bin/make-ca-key, lib/func.sh: Make user and group names configurable.

[ca] / bin / make-ca-key

diff --git a/bin/make-ca-key b/bin/make-ca-key
index f563bd9..d24a902 100755 (executable)
--- a/bin/make-ca-key
+++ b/bin/make-ca-key
@@ -3,6 +3,7 @@
 set -e
 certroot=$(cd ${0%/*}/..; pwd)
 cd "$certroot"
+. lib/func.sh
 umask 022
 
 ## Archive any existing CA.
@@ -27,27 +28,19 @@ rm -f ca.cert distorted.crl
 ## Build a new one.
 mkdir -m750 private
 mkdir -m775 certs crls index index/byhash index/byserial state tmp
-chown root:ca certs crls index index/byhash index/byserial private state tmp
+chown $ca_owner:$ca_group certs crls index index/byhash index/byserial private state tmp
 touch state/db
 echo 01 >state/serial
 echo 01 >state/crlnumber
 
 ## Set the CA subject name.  It won't fit on one line, and there's no
 ## good way of continuing it.  Have fun parsing the sed.
-subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <<EOF
-C=GB
-ST=Cambridgeshire
-O=distorted.org.uk
-OU=Certificate Authority
-CN=distorted.org.uk top-level CA
-emailAddress=ca@distorted.org.uk
-EOF
-)
+subject=$(sed -n 's:^:/:;1h;2,$H;${x;s/\n//g;p;}' <etc/issuer)
 
 ## Build the new CA key and certificate.
 umask 027
 openssl req -new -config openssl.conf -x509 -days 3650 \
        -out ca.cert -keyout private/ca.key \
        -subj "$subject"
-chown root:ca private/ca.key
+chown $ca_owner:$ca_group private/ca.key
 chmod 644 ca.cert