The current makefile rule for the public certificate calls for an
openssl config file which is not provided. Let's put the pubcert
generation into a script named gen-pubcert.sh and embed the
openssl configuration file there.
Signed-off-by: Seth Forshee <seth.fors...@canonical.com>
---
Makefile | 4 +---
gen-pubcert.sh | 18 ++++++++++++++++++
2 files changed, 19 insertions(+), 3 deletions(-)
create mode 100755 gen-pubcert.sh
diff --git a/Makefile b/Makefile
index 9532c29a1dc2..044251f64785 100644
--- a/Makefile
+++ b/Makefile
@@ -79,9 +79,7 @@ $(REGDB_PUBKEY): $(REGDB_PRIVKEY)
$(REGDB_PUBCERT): $(REGDB_PRIVKEY)
@echo "Generating certificate for $(REGDB_AUTHOR)..."
- @openssl req -config regulatory.openssl.conf \
- -key $(REGDB_PRIVKEY) -days 36500 -utf8 -nodes -batch \
- -x509 -outform PEM -out $(REGDB_PUBCERT)
+ ./gen-pubcert.sh $(REGDB_PRIVKEY) $(REGDB_PUBCERT)
@echo $(REGDB_PUBKEY) > .custom
diff --git a/gen-pubcert.sh b/gen-pubcert.sh
new file mode 100755
index 000000000000..1a4d57999e5d
--- /dev/null
+++ b/gen-pubcert.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+if [[ $# -ne 2 ]]; then
+ echo "Usage: $0 priv-key out-file"
+ exit 1
+fi
+
+openssl req -new -key "$1" -days 36500 -utf8 -nodes -batch \
+ -x509 -outform PEM -out "$2" \
+ -config <(cat <<-EOF
+ [ req ]
+ distinguished_name = req_distinguished_name
+ string_mask = utf8only
+ prompt = no
+ [ req_distinguished_name ]
+ commonName = sforshee
+ EOF
+ )
--
2.14.1
