Fix gpg setup for signer

This commit is contained in:
Jan Dittberner 2020-12-26 11:52:37 +01:00
parent b6bead34ab
commit 605ea490ac
2 changed files with 17 additions and 13 deletions

View file

@ -9,18 +9,18 @@ cp /srv/testca/root/ca.crt.pem /srv/ca/CA/ca.crt.pem
cp /srv/testca/root/private/ca.key.pem /srv/ca/CA/private/ca.key.pem
if [ ! -f /srv/ca/CA/index.txt ]; then cp /srv/testca/root/index.txt /srv/ca/CA/index.txt; fi
if [ ! -f /srv/ca/CA/index.txt.attr ]; then cp /srv/testca/root/index.txt.attr /srv/ca/CA/index.txt.attr; fi
if [ ! -f /srv/ca/CA/serial ]; then echo -n '00' > /srv/ca/CA/serial; fi
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 > /srv/ca/CA/crlnumber; fi
if [ ! -f /srv/ca/CA/serial ]; then printf '00' >/srv/ca/CA/serial; fi
if [ ! -f /srv/ca/CA/crlnumber ]; then echo 1000 >/srv/ca/CA/crlnumber; fi
mkdir -p /srv/ca/class3/certs /srv/ca/class3/private /srv/ca/class3/newcerts /srv/ca/gpg/gpg_root_0
cp /srv/testca/class3/ca.crt.pem /srv/ca/class3/ca.crt.pem
cp /srv/testca/class3/private/ca.key.pem /srv/ca/class3/private/ca.key.pem
if [ ! -f /srv/ca/class3/index.txt ]; then cp /srv/testca/class3/index.txt /srv/ca/class3/index.txt; fi
if [ ! -f /srv/ca/class3/index.txt.attr ]; then cp /srv/testca/class3/index.txt.attr /srv/ca/class3/index.txt.attr; fi
if [ ! -f /srv/ca/class3/serial ]; then echo -n '00' > /srv/ca/class3/serial; fi
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 > /srv/ca/class3/crlnumber; fi
if [ ! -f /srv/ca/class3/serial ]; then printf '00' >/srv/ca/class3/serial; fi
if [ ! -f /srv/ca/class3/crlnumber ]; then echo 1000 >/srv/ca/class3/crlnumber; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/secring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/secring.gpg; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/secring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
if [ ! -f /srv/ca/gpg/gpg_root_0/pubring.gpg ]; then cp /srv/testca/gpg/gpg_root_0/pubring.gpg /srv/ca/gpg/gpg_root_0/pubring.gpg; fi
rm -f /srv/sockets/signer
socat -d -d PTY,link=/dev/ttyUSB0 UNIX-LISTEN:/srv/sockets/signer 2>&1 &
@ -29,4 +29,4 @@ sleep 1
cd /srv/CommModule/
touch server.pl-active
exec perl -w server.pl
exec perl -w server.pl

View file

@ -4,6 +4,9 @@ set -eu
ORGANIZATION="CAcert Inc."
COUNTRY_CODE="AU"
CACERT_GPG_NAME="CA Cert Signing Authority (Root CA)"
CACERT_GPG_EMAIL="gpg@cacert.localhost"
. ./.env
if [ ! -d testca/ ]; then
@ -225,14 +228,15 @@ if [ ! -f certs/testclient.p12 ]; then
fi
if [ ! -f gpg/gpg_root_0/secring.gpg ]; then
gpg --homedir testca/gpg/gpg_root_0 --generate-key --batch <<EOF
chmod 0700 gpg/gpg_root_0
gpg --homedir gpg/gpg_root_0 --generate-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Key-Usage: cert
Name-Real: CAcert Inc. GnuPG WoT
Name-Email: gpg@cacert.localhost
%no-protection"
Name-Real: ${CACERT_GPG_NAME}
Name-Email: ${CACERT_GPG_EMAIL}
%no-protection
EOF
gpg --homedir testca/gpg/gpg_root_0 --export | gpg1 --homedir testca/gpg/gpg_root_0 --import
gpg --homedir testca/gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir testca/gpg/gpg_root_0 --import
fi
gpg --homedir gpg/gpg_root_0 --export | gpg1 --homedir gpg/gpg_root_0 --import
gpg --homedir gpg/gpg_root_0 --export-secret-keys | gpg1 --homedir gpg/gpg_root_0 --import
fi