summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile1
-rw-r--r--README3
-rw-r--r--mklog.mk88
3 files changed, 89 insertions, 3 deletions
diff --git a/Makefile b/Makefile
index 7bdec7b..2ff2935 100644
--- a/Makefile
+++ b/Makefile
@@ -5,4 +5,3 @@ catlfish:
FIXME
.PHONY: catlfish-dev catlfish
-
diff --git a/README b/README
index 368a8a8..ebfe637 100644
--- a/README
+++ b/README
@@ -24,8 +24,7 @@ or
Configuring a log
-----------------
-XXX create CA and certs; create logkey (possibly in softhsm); create
-XXX auth keys; run compileconfig.py for each node
+mkdir mylog; cd mylog && make -f ../mklog.mk log
Running
diff --git a/mklog.mk b/mklog.mk
new file mode 100644
index 0000000..33bbbf7
--- /dev/null
+++ b/mklog.mk
@@ -0,0 +1,88 @@
+# Include this file and set the following make variables or use the
+# defaults.
+
+# LOGNAME = name of the log to create
+LOGNAME ?= $$(basename $$PWD)
+
+# NODES = list of names of non-merge nodes
+NODES ?= $$(cd nodes; ls | egrep -v ^merge-)
+
+# MERGE_NODES = list of names of merge nodes
+MERGE_NODES ?= $$(cd nodes; ls merge-*)
+
+# HSM_SO_PIN = SoftHSM "security officer PIN"
+HSM_SO_PIN ?= f0f0
+
+# HSM_PIN = SoftHSM PIN
+HSM_PIN ?= fefe
+
+# SOFTHSM_BASE_DIR = base directory for SoftHSMv2 installation
+SOFTHSM_BASE_DIR ?= ~/usr
+
+# SOFTHSM_UTIL = full path to softhsm2-util from SoftHSMv2
+SOFTHSM_UTIL ?= $(SOFTHSM_BASE_DIR)/bin/softhsm2-util
+
+# CATLFISH_SRC = path to catlfish source code
+CATLFISH_SRC ?= ~/usr/src/catlfish
+
+test:
+ @echo LOGNAME = $(LOGNAME)
+ @echo NODES = $(NODES)
+ @echo MERGE_NODES = $(MERGE_NODES)
+.PHONY: test
+
+log: certs authkeys logkey.pem
+
+destdirs:
+ @for node in $(NODES) $(MERGE_NODES); do \
+ if [ -d nodes.out/$${node} ]; then true; \
+ else mkdir -p nodes.out/$${node}; \
+ fi \
+ done
+
+tests privatekeys publickeys:
+ mkdir $@
+
+tests/httpsca/key.pem: tests
+ make -f $(CATLFISH_SRC)/Makefile INSTDIR=. tests-createca
+tests/httpscert:
+ mkdir $@
+certs: tests/httpsca/key.pem tests/httpscert destdirs
+ @for cn in $(NODES); do \
+ openssl req -new -newkey rsa:2048 \
+ -keyout tests/httpscert/$${cn}-key.pem \
+ -out tests/httpsca/$${cn}.csr -nodes \
+ -subj "/countryName=SE/stateOrProvinceName=Stockholm/organizationName=Test/CN=$${cn}"; \
+ (cd tests/httpsca; \
+ openssl ca -in $${cn}.csr -keyfile key.pem -out $${cn}.pem -batch); \
+ cp tests/httpsca/$${cn}.pem tests/httpscert/; \
+ done
+
+authkeys: privatekeys publickeys destdirs
+ for node in $(NODES) $(MERGE_NODES); do \
+ (cd privatekeys; $(CATLFISH_SRC)/tools/create-key.sh $${node}); \
+ mv privatekeys/$${node}.pem publickeys/; \
+ cp privatekeys/$${node}-private.pem nodes.out/$${node}/; \
+ cp tests/httpsca/demoCA/cacert.pem nodes.out/$${node}/; \
+ done
+ @for node in $(NODES) $(MERGE_NODES); do \
+ cp -a publickeys nodes.out/$${node}/; \
+ done
+
+logkey.pem: destdirs $(SOFTHSM_UTIL)
+ ! [ -f logkey-private.pem ]
+ $(CATLFISH_SRC)/tools/create-key.sh logkey
+ chmod 600 logkey-private.pem
+
+ openssl pkcs8 -topk8 -nocrypt \
+ -in logkey-private.pem -out logkey-private.pkcs8
+ $(SOFTHSM_UTIL) --init-token --slot 0 --label $(LOGNAME) \
+ --so-pin $(HSM_SO_PIN) --pin $(HSM_PIN)
+ $(SOFTHSM_UTIL) --import logkey-private.pkcs8 --slot 0 \
+ --label $(LOGNAME) --pin $(HSM_PIN) --id 00
+
+ for node in $(NODES) $(MERGE_NODES); do \
+ cp logkey.pem nodes.out/$${node}/; \
+ done
+
+.PHONY: destdirs certs authkeys
generated by cgit v1.1 at 2025-01-09 23:15:25 +0000