GNUmakefile.in 4.23 KB
Newer Older
1
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
5
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
6

7 8 9 10 11 12 13 14
SRCDIR		= @srcdir@
TESTBED_SRCDIR	= @top_srcdir@
EVENTSYS	= @EVENTSYS@
OBJDIR		= ..
SUBDIR		= ssl

include $(OBJDIR)/Makeconf

15
all:	emulab.pem server.pem localnode.pem ronnode.pem pcwa.pem keys
16 17 18 19 20 21 22 23 24 25 26

include $(TESTBED_SRCDIR)/GNUmakerules

#
# You do not want to run these targets unless you are sure you
# know what you are doing! You really do not want to install these
# unless you are very sure you know what you are doing. You could
# mess up all the clients when the CA changes out from under them.
#
pems:	emulab.pem server.pem client.pem

27
emulab.pem:	dirsmade emulab.cnf
28 29 30 31
	#
	# Create the Certificate Authority.
	# The certificate (no key!) is installed on both boss and remote nodes.
	#
32
	openssl req -new -x509 -days 1000 -config emulab.cnf \
33 34 35
		    -keyout cakey.pem -out cacert.pem
	cp cacert.pem emulab.pem

36
server.pem:	dirsmade server.cnf ca.cnf
37 38 39
	#
	# Create the server side private key and certificate request.
	#
40 41
	openssl req -new -config server.cnf \
		-keyout server_key.pem -out server_req.pem
42 43 44
	#
	# Combine key and cert request.
	#
45
	cat server_key.pem server_req.pem > newreq.pem
46 47 48
	#
	# Sign the server cert request, creating a server certificate.
	#
49 50
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out server_cert.pem \
51 52 53 54 55 56
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by tmcd.
	#
57
	cat server_key.pem server_cert.pem > server.pem
58 59
	rm -f newreq.pem

Leigh B. Stoller's avatar
Leigh B. Stoller committed
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
capture.pem:	dirsmade capture.cnf ca.cnf
	#
	# Create the server side private key and certificate request.
	#
	openssl req -new -config capture.cnf \
		-keyout capture_key.pem -out capture_req.pem
	#
	# Combine key and cert request.
	#
	cat capture_key.pem capture_req.pem > newreq.pem
	#
	# Sign the capture cert request, creating a capture certificate.
	#
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out capture_cert.pem \
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by capture.
	#
	cat capture_key.pem capture_cert.pem > capture.pem
	rm -f newreq.pem

84 85 86 87 88
localnode.pem:	dirsmade localnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh localnode

ronnode.pem:	dirsmade ronnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh ronnode
89

90 91 92
pcplab.pem:		dirsmade pcplab.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh pcplab

93 94 95
pcwa.pem:		dirsmade pcwa.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh pcwa

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
keys:		emulab_privkey.pem emulab_pubkey.pem

emulab_privkey.pem:
	#
	# Generate a priv key for signing stuff. This one gets a
	# passphrase.
	# 
	openssl genrsa -out emulab_privkey.pem -des3

emulab_pubkey.pem:	emulab_privkey.pem
	#
	# Extract a pubkey from the privkey
	# 
	openssl rsa -in emulab_privkey.pem -pubout -out emulab_pubkey.pem

111 112 113 114 115 116 117 118 119 120 121
dirsmade:
	-mkdir -p certs
	-mkdir -p newcerts
	-mkdir -p crl
	echo "01" > serial
	touch index.txt
	touch dirsmade

#
# You do not want to run these targets unless you are sure you
# know what you are doing!
122 123 124 125
#
install:
	@echo "BE VERY CAREFUL! INSTALLING NEW CERTS CAN CAUSE DISASTER!"

126
boss-installX:	$(INSTALL_ETCDIR)/emulab.pem \
Leigh B. Stoller's avatar
Leigh B. Stoller committed
127
		$(INSTALL_ETCDIR)/server.pem \
128
		$(INSTALL_ETCDIR)/pcplab.pem \
129
		$(INSTALL_ETCDIR)/pcwa.pem \
130
		$(INSTALL_ETCDIR)/ronnode.pem \
131 132 133
		$(INSTALL_ETCDIR)/capture.pem \
		$(INSTALL_ETCDIR)/emulab_privkey.pem \
		$(INSTALL_ETCDIR)/emulab_pubkey.pem
134
	$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
135 136 137 138
	chmod 640 $(INSTALL_ETCDIR)/emulab.pem
	chmod 640 $(INSTALL_ETCDIR)/server.pem
	chmod 640 $(INSTALL_ETCDIR)/client.pem
	chmod 640 $(INSTALL_ETCDIR)/pcplab.pem
139
	chmod 640 $(INSTALL_ETCDIR)/ronnode.pem
140
	chmod 640 $(INSTALL_ETCDIR)/pcwa.pem
141
	chmod 640 $(INSTALL_ETCDIR)/emulab_privkey.pem
142

143
client-install:
144 145 146 147
	$(INSTALL_DATA) localnode.pem $(DESTDIR)$(CLIENT_ETCDIR)/client.pem
	$(INSTALL_DATA) emulab.pem $(DESTDIR)$(CLIENT_ETCDIR)/emulab.pem
	$(INSTALL_DATA) emulab_pubkey.pem \
			$(DESTDIR)$(CLIENT_ETCDIR)/emulab_pubkey.pem
148

149 150 151
tipserv-install:	$(INSTALL_SBINDIR)/capture.pem
	chmod 640 $(INSTALL_SBINDIR)/capture.pem

152
clean:
153 154
	rm -f *.pem serial index.txt *.old dirsmade *.cnf
	rm -rf newcerts certs