Merge pull request #3 from knusbaum/master

make-ca: Allow generation of certs in DESTDIR.
This commit is contained in:
DJ Lucas 2019-09-04 19:36:15 -05:00 committed by GitHub
commit aa68b77848
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

38
make-ca
View File

@ -818,32 +818,30 @@ popd
rm -rf "${TEMPDIR}" rm -rf "${TEMPDIR}"
# Build ANCHORLIST # Build ANCHORLIST
"${MD5SUM}" "${ANCHORDIR}"/*.pem > "${ANCHORLIST}" "${MD5SUM}" "${DESTDIR}${ANCHORDIR}"/*.pem > "${DESTDIR}${ANCHORLIST}"
# Build alternate formats using p11-kit trust (if not using DESTDIR) # Build alternate formats using p11-kit trust
if test "x${DESTDIR}" == "x"; then mkdir -p "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
mkdir -p "${BUNDLEDIR}" "${KEYSTORE}" echo -n "Extracting OpenSSL certificates to ${DESTDIR}${CERTDIR}..."
echo -n "Extracting OpenSSL certificates to ${CERTDIR}..." "${TRUST}" extract --filter=certificates --format=openssl-directory \
"${TRUST}" extract --filter=certificates --format=openssl-directory \ --overwrite --comment "${DESTDIR}${CERTDIR}" \
--overwrite --comment "${CERTDIR}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS server auth certificates to ${CABUNDLE}..." echo -n "Extracting GNUTLS server auth certificates to ${DESTDIR}${CABUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose server-auth --overwrite --comment "${CABUNDLE}" \ --purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS S-Mime certificates to ${SMBUNDLE}..." echo -n "Extracting GNUTLS S-Mime certificates to ${DESTDIR}${SMBUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose email --overwrite --comment "${SMBUNDLE}" \ --purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS code signing certificates to ${CSBUNDLE}..." echo -n "Extracting GNUTLS code signing certificates to ${DESTDIR}${CSBUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \ "${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose code-signing --overwrite --comment \ --purpose code-signing --overwrite --comment \
"${CSBUNDLE}" && echo "Done!" || echo "Failed!!!" "${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
echo -n "Extracting Java cacerts (JKS) to ${KEYSTORE}/cacerts..." echo -n "Extracting Java cacerts (JKS) to ${DESTDIR}${KEYSTORE}/cacerts..."
"${TRUST}" extract --filter=ca-anchors --format=java-cacerts \ "${TRUST}" extract --filter=ca-anchors --format=java-cacerts \
--purpose server-auth --overwrite \ --purpose server-auth --overwrite \
--comment "${KEYSTORE}/cacerts" \ --comment "${DESTDIR}${KEYSTORE}/cacerts" \
&& echo "Done!" || echo "Failed!!!" && echo "Done!" || echo "Failed!!!"
fi
# End /usr/sbin/make-ca # End /usr/sbin/make-ca