Remove use of .old files/directories

Fix argument for catrust/smtrust in java cacerts logic.
This commit is contained in:
DJ Lucas 2018-02-18 20:35:03 -06:00
parent 0baf68696f
commit c7720cf468
2 changed files with 16 additions and 26 deletions

View File

@ -1,5 +1,6 @@
0.7 - Generate both PKCS#12 and JKS stores for Java 0.7 - Generate both PKCS#12 and JKS stores for Java
- Local certs keep out of band trust when copied to system certs - Local certs keep out of band trust when copied to system certs
- Remove use of .old files/directories
0.6 - Allow use of proxy with OpenSSL s_client 0.6 - Allow use of proxy with OpenSSL s_client
- Really check revision before download - Really check revision before download
- Make sure download was successful before testing values - Make sure download was successful before testing values

41
make-ca
View File

@ -618,7 +618,7 @@ for tempfile in ${TEMPDIR}/certs/*.tmp; do
EKU="" EKU=""
EKUVAL="" EKUVAL=""
if test "${satrust}" == "C"; then EKU="serverAuth"; fi if test "${satrust}" == "C"; then EKU="serverAuth"; fi
if test "${catrust}" == "C"; then if test "${smtrust}" == "C"; then
if test "${EKU}" == ""; then if test "${EKU}" == ""; then
EKU="clientAuth" EKU="clientAuth"
else else
@ -674,34 +674,27 @@ if test "${WITH_NSS}" == "1"; then
-e 's/library=/library=libnsssysinit.so/' \ -e 's/library=/library=libnsssysinit.so/' \
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \ -e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt" -i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
test -d "${DESTDIR}${NSSDB}" && mv "${DESTDIR}${NSSDB}" \ test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
"${DESTDIR}${NSSDB}.old"
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \ install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
"${DESTDIR}${NSSDB}" && "${DESTDIR}${NSSDB}"
rm -rf "${DESTDIR}${NSSDB}.old"
fi fi
# Install anchors in $ANCHORDIR # Install anchors in $ANCHORDIR
test -d "${DESTDIR}${ANCHORDIR}" && mv "${DESTDIR}${ANCHORDIR}"\ test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
"${DESTDIR}${ANCHORDIR}.old"
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}" && install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
rm -rf "${DESTDIR}${ANCHORDIR}.old"
# Install certificates in $CERTDIR # Install certificates in $CERTDIR
test -d "${DESTDIR}${CERTDIR}" && mv "${DESTDIR}${CERTDIR}" \ test -d "${DESTDIR}${CERTDIR}" && rm -rf "${DESTDIR}${CERTDIR}"
"${DESTDIR}${CERTDIR}.old"
install -dm755 "${DESTDIR}${CERTDIR}" 2>&1>/dev/null install -dm755 "${DESTDIR}${CERTDIR}" 2>&1>/dev/null
install -m644 "${TEMPDIR}"/ssl/certs/*.pem "${DESTDIR}${CERTDIR}" && install -m644 "${TEMPDIR}"/ssl/certs/*.pem "${DESTDIR}${CERTDIR}"
rm -rf "${DESTDIR}${CERTDIR}.old"
# Install Java cacerts.p12 in ${KEYSTORE} # Install Java cacerts.p12 in ${KEYSTORE}
test -f "${DESTDIR}${KEYSTORE}/cacerts.p12" && test -f "${DESTDIR}${KEYSTORE}/cacerts.p12" &&
mv "${DESTDIR}${KEYSTORE}/cacerts.p12{,.old}" rm -f "${DESTDIR}${KEYSTORE}/cacerts.p12"
install -dm755 "${DESTDIR}${KEYSTORE}" install -dm755 "${DESTDIR}${KEYSTORE}"
install -m644 "${TEMPDIR}/ssl/java/cacerts.p12" "${DESTDIR}${KEYSTORE}" install -m644 "${TEMPDIR}/ssl/java/cacerts.p12" "${DESTDIR}${KEYSTORE}"
rm -f "${DESTDIR}${KEYSTORE}/cacerts.p12.old"
# Import any certs in $LOCALDIR # Import any certs in $LOCALDIR
# Don't do any checking, just trust the admin # Don't do any checking, just trust the admin
@ -874,17 +867,15 @@ fi
bundlefile=`basename "${CABUNDLE}"` bundlefile=`basename "${CABUNDLE}"`
bundledir=`echo "${CABUNDLE}" | sed "s@/${bundlefile}@@"` bundledir=`echo "${CABUNDLE}" | sed "s@/${bundlefile}@@"`
install -vdm755 "${DESTDIR}${bundledir}" 2>&1>/dev/null install -vdm755 "${DESTDIR}${bundledir}" 2>&1>/dev/null
test -f "${DESTDIR}${CABUNDLE}" && mv "${DESTDIR}${CABUNDLE}" \ rm -f "${DESTDIR}${CABUNDLE}"
"${DESTDIR}${CABUNDLE}.old" rm -f "${DESTDIR}${SMBUNDLE}"
test -f "${DESTDIR}${SMBUNDLE}" && mv "${DESTDIR}${SMBUNDLE}" \ rm -f "${DESTDIR}${CSBUNDLE}"
"${DESTDIR}${SMBUNDLE}.old" rm -f "${DESTDIR}${KEYSTORE}/cacerts.jks"
test -f "${DESTDIR}${CSBUNDLE}" && mv "${DESTDIR}${CSBUNDLE}" \
"${DESTDIR}${CSBUNDLE}.old"
test -f "${DESTDIR}${KEYSTORE}/cacerts.jks" &&
mv "${DESTDIR}${KEYSTORE}"/cacerts.jks{,.old}
echo "# Revision:${REVISION}" > "${DESTDIR}${CABUNDLE}" echo "# Revision:${REVISION}" > "${DESTDIR}${CABUNDLE}"
echo "# Revision:${REVISION}" > "${DESTDIR}${SMBUNDLE}"
echo "# Revision:${REVISION}" > "${DESTDIR}${CSBUNDLE}"
echo "Processing certs for Java (JKS) and GNUTLS stores..." echo "Processing certs for Java (JKS) and GNUTLS stores..."
# Generate the bundle # Generate the bundle
@ -928,7 +919,7 @@ for cert in `find "${DESTDIR}${CERTDIR}" -name "*.pem"`; do
"${KEYTOOL}" -importcert -file "${TEMPDIR}/ssl/certs/${keyhash}.pem" \ "${KEYTOOL}" -importcert -file "${TEMPDIR}/ssl/certs/${keyhash}.pem" \
-noprompt -alias "${certname}" -storetype JKS \ -noprompt -alias "${certname}" -storetype JKS \
-keystore "${DESTDIR}${KEYSTORE}/cacerts.jks" \ -keystore "${DESTDIR}${KEYSTORE}/cacerts.jks" \
-storepass 'changeit' 2>&1> /dev/null | \ -storepass 'changeit' 2>&1> /dev/null | \
sed -e 's@Certificate was a@A@' -e 's@keystore@Java (JKS) keystore.@' sed -e 's@Certificate was a@A@' -e 's@keystore@Java (JKS) keystore.@'
fi fi
fi fi
@ -966,7 +957,5 @@ fi
# Clean up the mess # Clean up the mess
rm -rf "${TEMPDIR}" rm -rf "${TEMPDIR}"
rm -rf "${DESTDIR}${bundledir}/*.old"
rm -f "${DESTDIR}${KEYSTORE}/cacerts.jks.old"
# End /usr/sbin/make-ca # End /usr/sbin/make-ca