make-ca: use --filter=ca-anchors for all stores

Fixes #19.
This commit is contained in:
Xi Ruoyao 2022-01-09 00:00:22 +08:00
parent 6d1c729972
commit 151af87198
No known key found for this signature in database
GPG Key ID: D95E4716CCBB34DC
2 changed files with 7 additions and 6 deletions

View File

@ -1,3 +1,4 @@
1.10 - Use --filter=ca-anchors for all stores
1.9 - Guard overrides on first run to avoid error message 1.9 - Guard overrides on first run to avoid error message
- Move dist files to /etc/make-ca - Move dist files to /etc/make-ca
- Add distribution script to update CS.txt from CCADB - Add distribution script to update CS.txt from CCADB

12
make-ca
View File

@ -11,7 +11,7 @@
shopt -s extglob; shopt -s extglob;
VERSION="1.9" VERSION="1.10"
MAKE_CA_CONF="/etc/make-ca.conf" MAKE_CA_CONF="/etc/make-ca.conf"
# Get/set defaults # Get/set defaults
@ -940,27 +940,27 @@ rm -rf "${TEMPDIR}"
install -dm755 "${DESTDIR}${CERTDIR}" "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}" install -dm755 "${DESTDIR}${CERTDIR}" "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
echo "Extracting OpenSSL certificates to:" echo "Extracting OpenSSL certificates to:"
echo -n "${DESTDIR}${CERTDIR}..." echo -n "${DESTDIR}${CERTDIR}..."
"${TRUST}" extract --filter=certificates --format=openssl-directory \ "${TRUST}" extract --filter=ca-anchors --format=openssl-directory \
--overwrite --comment "${DESTDIR}${CERTDIR}" \ --overwrite --comment "${DESTDIR}${CERTDIR}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo "Extracting GNUTLS server auth certificates to:" echo "Extracting GNUTLS server auth certificates to:"
echo -n "${DESTDIR}${CABUNDLE}..." echo -n "${DESTDIR}${CABUNDLE}..."
"${TRUST}" extract --filter=certificates --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \ --purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo "Extracting GNUTLS S-Mime certificates to:" echo "Extracting GNUTLS S-Mime certificates to:"
echo -n "${DESTDIR}${SMBUNDLE}..." echo -n "${DESTDIR}${SMBUNDLE}..."
"${TRUST}" extract --filter=certificates --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \ --purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo "Extracting GNUTLS code signing certificates to:" echo "Extracting GNUTLS code signing certificates to:"
echo -n "${DESTDIR}${CSBUNDLE}..." echo -n "${DESTDIR}${CSBUNDLE}..."
"${TRUST}" extract --filter=certificates --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose code-signing --overwrite --comment \ --purpose code-signing --overwrite --comment \
"${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!" "${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
echo "Extracting Java cacerts (JKS) to:" echo "Extracting Java cacerts (JKS) to:"
echo -n "${DESTDIR}${KEYSTORE}/cacerts..." echo -n "${DESTDIR}${KEYSTORE}/cacerts..."
"${TRUST}" extract --filter=certificates --format=java-cacerts \ "${TRUST}" extract --filter=ca-anchors --format=java-cacerts \
--purpose server-auth --overwrite \ --purpose server-auth --overwrite \
--comment "${DESTDIR}${KEYSTORE}/cacerts" \ --comment "${DESTDIR}${KEYSTORE}/cacerts" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"