The current makefile rule for the public certificate calls for an openssl config file which is not provided. Let's put the pubcert generation into a script named gen-pubcert.sh and embed the openssl configuration file there. Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> --- Makefile | 4 +--- gen-pubcert.sh | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100755 gen-pubcert.sh diff --git a/Makefile b/Makefile index 9532c29a1dc2..044251f64785 100644 --- a/Makefile +++ b/Makefile @@ -79,9 +79,7 @@ $(REGDB_PUBKEY): $(REGDB_PRIVKEY) $(REGDB_PUBCERT): $(REGDB_PRIVKEY) @echo "Generating certificate for $(REGDB_AUTHOR)..." - @openssl req -config regulatory.openssl.conf \ - -key $(REGDB_PRIVKEY) -days 36500 -utf8 -nodes -batch \ - -x509 -outform PEM -out $(REGDB_PUBCERT) + ./gen-pubcert.sh $(REGDB_PRIVKEY) $(REGDB_PUBCERT) @echo $(REGDB_PUBKEY) > .custom diff --git a/gen-pubcert.sh b/gen-pubcert.sh new file mode 100755 index 000000000000..1a4d57999e5d --- /dev/null +++ b/gen-pubcert.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +if [[ $# -ne 2 ]]; then + echo "Usage: $0 priv-key out-file" + exit 1 +fi + +openssl req -new -key "$1" -days 36500 -utf8 -nodes -batch \ + -x509 -outform PEM -out "$2" \ + -config <(cat <<-EOF + [ req ] + distinguished_name = req_distinguished_name + string_mask = utf8only + prompt = no + [ req_distinguished_name ] + commonName = sforshee + EOF + ) -- 2.14.1
