Fix gpg setup for signer

3 years ago · 605ea490ac
parent b6bead34ab
commit 605ea490ac
2 changed files with 17 additions and 13 deletions
--- a/docker/run-signer
+++ b/docker/run-signer
@ -9,18 +9,18 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
 cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
 if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
 if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
-if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
-if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
+if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
+if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi

 mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
 cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
 cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
 if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
 if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
-if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
-if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
+if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
+if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
 if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
-if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
+if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi

 rm -f /srv/sockets/signer
 socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
@ -29,4 +29,4 @@ sleep 1
 cd /srv/CommModule/

 touch server.pl-active
-exec perl -w server.pl
+exec perl -w server.pl
--- a/setup_test_ca.sh
+++ b/setup_test_ca.sh
@ -4,6 +4,9 @@ set -eu

 ORGANIZATION="CAcert Inc."
 COUNTRY_CODE="AU"
+CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
+CACERT_GPG_EMAIL="gpg@cacert.localhost"
+
 . ./.env

 if [ ! -d testca/ ]; then
@ -225,14 +228,15 @@ if [ ! -f certs/testclient.p12 ]; then
 fi

 if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
-  gpg --homedir testca/gpg/gpg_root_0 --generate-key --batch <<EOF
+  chmod 0700 gpg/gpg_root_0
+  gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
 Key-Type: RSA
 Key-Length: 4096
 Key-Usage: cert
-Name-Real: CAcert Inc. GnuPG WoT
-Name-Email: gpg@cacert.localhost
-%no-protection"
+Name-Real: ${CACERT_GPG_NAME}
+Name-Email: ${CACERT_GPG_EMAIL}
+%no-protection
 EOF
-  gpg --homedir testca/gpg/gpg_root_0 --export | gpg1 --homedir testca/gpg/gpg_root_0 --import
-  gpg --homedir testca/gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir testca/gpg/gpg_root_0 --import
-fi
+  gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
+  gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
+fi