diff options
| author | Corey Cothrum <contact@coreycothrum.com> | 2020-12-08 08:29:48 -0600 |
|---|---|---|
| committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2020-12-09 09:16:29 +0800 |
| commit | 8adff592ef39d2a07b8a22ab46245f52fa945eaa (patch) | |
| tree | 5b34064b9d4d9dd4f749be860b02c3de49193fe4 | |
| parent | d6ca3fa224c51ced1c511d59cbd85a6f35245748 (diff) | |
| download | meta-secure-core-8adff592ef39d2a07b8a22ab46245f52fa945eaa.tar.gz | |
create-user-key-store.sh: allow user to specify openssl x509 'days' param
allow openssl x509 '--days' parameter to be specified via command line argument
Signed-off-by: Corey Cothrum <contact@coreycothrum.com>
| -rwxr-xr-x | meta-signing-key/scripts/create-user-key-store.sh | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/meta-signing-key/scripts/create-user-key-store.sh b/meta-signing-key/scripts/create-user-key-store.sh index 30e3c28..0d55d2a 100755 --- a/meta-signing-key/scripts/create-user-key-store.sh +++ b/meta-signing-key/scripts/create-user-key-store.sh | |||
| @@ -5,6 +5,7 @@ _D=`dirname "$_S"` | |||
| 5 | ROOT_DIR="`cd "$_D" && pwd`" | 5 | ROOT_DIR="`cd "$_D" && pwd`" |
| 6 | 6 | ||
| 7 | KEYS_DIR="$ROOT_DIR/user-keys" | 7 | KEYS_DIR="$ROOT_DIR/user-keys" |
| 8 | OPENSSL_DAYS="3650" | ||
| 8 | GPG_KEYNAME= | 9 | GPG_KEYNAME= |
| 9 | GPG_EMAIL= | 10 | GPG_EMAIL= |
| 10 | GPG_COMMENT= | 11 | GPG_COMMENT= |
| @@ -49,6 +50,8 @@ Options: | |||
| 49 | -bgp <Boot Loader GPG passphrase> | 50 | -bgp <Boot Loader GPG passphrase> |
| 50 | -bp <Boot loader config password> | 51 | -bp <Boot loader config password> |
| 51 | -ip <IMA passphrase> | 52 | -ip <IMA passphrase> |
| 53 | --days Specify the number of days to make a certificate valid for | ||
| 54 | Default: $OPENSSL_DAYS | ||
| 52 | -h|--help Show this help information. | 55 | -h|--help Show this help information. |
| 53 | Overides: | 56 | Overides: |
| 54 | -bc <gpg key comment> | 57 | -bc <gpg key comment> |
| @@ -133,6 +136,9 @@ while [ $# -gt 0 ]; do | |||
| 133 | -ip) | 136 | -ip) |
| 134 | shift && IMA_PASS="$1" | 137 | shift && IMA_PASS="$1" |
| 135 | ;; | 138 | ;; |
| 139 | --days) | ||
| 140 | shift && OPENSSL_DAYS="$1" | ||
| 141 | ;; | ||
| 136 | -h|--help) | 142 | -h|--help) |
| 137 | show_help `basename $0` | 143 | show_help `basename $0` |
| 138 | exit 0 | 144 | exit 0 |
| @@ -173,7 +179,7 @@ ca_sign() { | |||
| 173 | # Self signing ? | 179 | # Self signing ? |
| 174 | if [ "$key_name" = "$ca_key_name" ]; then | 180 | if [ "$key_name" = "$ca_key_name" ]; then |
| 175 | openssl req -new -x509 -newkey rsa:2048 \ | 181 | openssl req -new -x509 -newkey rsa:2048 \ |
| 176 | -sha256 -nodes -days 3650 \ | 182 | -sha256 -nodes -days $OPENSSL_DAYS \ |
| 177 | -subj "$subject" \ | 183 | -subj "$subject" \ |
| 178 | -keyout "$key_dir/$key_name.key" \ | 184 | -keyout "$key_dir/$key_name.key" \ |
| 179 | -out "$key_dir/$key_name.crt" \ | 185 | -out "$key_dir/$key_name.crt" \ |
| @@ -223,7 +229,7 @@ ca_sign() { | |||
| 223 | -CA "$ca_cert" \ | 229 | -CA "$ca_cert" \ |
| 224 | -CAform "$ca_cert_form" \ | 230 | -CAform "$ca_cert_form" \ |
| 225 | -CAkey "$ca_key_dir/$ca_key_name.key" \ | 231 | -CAkey "$ca_key_dir/$ca_key_name.key" \ |
| 226 | -set_serial 1 -days 3650 \ | 232 | -set_serial 1 -days $OPENSSL_DAYS \ |
| 227 | -extfile "$ROOT_DIR/openssl.cnf" -extensions v3_req \ | 233 | -extfile "$ROOT_DIR/openssl.cnf" -extensions v3_req \ |
| 228 | -out "$key_dir/$key_name.crt" \ | 234 | -out "$key_dir/$key_name.crt" \ |
| 229 | || print_fatal "openssl failure" | 235 | || print_fatal "openssl failure" |