[4/6] wireless-regdb: Better support for generating public certificates

Commit Message

Seth Forshee Dec. 22, 2017, 6:03 a.m. UTC

The current makefile rule for the public certificate calls for an
openssl config file which is not provided. Let's put the pubcert
generation into a script named gen-pubcert.sh and embed the
openssl configuration file there.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 Makefile       |  4 +---
 gen-pubcert.sh | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100755 gen-pubcert.sh

Patch

diff --git a/Makefile b/Makefile
index 9532c29a1dc2..044251f64785 100644
--- a/Makefile
+++ b/Makefile
@@ -79,9 +79,7 @@  $(REGDB_PUBKEY): $(REGDB_PRIVKEY)
 
 $(REGDB_PUBCERT): $(REGDB_PRIVKEY)
 	@echo "Generating certificate for $(REGDB_AUTHOR)..."
-	@openssl req -config regulatory.openssl.conf \
-		-key $(REGDB_PRIVKEY) -days 36500 -utf8 -nodes -batch \
-		-x509 -outform PEM -out $(REGDB_PUBCERT)
+	./gen-pubcert.sh $(REGDB_PRIVKEY) $(REGDB_PUBCERT)
 	@echo $(REGDB_PUBKEY) > .custom
 
 
diff --git a/gen-pubcert.sh b/gen-pubcert.sh
new file mode 100755
index 000000000000..1a4d57999e5d
--- /dev/null
+++ b/gen-pubcert.sh
@@ -0,0 +1,18 @@ 
+#!/bin/bash
+
+if [[ $# -ne 2 ]]; then
+	echo "Usage: $0 priv-key out-file"
+	exit 1
+fi
+
+openssl req -new -key "$1" -days 36500 -utf8 -nodes -batch \
+	-x509 -outform PEM -out "$2" \
+	-config <(cat <<-EOF
+		[ req ]
+		distinguished_name = req_distinguished_name
+		string_mask = utf8only
+		prompt = no
+		[ req_distinguished_name ]
+		commonName = sforshee
+		EOF
+	)