Remove use of .old files/directories
Fix argument for catrust/smtrust in java cacerts logic.
This commit is contained in:
parent
0baf68696f
commit
c7720cf468
@ -1,5 +1,6 @@
|
|||||||
0.7 - Generate both PKCS#12 and JKS stores for Java
|
0.7 - Generate both PKCS#12 and JKS stores for Java
|
||||||
- Local certs keep out of band trust when copied to system certs
|
- Local certs keep out of band trust when copied to system certs
|
||||||
|
- Remove use of .old files/directories
|
||||||
0.6 - Allow use of proxy with OpenSSL s_client
|
0.6 - Allow use of proxy with OpenSSL s_client
|
||||||
- Really check revision before download
|
- Really check revision before download
|
||||||
- Make sure download was successful before testing values
|
- Make sure download was successful before testing values
|
||||||
|
41
make-ca
41
make-ca
@ -618,7 +618,7 @@ for tempfile in ${TEMPDIR}/certs/*.tmp; do
|
|||||||
EKU=""
|
EKU=""
|
||||||
EKUVAL=""
|
EKUVAL=""
|
||||||
if test "${satrust}" == "C"; then EKU="serverAuth"; fi
|
if test "${satrust}" == "C"; then EKU="serverAuth"; fi
|
||||||
if test "${catrust}" == "C"; then
|
if test "${smtrust}" == "C"; then
|
||||||
if test "${EKU}" == ""; then
|
if test "${EKU}" == ""; then
|
||||||
EKU="clientAuth"
|
EKU="clientAuth"
|
||||||
else
|
else
|
||||||
@ -674,34 +674,27 @@ if test "${WITH_NSS}" == "1"; then
|
|||||||
-e 's/library=/library=libnsssysinit.so/' \
|
-e 's/library=/library=libnsssysinit.so/' \
|
||||||
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
|
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
|
||||||
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
|
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
|
||||||
test -d "${DESTDIR}${NSSDB}" && mv "${DESTDIR}${NSSDB}" \
|
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
|
||||||
"${DESTDIR}${NSSDB}.old"
|
|
||||||
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
|
install -dm755 "${DESTDIR}${NSSDB}" 2>&1>/dev/null
|
||||||
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
|
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
|
||||||
"${DESTDIR}${NSSDB}" &&
|
"${DESTDIR}${NSSDB}"
|
||||||
rm -rf "${DESTDIR}${NSSDB}.old"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install anchors in $ANCHORDIR
|
# Install anchors in $ANCHORDIR
|
||||||
test -d "${DESTDIR}${ANCHORDIR}" && mv "${DESTDIR}${ANCHORDIR}"\
|
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
|
||||||
"${DESTDIR}${ANCHORDIR}.old"
|
|
||||||
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
|
install -dm755 "${DESTDIR}${ANCHORDIR}" 2>&1>/dev/null
|
||||||
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}" &&
|
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
|
||||||
rm -rf "${DESTDIR}${ANCHORDIR}.old"
|
|
||||||
|
|
||||||
# Install certificates in $CERTDIR
|
# Install certificates in $CERTDIR
|
||||||
test -d "${DESTDIR}${CERTDIR}" && mv "${DESTDIR}${CERTDIR}" \
|
test -d "${DESTDIR}${CERTDIR}" && rm -rf "${DESTDIR}${CERTDIR}"
|
||||||
"${DESTDIR}${CERTDIR}.old"
|
|
||||||
install -dm755 "${DESTDIR}${CERTDIR}" 2>&1>/dev/null
|
install -dm755 "${DESTDIR}${CERTDIR}" 2>&1>/dev/null
|
||||||
install -m644 "${TEMPDIR}"/ssl/certs/*.pem "${DESTDIR}${CERTDIR}" &&
|
install -m644 "${TEMPDIR}"/ssl/certs/*.pem "${DESTDIR}${CERTDIR}"
|
||||||
rm -rf "${DESTDIR}${CERTDIR}.old"
|
|
||||||
|
|
||||||
# Install Java cacerts.p12 in ${KEYSTORE}
|
# Install Java cacerts.p12 in ${KEYSTORE}
|
||||||
test -f "${DESTDIR}${KEYSTORE}/cacerts.p12" &&
|
test -f "${DESTDIR}${KEYSTORE}/cacerts.p12" &&
|
||||||
mv "${DESTDIR}${KEYSTORE}/cacerts.p12{,.old}"
|
rm -f "${DESTDIR}${KEYSTORE}/cacerts.p12"
|
||||||
install -dm755 "${DESTDIR}${KEYSTORE}"
|
install -dm755 "${DESTDIR}${KEYSTORE}"
|
||||||
install -m644 "${TEMPDIR}/ssl/java/cacerts.p12" "${DESTDIR}${KEYSTORE}"
|
install -m644 "${TEMPDIR}/ssl/java/cacerts.p12" "${DESTDIR}${KEYSTORE}"
|
||||||
rm -f "${DESTDIR}${KEYSTORE}/cacerts.p12.old"
|
|
||||||
|
|
||||||
# Import any certs in $LOCALDIR
|
# Import any certs in $LOCALDIR
|
||||||
# Don't do any checking, just trust the admin
|
# Don't do any checking, just trust the admin
|
||||||
@ -874,17 +867,15 @@ fi
|
|||||||
bundlefile=`basename "${CABUNDLE}"`
|
bundlefile=`basename "${CABUNDLE}"`
|
||||||
bundledir=`echo "${CABUNDLE}" | sed "s@/${bundlefile}@@"`
|
bundledir=`echo "${CABUNDLE}" | sed "s@/${bundlefile}@@"`
|
||||||
install -vdm755 "${DESTDIR}${bundledir}" 2>&1>/dev/null
|
install -vdm755 "${DESTDIR}${bundledir}" 2>&1>/dev/null
|
||||||
test -f "${DESTDIR}${CABUNDLE}" && mv "${DESTDIR}${CABUNDLE}" \
|
rm -f "${DESTDIR}${CABUNDLE}"
|
||||||
"${DESTDIR}${CABUNDLE}.old"
|
rm -f "${DESTDIR}${SMBUNDLE}"
|
||||||
test -f "${DESTDIR}${SMBUNDLE}" && mv "${DESTDIR}${SMBUNDLE}" \
|
rm -f "${DESTDIR}${CSBUNDLE}"
|
||||||
"${DESTDIR}${SMBUNDLE}.old"
|
rm -f "${DESTDIR}${KEYSTORE}/cacerts.jks"
|
||||||
test -f "${DESTDIR}${CSBUNDLE}" && mv "${DESTDIR}${CSBUNDLE}" \
|
|
||||||
"${DESTDIR}${CSBUNDLE}.old"
|
|
||||||
test -f "${DESTDIR}${KEYSTORE}/cacerts.jks" &&
|
|
||||||
mv "${DESTDIR}${KEYSTORE}"/cacerts.jks{,.old}
|
|
||||||
|
|
||||||
|
|
||||||
echo "# Revision:${REVISION}" > "${DESTDIR}${CABUNDLE}"
|
echo "# Revision:${REVISION}" > "${DESTDIR}${CABUNDLE}"
|
||||||
|
echo "# Revision:${REVISION}" > "${DESTDIR}${SMBUNDLE}"
|
||||||
|
echo "# Revision:${REVISION}" > "${DESTDIR}${CSBUNDLE}"
|
||||||
|
|
||||||
echo "Processing certs for Java (JKS) and GNUTLS stores..."
|
echo "Processing certs for Java (JKS) and GNUTLS stores..."
|
||||||
# Generate the bundle
|
# Generate the bundle
|
||||||
@ -928,7 +919,7 @@ for cert in `find "${DESTDIR}${CERTDIR}" -name "*.pem"`; do
|
|||||||
"${KEYTOOL}" -importcert -file "${TEMPDIR}/ssl/certs/${keyhash}.pem" \
|
"${KEYTOOL}" -importcert -file "${TEMPDIR}/ssl/certs/${keyhash}.pem" \
|
||||||
-noprompt -alias "${certname}" -storetype JKS \
|
-noprompt -alias "${certname}" -storetype JKS \
|
||||||
-keystore "${DESTDIR}${KEYSTORE}/cacerts.jks" \
|
-keystore "${DESTDIR}${KEYSTORE}/cacerts.jks" \
|
||||||
-storepass 'changeit' 2>&1> /dev/null | \
|
-storepass 'changeit' 2>&1> /dev/null | \
|
||||||
sed -e 's@Certificate was a@A@' -e 's@keystore@Java (JKS) keystore.@'
|
sed -e 's@Certificate was a@A@' -e 's@keystore@Java (JKS) keystore.@'
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -966,7 +957,5 @@ fi
|
|||||||
|
|
||||||
# Clean up the mess
|
# Clean up the mess
|
||||||
rm -rf "${TEMPDIR}"
|
rm -rf "${TEMPDIR}"
|
||||||
rm -rf "${DESTDIR}${bundledir}/*.old"
|
|
||||||
rm -f "${DESTDIR}${KEYSTORE}/cacerts.jks.old"
|
|
||||||
|
|
||||||
# End /usr/sbin/make-ca
|
# End /usr/sbin/make-ca
|
||||||
|
Loading…
Reference in New Issue
Block a user