GNUmakefile.in 2.26 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11
#
# Insert Copyright Here.
#
SRCDIR		= @srcdir@
TESTBED_SRCDIR	= @top_srcdir@
EVENTSYS	= @EVENTSYS@
OBJDIR		= ..
SUBDIR		= ssl

include $(OBJDIR)/Makeconf

12
all:	emulab.pem server.pem localnode.pem ronnode.pem
13 14 15 16 17 18 19 20 21 22 23

include $(TESTBED_SRCDIR)/GNUmakerules

#
# You do not want to run these targets unless you are sure you
# know what you are doing! You really do not want to install these
# unless you are very sure you know what you are doing. You could
# mess up all the clients when the CA changes out from under them.
#
pems:	emulab.pem server.pem client.pem

24
emulab.pem:	dirsmade emulab.cnf
25 26 27 28
	#
	# Create the Certificate Authority.
	# The certificate (no key!) is installed on both boss and remote nodes.
	#
29
	openssl req -new -x509 -config emulab.cnf \
30 31 32
		    -keyout cakey.pem -out cacert.pem
	cp cacert.pem emulab.pem

33
server.pem:	dirsmade server.cnf ca.cnf
34 35 36
	#
	# Create the server side private key and certificate request.
	#
37 38
	openssl req -new -config server.cnf \
		-keyout server_key.pem -out server_req.pem
39 40 41
	#
	# Combine key and cert request.
	#
42
	cat server_key.pem server_req.pem > newreq.pem
43 44 45
	#
	# Sign the server cert request, creating a server certificate.
	#
46 47
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out server_cert.pem \
48 49 50 51 52 53
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by tmcd.
	#
54
	cat server_key.pem server_cert.pem > server.pem
55 56
	rm -f newreq.pem

57 58 59 60 61
localnode.pem:	dirsmade localnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh localnode

ronnode.pem:	dirsmade ronnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh ronnode
62 63 64 65 66 67 68 69 70 71 72 73

dirsmade:
	-mkdir -p certs
	-mkdir -p newcerts
	-mkdir -p crl
	echo "01" > serial
	touch index.txt
	touch dirsmade

#
# You do not want to run these targets unless you are sure you
# know what you are doing!
74 75 76 77
#
install:
	@echo "BE VERY CAREFUL! INSTALLING NEW CERTS CAN CAUSE DISASTER!"

78
boss-install:	$(INSTALL_ETCDIR)/emulab.pem \
79 80
		$(INSTALL_ETCDIR)/server.pem
	$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
81

82 83 84
client-install:
	$(INSTALL_DATA) localnode.pem /etc/testbed/client.pem
	$(INSTALL_DATA) emulab.pem /etc/testbed/emulab.pem
85 86

clean:
87 88
	rm -f *.pem serial index.txt *.old dirsmade *.cnf
	rm -rf newcerts certs