updating TODO, etc.
This commit is contained in:
parent
673a54ef2e
commit
8726f63c7c
@ -6,6 +6,7 @@
|
||||
-- https://github.com/akopytov/sysbench
|
||||
-- (http://blog.due.io/2014/linode-digitalocean-and-vultr-comparison/ etc.)
|
||||
-package in AUR
|
||||
-base rewrite in python. pyalpm may come in handy here.
|
||||
|
||||
|
||||
## NETWORKING ##
|
||||
|
@ -37,7 +37,8 @@ VerbosePkgLists
|
||||
|
||||
# By default, pacman accepts packages signed by keys that its local keyring
|
||||
# trusts (see pacman-key and its man page), as well as unsigned packages.
|
||||
SigLevel = Required DatabaseOptional
|
||||
#SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
|
||||
SigLevel = Never
|
||||
LocalFileSigLevel = Optional
|
||||
#RemoteFileSigLevel = Required
|
||||
|
||||
|
@ -37,7 +37,8 @@ VerbosePkgLists
|
||||
|
||||
# By default, pacman accepts packages signed by keys that its local keyring
|
||||
# trusts (see pacman-key and its man page), as well as unsigned packages.
|
||||
SigLevel = Required DatabaseOptional
|
||||
#SigLevel = Required DatabaseOptional #RE-ENABLE ME WHEN A NEW SNAPSHOT IS RELEASED WITH FIXED GPG
|
||||
SigLevel = Never
|
||||
LocalFileSigLevel = Optional
|
||||
#RemoteFileSigLevel = Required
|
||||
|
||||
|
@ -316,9 +316,9 @@ EOF
|
||||
echo 01 > ${SSLDIR}/txt/ca.srl
|
||||
fi
|
||||
touch ${SSLDIR}/txt/ca.idx
|
||||
openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512
|
||||
openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512
|
||||
openssl ca -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt
|
||||
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -x509 -newkey rsa:4096 -nodes -out ${IPXE_SSL_CA} -keyout ${IPXE_SSL_CAKEY} -sha512
|
||||
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${SSLDIR}/keys/server.key -nodes -out ${SSLDIR}/crts/server.csr -sha512
|
||||
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/server.csr -out ${SSLDIR}/crts/server.crt
|
||||
#cat crts/server.crt crts/ca.crt > crts/server_chained.crt
|
||||
elif [[ -z "${IPXE_SSL_CA}" && -e "${IPXE_SSL_CAKEY}" ]];
|
||||
then
|
||||
@ -339,9 +339,9 @@ EOF
|
||||
IPXE_SSL_CRT="${SSLDIR}/crts/client.crt"
|
||||
IPXE_DOMAIN=$(echo ${IPXE_URI} | sed -re 's/^(f|ht)tps?:\/\/// ; s/\/.*//')
|
||||
# Generate SSL client key.
|
||||
openssl req -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512
|
||||
openssl req -days 3650 -subj "/CN=${IPXE_DOMAIN}/O=${PNAME}/C=NA" -newkey rsa:4096 -keyout ${IPXE_SSL_KEY} -nodes -out ${SSLDIR}/crts/client.csr -sha512
|
||||
# Sign the crt.
|
||||
openssl ca -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT}
|
||||
openssl ca -days 3650 -batch -config ${SSLDIR}/openssl.cnf -keyfile ${IPXE_SSL_CAKEY} -in ${SSLDIR}/crts/client.csr -out ${IPXE_SSL_CRT}
|
||||
elif [[ -z "${IPXE_SSL_CRT}" && -e "${IPXE_SSL_KEY}" ]];
|
||||
then
|
||||
echo "ERROR: You specified IPXE_SSL_KEY but not IPXE_SSL_CRT. If one is specified, the other must be also."
|
||||
|
Loading…
Reference in New Issue
Block a user