From c02dd19221266113b797f10a41cd2093ea3954f2 Mon Sep 17 00:00:00 2001 From: DJ Lucas Date: Wed, 20 Sep 2017 22:29:03 -0500 Subject: [PATCH] Install source certdata.txt file Provide -r/--rebuild option --- CHANGELOG | 2 ++ make-ca | 50 +++++++++++++++++++++++++++++++++++++++----------- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8601208..393a9c0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,5 @@ +0.2 - Install source certdata.txt file + - Provide rebuild option 0.1 - Check executable bit for CERTUTIL, KEYTOOL, and OPENSSL - Allow global configuration file - Use correct license text (MIT) diff --git a/make-ca b/make-ca index ad0d232..f4edba8 100644 --- a/make-ca +++ b/make-ca @@ -38,15 +38,27 @@ TEMPDIR=$(mktemp -d) WORKDIR="${TEMPDIR}/work" WITH_NSS=1 WITH_JAVA=1 +CERTDATAY=0 FORCE=0 +REBUILD=0 function get_args(){ while test -n "${1}" ; do case "${1}" in -C | --certdata) - check_arg $1 $2 - CERTDATA="${2}" - shift 2 + if test "${REBUILD}" == "0"; then + check_arg $1 $2 + CERTDATA="${2}" + CERTDATAY="1" + shift 2 + else + echo "Error: ${1} cannot be used with the -r/--rebuild switch." + exit 3 + fi + if test ! -f "${CERTDATA}"; then + echo "Error: ${CERTDATA} not found!" + exit 3 + fi ;; -D | --destdir) check_arg $1 $2 @@ -149,6 +161,20 @@ function get_args(){ KEYTOOL="${2}" shift 2 ;; + -r | --rebuild) + if test "${CERTDATAY}" == "0"; then + REBUILD="1" + shift 1 + else + echo "Error: ${1} cannot be used with the -C/--certdata switch." + exit 3 + fi + CERTDATA="${SSLDIR}/certdata.txt" + if test ! -f "${CERTDATA}"; then + echo "Error: ${CERTDATA} not found!" + exit 3 + fi + ;; -s | --openssl) check_arg $1 $2 OPENSSL="${2}" @@ -231,6 +257,9 @@ function showhelp(){ echo "" echo " -k --keytool The path to the java keytool utility" echo "" + echo " -r --rebuild Rebuild the enitre PKI tree using the previous" + echo " certdata.txt file." + echo "" echo " -s --openssl The path to the openssl utility" echo "" echo " -t --certutil The path the certutil utility" @@ -340,12 +369,6 @@ get-p11-val() { # Process command line arguments get_args $@ -if test ! -r "${CERTDATA}"; then - echo "${CERTDATA} was not found. The certdata.txt file must be in the local" - echo "directory, or speficied with the --certdata switch." - exit 1 -fi - test -x "${CERTUTIL}" || WITH_NSS=0 test -x "${KEYTOOL}" || WITH_JAVA=0 test ! -x "${OPENSSL}" && echo "OpenSSL not found at ${OPENSSL}. Exiting..." && @@ -523,9 +546,9 @@ unset tempfile # Sanity check count=$(ls "${TEMPDIR}"/ssl/certs/*.pem | wc -l) -# Historically there have been between 152 and 165 certs +# Historically there have been between 152 and 190 certs # A minimum of 140 should be safe for a rudimentry sanity check -if test "${count}" -lt "140" ; then +if test "${count}" -lt "150" ; then echo "Error! Only ${count} certificates were generated!" echo "Exiting without update!" echo "" @@ -534,6 +557,11 @@ if test "${count}" -lt "140" ; then fi unset count +# Install certdata.txt +if test "${REBUILD}" == "0"; then + install -vm644 "${CERTDATA}" "${DESTDIR}${SSLDIR}" +fi + # Generate the bundle bundlefile=`basename "${CABUNDLE}"` bundledir=`echo "${CABUNDLE}" | sed "s@/${bundlefile}@@"`