GNUmakefile.in 4.23 KB
Newer Older
1
#
Leigh Stoller's avatar
Leigh Stoller committed
2 3 4
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# All rights reserved.
5
#
Leigh Stoller's avatar
Leigh Stoller committed
6

7 8 9 10 11 12 13 14
SRCDIR		= @srcdir@
TESTBED_SRCDIR	= @top_srcdir@
EVENTSYS	= @EVENTSYS@
OBJDIR		= ..
SUBDIR		= ssl

include $(OBJDIR)/Makeconf

15
all:	emulab.pem server.pem localnode.pem ronnode.pem pcwa.pem keys
16 17 18 19 20 21 22 23 24 25 26

include $(TESTBED_SRCDIR)/GNUmakerules

#
# You do not want to run these targets unless you are sure you
# know what you are doing! You really do not want to install these
# unless you are very sure you know what you are doing. You could
# mess up all the clients when the CA changes out from under them.
#
pems:	emulab.pem server.pem client.pem

27
emulab.pem:	dirsmade emulab.cnf
28 29 30 31
	#
	# Create the Certificate Authority.
	# The certificate (no key!) is installed on both boss and remote nodes.
	#
32
	openssl req -new -x509 -days 1000 -config emulab.cnf \
33 34 35
		    -keyout cakey.pem -out cacert.pem
	cp cacert.pem emulab.pem

36
server.pem:	dirsmade server.cnf ca.cnf
37 38 39
	#
	# Create the server side private key and certificate request.
	#
40 41
	openssl req -new -config server.cnf \
		-keyout server_key.pem -out server_req.pem
42 43 44
	#
	# Combine key and cert request.
	#
45
	cat server_key.pem server_req.pem > newreq.pem
46 47 48
	#
	# Sign the server cert request, creating a server certificate.
	#
49 50
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out server_cert.pem \
51 52 53 54 55 56
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by tmcd.
	#
57
	cat server_key.pem server_cert.pem > server.pem
58 59
	rm -f newreq.pem

60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
capture.pem:	dirsmade capture.cnf ca.cnf
	#
	# Create the server side private key and certificate request.
	#
	openssl req -new -config capture.cnf \
		-keyout capture_key.pem -out capture_req.pem
	#
	# Combine key and cert request.
	#
	cat capture_key.pem capture_req.pem > newreq.pem
	#
	# Sign the capture cert request, creating a capture certificate.
	#
	openssl ca -batch -policy policy_match -config ca.cnf \
		-out capture_cert.pem \
		-cert cacert.pem -keyfile cakey.pem \
		-infiles newreq.pem
	#
	# Combine the key and the certificate into one file which is installed
	# on boss and used by capture.
	#
	cat capture_key.pem capture_cert.pem > capture.pem
	rm -f newreq.pem

84 85 86 87 88
localnode.pem:	dirsmade localnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh localnode

ronnode.pem:	dirsmade ronnode.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh ronnode
89

90 91 92
pcplab.pem:		dirsmade pcplab.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh pcplab

93 94 95
pcwa.pem:		dirsmade pcwa.cnf ca.cnf $(SRCDIR)/mkclient.sh
	$(SRCDIR)/mkclient.sh pcwa

96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
keys:		emulab_privkey.pem emulab_pubkey.pem

emulab_privkey.pem:
	#
	# Generate a priv key for signing stuff. This one gets a
	# passphrase.
	# 
	openssl genrsa -out emulab_privkey.pem -des3

emulab_pubkey.pem:	emulab_privkey.pem
	#
	# Extract a pubkey from the privkey
	# 
	openssl rsa -in emulab_privkey.pem -pubout -out emulab_pubkey.pem

111 112 113 114 115 116 117 118 119 120 121
dirsmade:
	-mkdir -p certs
	-mkdir -p newcerts
	-mkdir -p crl
	echo "01" > serial
	touch index.txt
	touch dirsmade

#
# You do not want to run these targets unless you are sure you
# know what you are doing!
122 123 124 125
#
install:
	@echo "BE VERY CAREFUL! INSTALLING NEW CERTS CAN CAUSE DISASTER!"

126
boss-installX:	$(INSTALL_ETCDIR)/emulab.pem \
127
		$(INSTALL_ETCDIR)/server.pem \
128
		$(INSTALL_ETCDIR)/pcplab.pem \
129
		$(INSTALL_ETCDIR)/pcwa.pem \
130
		$(INSTALL_ETCDIR)/ronnode.pem \
131 132 133
		$(INSTALL_ETCDIR)/capture.pem \
		$(INSTALL_ETCDIR)/emulab_privkey.pem \
		$(INSTALL_ETCDIR)/emulab_pubkey.pem
134
	$(INSTALL_DATA) localnode.pem $(INSTALL_ETCDIR)/client.pem
135 136 137 138
	chmod 640 $(INSTALL_ETCDIR)/emulab.pem
	chmod 640 $(INSTALL_ETCDIR)/server.pem
	chmod 640 $(INSTALL_ETCDIR)/client.pem
	chmod 640 $(INSTALL_ETCDIR)/pcplab.pem
139
	chmod 640 $(INSTALL_ETCDIR)/ronnode.pem
140
	chmod 640 $(INSTALL_ETCDIR)/pcwa.pem
141
	chmod 640 $(INSTALL_ETCDIR)/emulab_privkey.pem
142

143
client-install:
144 145 146 147
	$(INSTALL_DATA) localnode.pem $(DESTDIR)$(CLIENT_ETCDIR)/client.pem
	$(INSTALL_DATA) emulab.pem $(DESTDIR)$(CLIENT_ETCDIR)/emulab.pem
	$(INSTALL_DATA) emulab_pubkey.pem \
			$(DESTDIR)$(CLIENT_ETCDIR)/emulab_pubkey.pem
148

149 150 151
tipserv-install:	$(INSTALL_SBINDIR)/capture.pem
	chmod 640 $(INSTALL_SBINDIR)/capture.pem

152
clean:
153 154
	rm -f *.pem serial index.txt *.old dirsmade *.cnf
	rm -rf newcerts certs