From 74be5b2754509a8fc9fb4d17a4df6a13a48dae14 Mon Sep 17 00:00:00 2001 From: Kyle Nusbaum Date: Wed, 4 Sep 2019 11:20:59 -0500 Subject: [PATCH] Allow generation of certs in DESTDIR. --- make-ca | 50 ++++++++++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/make-ca b/make-ca index 2bb16cf..5581a10 100644 --- a/make-ca +++ b/make-ca @@ -818,32 +818,30 @@ popd rm -rf "${TEMPDIR}" # Build ANCHORLIST -"${MD5SUM}" "${ANCHORDIR}"/*.pem > "${ANCHORLIST}" +"${MD5SUM}" "${DESTDIR}${ANCHORDIR}"/*.pem > "${DESTDIR}${ANCHORLIST}" -# Build alternate formats using p11-kit trust (if not using DESTDIR) -if test "x${DESTDIR}" == "x"; then - mkdir -p "${BUNDLEDIR}" "${KEYSTORE}" - echo -n "Extracting OpenSSL certificates to ${CERTDIR}..." - "${TRUST}" extract --filter=certificates --format=openssl-directory \ - --overwrite --comment "${CERTDIR}" \ - && echo "Done!" || echo "Failed!!!" - echo -n "Extracting GNUTLS server auth certificates to ${CABUNDLE}..." - "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ - --purpose server-auth --overwrite --comment "${CABUNDLE}" \ - && echo "Done!" || echo "Failed!!!" - echo -n "Extracting GNUTLS S-Mime certificates to ${SMBUNDLE}..." - "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ - --purpose email --overwrite --comment "${SMBUNDLE}" \ - && echo "Done!" || echo "Failed!!!" - echo -n "Extracting GNUTLS code signing certificates to ${CSBUNDLE}..." - "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ - --purpose code-signing --overwrite --comment \ - "${CSBUNDLE}" && echo "Done!" || echo "Failed!!!" - echo -n "Extracting Java cacerts (JKS) to ${KEYSTORE}/cacerts..." - "${TRUST}" extract --filter=ca-anchors --format=java-cacerts \ - --purpose server-auth --overwrite \ - --comment "${KEYSTORE}/cacerts" \ - && echo "Done!" || echo "Failed!!!" -fi +# Build alternate formats using p11-kit trust +mkdir -p "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}" +echo -n "Extracting OpenSSL certificates to ${DESTDIR}${CERTDIR}..." +"${TRUST}" extract --filter=certificates --format=openssl-directory \ + --overwrite --comment "${DESTDIR}${CERTDIR}" \ + && echo "Done!" || echo "Failed!!!" +echo -n "Extracting GNUTLS server auth certificates to ${DESTDIR}${CABUNDLE}..." +"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ + --purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \ + && echo "Done!" || echo "Failed!!!" +echo -n "Extracting GNUTLS S-Mime certificates to ${DESTDIR}${SMBUNDLE}..." +"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ + --purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \ + && echo "Done!" || echo "Failed!!!" +echo -n "Extracting GNUTLS code signing certificates to ${DESTDIR}${CSBUNDLE}..." +"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ + --purpose code-signing --overwrite --comment \ + "${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!" +echo -n "Extracting Java cacerts (JKS) to ${DESTDIR}${KEYSTORE}/cacerts..." +"${TRUST}" extract --filter=ca-anchors --format=java-cacerts \ + --purpose server-auth --overwrite \ + --comment "${DESTDIR}${KEYSTORE}/cacerts" \ + && echo "Done!" || echo "Failed!!!" # End /usr/sbin/make-ca