# Do not edit this file. To configure edit Makefile.configure # Setting openssl path include ./Makefile.configure .DEFAULT_GOAL=help OPENSSL = $(firstword $(wildcard $(subst :,/openssl ,${PATH}))) ifeq ($(strip ${OPENSSL}),) $(error I cannot find openssl in current path ${PATH}. Is it installed ?) endif CAROOT = $(abspath .) CA_DIR = ${CAROOT}/.ca SERVER_DIR = ${CAROOT}/server SKEL_DIR = ${CAROOT}/.skel LOGFILE = ${CAROOT}/CA.log SSLCONF = ${CAROOT}/ssl.conf SERVERS = $(wildcard ${SERVER_DIR}/${server}) TIME = [`date +"%c"`] ECHO = @echo ifeq ($(strip ${confirm}),yes) CA = CAROOT=${CAROOT} ${OPENSSL} ca -config ${SSLCONF} -batch else CA = CAROOT=${CAROOT} ${OPENSSL} ca -config ${SSLCONF} endif log = echo ${TIME} $(1) >> ${LOGFILE} TARGETS = $(sort ca expire new configure certify revoke update \ update-url restart crl show obliterate) .PHONY : ${TARGETS} ifeq ($(strip ${VERBOSE}),) .SILENT: ${TARGETS} show-server show-ca MAKECA=make -s -C ${CA_DIR} make_server = ${MAKE} -s SERVER=$(notdir $(1)) -C $(1) $(2) else MAKECA=make -C ${CA_DIR} make_server = ${MAKE} SERVER=$(notdir $(1)) -C $(1) $(2) endif GENCRL = ${CA} -gencrl for_matched_servers = $(foreach s,${SERVERS},$(call $(1),${s},$(2));) for_all_servers = $(foreach s,$(wildcard ${SERVER_DIR}/*),\ $(call $(1),${s},$(2);)) error_if_unset = if [ -z '$(strip $(1))' ] ; then\ echo $(2); exit 1; fi; export OPENSSL CAROOT LOGFILE CA TIME VERBOSE ca: echo Making CA ${MAKECA} ; echo -n Making Server directory ...;\ mkdir -p server;\ echo done. expire : ${MAKECA} expire new : server-should-be-set server-should-not-exist cp -r ${SKEL_DIR} ${SERVER_DIR}/${server} $(call log, new server named ${server} created) make configure SERVER=${server} configure : server-should-be-set editor-should-be-set ${EDITOR} server/${server}/Makefile.configure;\ $(call log, server \"${server}\" '(re)configured'); \ certify : server-should-be-set $(call for_matched_servers, make_server, certificate.pem) revoke : server-should-be-set $(call for_matched_servers, make_server, certificate.revoked) update : server-should-be-set $(call for_matched_servers, make_server, update)\ echo Done updating ${SERVERS} restart : server-should-be-set $(call for_matched_servers, make_server, restart) update-url : crl $(call error_if_unset,${PUBLIC_CRL_URL},\ variable PUBLIC_CRL_URL not defined in Makefile.configure) $(call error_if_unset,${PUBLIC_CERT_URL},\ variable PUBLIC_CRL_URL not defined in Makefile.configure) scp crl.pem ${PUBLIC_CRL_URL}; scp .ca/certificate.pem ${PUBLIC_CERT_URL}; ifneq "$(strip ${PUBLIC_CRL_URL_DER})" "" scp crl.der ${PUBLIC_CRL_URL_DER} endif ifneq "$(strip ${PUBLIC_CERT_URL_DER})" "" make -C .ca certificate.der scp .ca/certificate.der ${PUBLIC_CERT_URL_DER} endif obliterate : ${MAKECA} obliterate rm -rf server rm -f crl.pem rm -f CA.log crl : ${GENCRL} > crl.pem ${OPENSSL} crl -inform PEM -outform DER -in crl.pem -out crl.der .PHONY : server-should-be-set editor-should-set server-should-not-exist server-should-be-set: @ $(call error_if_unset,${server},"server variable should be set") editor-should-be-set: @ $(call error_if_unset,${EDITOR},"EDITOR should be set") server-should-not-exist : @ if [ -d '${SERVER_DIR}/${server}' ]; then\ echo server ${server} already exists 1>&2 ; exit 1;\ fi INFOS = $(sort fingerprint certificate request) SHOW_TARGETS = show show-ca show-ca-crl show-server .PHONY : ${SHOW_TARGETS} show : $(if ${server},show-server,show-ca) show-ca : if [ '${info}' = 'crl' ] ; then \ make -s show-ca-crl;\ else\ ${MAKECA} show;\ fi show-ca- show-server- : make -s help target=show show-ca-crl : ${OPENSSL} crl -text -noout -in crl.pem | less show-server : $(call for_matched_servers,make_server, show) HELP_SHOW_CA = $(addprefix help-,${SHOW_CA_TARGETS}) HELP_SHOW_SERVER = $(addprefix help-,${SHOW_SERVER_TARGETS}) HELP_TARGETS= help help- $(addprefix help-, ${TARGETS}) .PHONY : ${HELP_TARGETS} help : help-${target} help- : help-help help-help : ${ECHO} make help target=TARGET: prints a brief help. ${ECHO} -e \\tHere TARGET is absent or one of \{${TARGETS}\} help-show : ${ECHO} make show info=INFO: shows the information INFO of the CA. ${ECHO} -e \\tHere INFO can be one of ${INFOS} or crl. ${ECHO} ${ECHO} make show info=INFO server=WILDCARD: shows the information of servers ${ECHO} -e \\tmatching the shell wild card WILDCARD. Here INFO can be one of ${ECHO} -e \\t${INFOS} @ $(foreach topic, help-ca-crl ${HELP_SHOW_CA} ${HELP_SHOW_SERVER}, echo ; make -s ${topic};) ${HELP_SHOW_CA} : ${ECHO} make show info=$(patsubst help-show-ca-%,%,$@): shows the \ $(patsubst help-show-ca-%,%,$@) of the CA ${HELP_SHOW_SERVER} : ${ECHO} make show info=$(patsubst help-show-server-%,%,$@) server=WILDCARD: ${ECHO} -e \\tshows the $(patsubst help-show-server-%,%,$@)\ of the server matching WILDCARD help-ca-crl : ${ECHO} make show info=crl: shows the text form of the current crl help-ca : ${ECHO} make ca : creates the necessary certificates, directories, index ${ECHO} -e \\tfiles etc for the ca. This is required rarely say in the ${ECHO} -e \\tbegining and when ca certificates get expired. help-expire : ${ECHO} make expire : This expires the ca\'s certificates. To regenerate ${ECHO} -e \\t use make ca. help-obliterate : ${ECHO} make obliterate: Wipes everything clean \(WARNING: use only for testing\). help-new : ${ECHO} make new server=SERVER_NAME: creates and configures a new server. help-configure: ${ECHO} make configure server=SERVER_NAME: \(re\)configures a server. help-certify : ${ECHO} "make certify server=WILDCARD confirm=[yes|no]: certify server's" ${ECHO} -e \\tcertificate requests. The server variable can be a shell ${ECHO} -e \\twild card in which case requests of servers matching the ${ECHO} -e \\twild card are certified. If the confirm=yes is set, it is ${ECHO} -e \\tas if you have answered yes to all confirmations. Thus for ${ECHO} -e \\tyearly certification drives one can use the following ${ECHO} -e '\t'commands. ${ECHO} -e '\t\t' make certify server=\'*\' confirm=yes help-revoke : ${ECHO} make revoke server=WILDCARD: revokes server certificates. ${ECHO} -e \\tThe server variable can be a shell wild card in which case, ${ECHO} -e \\tcertificates of servers matching the wild card are revoked. help-update : ${ECHO} "make update server=WILDCARD confirm=[yes|no]: updates, i.e." ${ECHO} -e \\tgenerates request, certifies and restarts, the server. The ${ECHO} -e \\tserver name can be a shell wild card in which case the ${ECHO} -e \\tservers with name matching the wild card are updated. If ${ECHO} -e \\tconfirm=yes is set, it is as if all confirmations are ${ECHO} -e \\tanswered with yes. Thus for a batch update one can use the ${ECHO} -e \\tfollowing command: ${ECHO} -e \\t\\t"make update server='*' confirm=yes" # yearly updates help-restart: ${ECHO} make restart server=WILDCARD: restarts the server. The server name ${ECHO} -e \\tcan be a shell wild card in which case servers with names ${ECHO} -e \\tmatching the wild card are restarted. help-update-url : ${ECHO} make update-url : Updates the CRL and certificate on the CAs\ webpage help-crl : ${ECHO} make crl: generates the revocation list in crl.pem