From 539e05b924539b6d5e537eed04832ffd921e8999 Mon Sep 17 00:00:00 2001 From: Matt Birkholz Date: Thu, 28 Dec 2023 15:37:41 -0700 Subject: [PATCH] Fix the CA (sub)command to export root keys to Secret/. --- README.org | 6 ++++-- inst | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.org b/README.org index e3e1bb1..8484f52 100644 --- a/README.org +++ b/README.org @@ -5865,6 +5865,8 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") { die "Secret/CA/easyrsa: not an executable\n" if ! -x "Secret/CA/easyrsa"; die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki"; + + umask 077; mysystem "cd Secret/CA; ./easyrsa init-pki"; mysystem "cd Secret/CA; ./easyrsa build-ca nopass"; # Common Name: small.example.org @@ -5886,11 +5888,11 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") { " --batch --quick-generate-key --passphrase ''", " root\@core.$pvt"); mysystem ("gpg --homedir Secret/root.gnupg", - " --export --armor --output root-pub.pem", + " --export --armor --output Secret/root-pub.pem", " root\@core.$pvt"); chmod 0440, "root-pub.pem"; mysystem ("gpg --homedir Secret/root.gnupg", - " --export-secret-key --armor --output root-sec.pem", + " --export-secret-key --armor --output Secret/root-sec.pem", " root\@core.$pvt"); chmod 0400, "root-sec.pem"; diff --git a/inst b/inst index 9924c95..92bd003 100755 --- a/inst +++ b/inst @@ -66,6 +66,8 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") { die "Secret/CA/easyrsa: not an executable\n" if ! -x "Secret/CA/easyrsa"; die "Secret/CA/pki/: already exists\n" if -e "Secret/CA/pki"; + + umask 077; mysystem "cd Secret/CA; ./easyrsa init-pki"; mysystem "cd Secret/CA; ./easyrsa build-ca nopass"; # Common Name: small.example.org @@ -87,11 +89,11 @@ if (defined $ARGV[0] && $ARGV[0] eq "CA") { " --batch --quick-generate-key --passphrase ''", " root\@core.$pvt"); mysystem ("gpg --homedir Secret/root.gnupg", - " --export --armor --output root-pub.pem", + " --export --armor --output Secret/root-pub.pem", " root\@core.$pvt"); chmod 0440, "root-pub.pem"; mysystem ("gpg --homedir Secret/root.gnupg", - " --export-secret-key --armor --output root-sec.pem", + " --export-secret-key --armor --output Secret/root-sec.pem", " root\@core.$pvt"); chmod 0400, "root-sec.pem"; -- 2.25.1