bin/setup, lib/func.tcl: Move root key generation into the library.

diff --git a/bin/setup b/bin/setup
index b0e2226..723a4c0 100755 (executable)
--- a/bin/setup
+++ b/bin/setup
@@ -61,18 +61,7 @@ file attributes "state/ca.db.new" \
 
 ## Generate the private CA key.
 make-directories 0750 "private"
-set subject ""
-foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
-exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
-    -text -out "ca.cert" -keyout "private/ca.key" \
-    -new -x509 -days $C(ca-period) \
-    -subj $subject
-file attributes "private/ca.key" \
-    -owner $C(ca-owner) -group $C(ca-group) \
-    -permissions 0640
-file attributes "ca.cert" \
-    -owner $C(ca-owner) -group $C(ca-group) \
-    -permissions 0644
+generate-root-key
 
 ## Set up the directories for the actual certificates.  These are published
 ## by the web server.

diff --git a/lib/func.tcl b/lib/func.tcl
index 3dd35c3..1b53f2f 100644 (file)
--- a/lib/func.tcl
+++ b/lib/func.tcl
@@ -496,6 +496,26 @@ proc cert-seq {file} {
 }
 
 ###--------------------------------------------------------------------------
+### Generating the root key.
+
+proc generate-root-key {} {
+  global C
+
+  set subject ""
+  foreach {attr value} $C(ca-name) { append subject "/$attr=$value" }
+  exec >@stdout 2>@stderr openssl req -config "etc/openssl.conf"  \
+      -text -out "ca.cert" -keyout "private/ca.key" \
+      -new -x509 -days $C(ca-period) \
+      -subj $subject
+  file attributes "private/ca.key" \
+      -owner $C(ca-owner) -group $C(ca-group) \
+      -permissions 0640
+  file attributes "ca.cert" \
+      -owner $C(ca-owner) -group $C(ca-group) \
+      -permissions 0644
+}
+
+###--------------------------------------------------------------------------
 ### Certificate requests.
 
 proc request-match {reqid cond} {