From fbd103c8e680cc73a79e316bebddeda11c33611a Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Fri, 6 Dec 2019 15:24:07 +0100 Subject: new sign-ca and/or root-ca means, we need to exchange the directory with the issued certificates, too - this means, we should handle creation of those in sign-ca, not in the Makefile --- sign-ca.in | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'sign-ca.in') diff --git a/sign-ca.in b/sign-ca.in index 25d1a98..f000dc3 100755 --- a/sign-ca.in +++ b/sign-ca.in @@ -20,6 +20,19 @@ if [ -f '#ETCDIR#/simple-pki/ca/root-ca.crt' ]; then mv \ '#ETCDIR#/simple-pki/ca/root-ca.crt' \ '#ETCDIR#/simple-pki/ca/root-ca.crt.old' + rm -rf --one-file-system \ + '#ETCDIR#/simple-pki/ca/root-ca.old' + mv \ + '#ETCDIR#/simple-pki/ca/root-ca' \ + '#ETCDIR#/simple-pki/ca/root-ca.old' + install -d -m0755 '#ETCDIR#/simple-pki/ca/root-ca/db' + install -d -m0700 '#ETCDIR#/simple-pki/ca/root-ca/private' + touch \ + '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.db' \ + '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.db.attr' + echo '01' \ + |tee '#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.crt.srl' \ + >'#ETCDIR#/simple-pki/ca/root-ca/db/root-ca.crl.srl' else >&2 echo 'nothing to do: "old" root certificate is too new' exit @@ -30,6 +43,19 @@ if [ -f '#ETCDIR#/simple-pki/ca/signing-ca.crt' ]; then mv \ '#ETCDIR#/simple-pki/ca/signing-ca.crt' \ '#ETCDIR#/simple-pki/ca/signing-ca.crt.old' + rm -rf --one-file-system \ + '#ETCDIR#/simple-pki/ca/signing-ca.old' + mv \ + '#ETCDIR#/simple-pki/ca/signing-ca' \ + '#ETCDIR#/simple-pki/ca/signing-ca.old' + install -d -m0755 '#ETCDIR#/simple-pki/ca/signing-ca/db' + install -d -m0700 '#ETCDIR#/simple-pki/ca/signing-ca/private' + touch \ + '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.db' \ + '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.db.attr' + echo '01' \ + |tee '#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.crt.srl' \ + >'#ETCDIR#/simple-pki/ca/signing-ca/db/signing-ca.crl.srl' fi CA=root-ca openssl req -new \ -- cgit v1.2.3-54-g00ecf