Allow definition of configuratino file and install default configuration file.

This commit is contained in:
DJ Lucas 2018-12-01 17:21:37 -06:00
parent b8603c3856
commit a3a5711466
4 changed files with 44 additions and 16 deletions

View File

@ -4,6 +4,7 @@
all bundles in same location
- Perform system installation of update service files
- Separate installation step for other consumers
- Install default configuration file
0.9 - Use P11-Kit trust module to generate alternate certificate stores
from trust policy
- Only generate the trust store (and optionally NSSDB and Java PKCS#12)

View File

@ -1,5 +1,6 @@
MANDIR=/usr/share/man
SBINDIR=/usr/sbin
ETCDIR=/etc
all: make_ca man
@ -19,10 +20,10 @@ clean_man:
rm -f make-ca.8
chmod 0644 help2man
install: all install_bin install_man install_systemd
install: all install_bin install_man install_systemd install_conf
install_bin:
/usr/bin/install -vdm755 $(DESTDIR)$(SBINDIR)
install -vdm755 $(DESTDIR)$(SBINDIR)
install -vm755 make-ca $(DESTDIR)$(SBINDIR)
install_systemd:
@ -35,9 +36,13 @@ install_systemd:
fi
install_man:
/usr/bin/install -vdm755 $(DESTDIR)$(MANDIR)/man8
install -vdm755 $(DESTDIR)$(MANDIR)/man8
install -vm644 make-ca.8 $(DESTDIR)$(MANDIR)/man8
install_conf:
install -vdm755 $(DESTDIR)$(ETCDIR)
install -vm644 make-ca.conf.dist $(DESTDIR)$(ETCDIR)
uninstall:
rm -f $(DESTDIR)$(SBINDIR)/make-ca
rm -f $(DESTDIR)$(MANDIR)/man8/make-ca.8

17
make-ca
View File

@ -7,12 +7,14 @@
#
# Authors: DJ Lucas
# Bruce Dubbs
# Graham Weldon
VERSION="1.0"
${MAKE_CA_CONF:="/etc/make-ca.conf"}
# Get/set defaults
if test -f /etc/make-ca.conf; then
. /etc/make-ca.conf
if test -f "${MAKE_CA_CONF}"; then
. "${MAKE_CA_CONF}"
else
CERTDATA="certdata.txt"
PKIDIR="/etc/pki"
@ -34,17 +36,6 @@ else
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
fi
# Source must be downloaded over https
# Valid urls for download are below
# Defualt to NSS release brach
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# Some data in the certs have UTF-8 characters
# It doesn't really matter which locale, change if you like
export LANG=en_US.utf8

31
make-ca.conf.dist Normal file
View File

@ -0,0 +1,31 @@
# Configuration file for make-ca
CERTDATA="certdata.txt"
PKIDIR="/etc/pki"
SSLDIR="/etc/ssl"
CERTUTIL="/usr/bin/certutil"
KEYTOOL="${JAVA_HOME}/bin/keytool"
OPENSSL="/usr/bin/openssl"
TRUST="/usr/bin/trust"
ANCHORDIR="${PKIDIR}/anchors"
BUNDLEDIR="${PKIDIR}/tls/certs"
CABUNDLE="${BUNDLEDIR}/ca-bundle.crt"
SMBUNDLE="${BUNDLEDIR}/email-ca-bundle.crt"
CSBUNDLE="${BUNDLEDIR}/objsign-ca-bundle.crt"
CERTDIR="${SSLDIR}/certs"
KEYSTORE="${PKIDIR}/tls/java"
NSSDB="${PKIDIR}/nssdb"
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
# Source must be downloaded over https
# Valid urls for download are below
# Defualt to NSS release brach
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
# https://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt