Fix the CA (sub)command to export root keys to Secret/.

author Matt Birkholz <matt@birchwood-abbey.net>

Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)

committer Matt Birkholz <matt@birchwood-abbey.net>

Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)
author Matt Birkholz <matt@birchwood-abbey.net>
Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)
committer Matt Birkholz <matt@birchwood-abbey.net>
Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)
diff --git a/README.org b/README.org

index e3e1bb1ce9e5129237c6e44d91960511e947e84a..8484f5293c84e3d489c990ba7b163a6b47129fe5 100644 (file)
--- a/README.org
+++ b/README.org
@@ -5865,6 +5865,8 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") {
    die "Secret/CA/easyrsa: not an executable\n"
      if ! -x "Secret/CA/easyrsa";
    die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki";
+
+  umask 077;
    mysystem "cd Secret/CA; ./easyrsa init-pki";
    mysystem "cd Secret/CA; ./easyrsa build-ca nopass";
    # Common Name: small.example.org
@@ -5886,11 +5888,11 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") {
             " --batch --quick-generate-key --passphrase ''",
             " root\@core.$pvt");
    mysystem ("gpg --homedir Secret/root.gnupg",
-           " --export --armor --output root-pub.pem",
+           " --export --armor --output Secret/root-pub.pem",
             " root\@core.$pvt");
    chmod 0440, "root-pub.pem";
    mysystem ("gpg --homedir Secret/root.gnupg",
-           " --export-secret-key --armor --output root-sec.pem",
+           " --export-secret-key --armor --output Secret/root-sec.pem",
             " root\@core.$pvt");
    chmod 0400, "root-sec.pem";
  
diff --git a/inst b/inst

index 9924c9598f4f2118a2760b1c238a72f409134edf..92bd003859bb7499065c1b581fac04888c3d72f0 100755 (executable)
--- a/inst
+++ b/inst
@@ -66,6 +66,8 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") {
    die "Secret/CA/easyrsa: not an executable\n"
      if ! -x "Secret/CA/easyrsa";
    die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki";
+
+  umask 077;
    mysystem "cd Secret/CA; ./easyrsa init-pki";
    mysystem "cd Secret/CA; ./easyrsa build-ca nopass";
    # Common Name: small.example.org
@@ -87,11 +89,11 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") {
             " --batch --quick-generate-key --passphrase ''",
             " root\@core.$pvt");
    mysystem ("gpg --homedir Secret/root.gnupg",
-           " --export --armor --output root-pub.pem",
+           " --export --armor --output Secret/root-pub.pem",
             " root\@core.$pvt");
    chmod 0440, "root-pub.pem";
    mysystem ("gpg --homedir Secret/root.gnupg",
-           " --export-secret-key --armor --output root-sec.pem",
+           " --export-secret-key --armor --output Secret/root-sec.pem",
             " root\@core.$pvt");
    chmod 0400, "root-sec.pem";
author	Matt Birkholz <matt@birchwood-abbey.net>
	Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)
committer	Matt Birkholz <matt@birchwood-abbey.net>
	Thu, 28 Dec 2023 22:37:41 +0000 (15:37 -0700)