sh x509.spec Log: add x509-util script Summary: Revision Changes Path 1.3 +3 -3 openpkg-src/x509/x509-example.sh 1.2 +22 -21 openpkg-src/x509/x509-util.sh 1.3 +7 -2 openpkg-src/x509/x509.spec ____________________________________________________________________________ patch -p0 <<'@@ .' Index: openpkg-src/x509/x509-example.sh ============================================================================ $ cvs diff -u -r1.2 -r1.3 x509-example.sh --- openpkg-src/x509/x509-example.sh 25 Jan 2009 18:08:02 -0000 1.2 +++ openpkg-src/x509/x509-example.sh 25 Jan 2009 18:28:09 -0000 1.3 @@ -1,11 +1,11 @@ #!/bin/sh ./x509-util.sh /openpkg-dev example example example.com "Example Corporation" 3650 1 1 1 -( cd dat - for pem in *.pem; do +( for pem in *.pem; do txt=`echo $pem | sed -e 's;\.pem$;.txt;'` echo "<file name=\"$pem\">" cat $txt $pem echo "</file>" done ) >x509-example.txt -rm -rf dat +rm -f example-*.pem +rm -f example-*.txt @@ . patch -p0 <<'@@ .' Index: openpkg-src/x509/x509-util.sh ============================================================================ $ cvs diff -u -r1.1 -r1.2 x509-util.sh --- openpkg-src/x509/x509-util.sh 25 Jan 2009 18:05:08 -0000 1.1 +++ openpkg-src/x509/x509-util.sh 25 Jan 2009 18:28:09 -0000 1.2 @@ -20,7 +20,7 @@ ## # configuration -prefix="${1-/openpkg}" +prefix="$...@l_prefix@}" tag="${2-snakeoil}" password="${3-snakeoil}" domain="${4-snakeoil.invalid}" @@ -29,6 +29,7 @@ num_server="${7-2}" num_client="${8-4}" num_object="${9-4}" +outdir="." # display processing information echo "++ creating CSP environment" @@ -38,7 +39,7 @@ ln -s $prefix/etc/csp etc mkdir csp $prefix/bin/csp $tag create -mkdir dat 2>/dev/null || true +mkdir $outdir 2>/dev/null || true # optionally adjust configuration $prefix/bin/shtool subst -q \ @@ -56,20 +57,20 @@ # make all files available under common path echo "-- $tag-ca.key.pem" -cp csp/$tag/private/ca.key dat/$tag-ca.key.pem +cp csp/$tag/private/ca.key $outdir/$tag-ca.key.pem echo "-- $tag-ca.crt.pem" -cp csp/$tag/ca.crt dat/$tag-ca.crt.pem +cp csp/$tag/ca.crt $outdir/$tag-ca.crt.pem # provide textual presentations echo "-- $tag-ca.key.txt" $prefix/bin/openssl rsa \ - -in dat/$tag-ca.key.pem -passin pass:$password \ - -out dat/$tag-ca.key.txt \ + -in $outdir/$tag-ca.key.pem -passin pass:$password \ + -out $outdir/$tag-ca.key.txt \ -noout -text echo "-- $tag-ca.crt.txt" $prefix/bin/openssl x509 \ - -in dat/$tag-ca.crt.pem \ - -out dat/$tag-ca.crt.txt \ + -in $outdir/$tag-ca.crt.pem \ + -out $outdir/$tag-ca.crt.txt \ -noout -text # generate regular private keys and certificates @@ -91,45 +92,45 @@ department=`perl -e 'printf("%s%s", uc(substr($ARGV[0], 0, 1)), substr($ARGV[0], 1));' $type` keysize=1024; if [ ".$type" = .server ]; then keysize=2048; fi $prefix/bin/csp $tag request \ - --csrfile=dat/$tag-$name.csr.pem \ - --keyfile=dat/$tag-$name.key.pem \ + --csrfile=$outdir/$tag-$name.csr.pem \ + --keyfile=$outdir/$tag-$name.key.pem \ --keysize=$keysize --keypass=$password \ "CN=$name.$domain, OU=$department, O=$organization" # generate server certificate echo "-- $tag-$name.crt.pem" echo "y" | $prefix/bin/csp $tag sign \ - --csrfile=dat/$tag-$name.csr.pem \ + --csrfile=$outdir/$tag-$name.csr.pem \ --type=$type --days=$lifetime --capass=$password >/dev/null # cleanup by removing certificate request - rm -f dat/$tag-$name.csr.pem + rm -f $outdir/$tag-$name.csr.pem # make all files available under common path idx=`expr $idx + 1` cp csp/$tag/certs/`echo . | awk '{ printf("%02X", idx); }' idx=$idx`.pem \ - dat/$tag-$name.crt.pem + $outdir/$tag-$name.crt.pem # provide textual presentations echo "-- $tag-$name.key.txt" $prefix/bin/openssl rsa \ - -in dat/$tag-$name.key.pem -passin pass:$password \ - -out dat/$tag-$name.key.txt \ + -in $outdir/$tag-$name.key.pem -passin pass:$password \ + -out $outdir/$tag-$name.key.txt \ -noout -text echo "-- $tag-$name.crt.txt" $prefix/bin/openssl x509 \ - -in dat/$tag-$name.crt.pem \ - -out dat/$tag-$name.crt.txt \ + -in $outdir/$tag-$name.crt.pem \ + -out $outdir/$tag-$name.crt.txt \ -noout -text # make server private key insecure but necessarily unprotected # for unattended use by a server daemon if [ ".$type" = .server ]; then $prefix/bin/openssl rsa \ - -in dat/$tag-$name.key.pem -passin pass:$password \ - -out dat/$tag-$name.key.pem.new 2>/dev/null - mv dat/$tag-$name.key.pem.new \ - dat/$tag-$name.key.pem + -in $outdir/$tag-$name.key.pem -passin pass:$password \ + -out $outdir/$tag-$name.key.pem.new 2>/dev/null + mv $outdir/$tag-$name.key.pem.new \ + $outdir/$tag-$name.key.pem fi done done @@ . patch -p0 <<'@@ .' Index: openpkg-src/x509/x509.spec ============================================================================ $ cvs diff -u -r1.2 -r1.3 x509.spec --- openpkg-src/x509/x509.spec 25 Jan 2009 18:05:08 -0000 1.2 +++ openpkg-src/x509/x509.spec 25 Jan 2009 18:28:09 -0000 1.3 @@ -66,15 +66,20 @@ %build # just make linting happy ;-) - cat %{SOURCE x509-ca.sh} %{SOURCE x509-ca.pl} >/dev/null - cat %{SOURCE x509-example.sh} %{SOURCE x509-util.sh} >/dev/null + cat %{SOURCE x509-ca.sh} %{SOURCE x509-ca.pl} %{SOURCE x509-example.sh} >/dev/null %install # create installation area rm -rf $RPM_BUILD_ROOT %{l_shtool} mkdir -f -p -m 755 \ + $RPM_BUILD_ROOT%{l_prefix}/bin \ $RPM_BUILD_ROOT%{l_prefix}/etc/x509 + # install X.509 utility + %{l_shtool} install -c -m 755 %{l_value -s -a} \ + %{SOURCE x509-util.sh} \ + $RPM_BUILD_ROOT%{l_prefix}/bin/x509-util + # install public CA certificate bundle %{l_shtool} install -c -m 644 \ %{SOURCE x509-ca.crt} \ @@ . ______________________________________________________________________ OpenPKG http://openpkg.org CVS Repository Commit List [email protected]
