Allow build files for certs

2021-01-02 02:35:44 +00:00 · 2021-01-02 02:35:44 +00:00 · 4edabeec45
parent 2411a83688
commit 4edabeec45
3 changed files with 91 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,9 @@
 src/
 pkg/
 .rootbld-repositories
-secrets/
+secrets/nginx-httpauth
+secrets/letsencrypt/private.key
+secrets/letsencrypt/public.pem
 configs/murmur/murmur.ini
 configs/transmission/main.json
 configs/wireguard/main.conf
--- a/secrets/letsencrypt/APKBUILD
+++ b/secrets/letsencrypt/APKBUILD
@ -0,0 +1,51 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-secret-letsencrypt
+pkgver=2020.12.18
+pkgrel=1
+pkgdesc="LetsEncrypt keys"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+subpackages="$pkgname-private $pkgname-public $pkgname-fullchain"
+source="
+	private.key
+	public.pem
+	ca.pem
+"
+checkdepends="openssl"
+install="$pkgname-private.pre-install $pkgname-fullchain.pre-install"
+builddir="$srcdir"
+
+build() {
+	cat public.pem ca.pem private.key > fullchain.crt
+}
+
+package() {
+	mkdir -p $pkgdir
+}
+
+check() {
+	openssl x509 -in public.pem -noout -checkend 0 >/dev/null && return
+	error "You have provided a expired certificate!"
+	return 1
+}
+
+private() {
+	pkgdesc="Private key"
+	install -Dm400 -g 3005 "$srcdir"/private.key "$subpkgdir"/etc/ssl/redxen/letsencrypt/private.key
+}
+
+fullchain() {
+	pkgdesc="Full chain of certificates (public and private)"
+	install -Dm400 -g 3005 "$builddir"/fullchain.crt "$subpkgdir"/etc/ssl/redxen/letsencrypt/fullchain.crt
+}
+
+public() {
+	pkgdesc="Public key"
+	install -Dm444 -g 3005 "$srcdir"/public.pem "$subpkgdir"/etc/ssl/redxen/letsencrypt/public.pem
+}
+
+sha512sums="11d85953a19bbc4ccea99370d0c7bc1fea78398173602b2b0b4b393704887d9686705456c2b1c8857242c1ced6efe0dd3aca1b202ba5d72549185bd4d1a5feaf  private.key
+c215e38eb78e359f9a27170c936af9b6fb0b04344e5202aaf6128d178e665d3643dfb27fd57ad9cda30351769e43c7b1ce2189a87bf804ab3a90d3808dc8f954  public.pem
+0fa893f751f0880c7d89c398cae9708f5ff04d466832fb6160a824395032259ac52e02a44da531d0f8bf7e310298b0067b1e8257f816d3223034f391ecba491d  ca.pem"
--- a/secrets/selfsigned/APKBUILD
+++ b/secrets/selfsigned/APKBUILD
@ -0,0 +1,37 @@
+# Contributor: Alex Denes <caskd@redxen.eu>
+# Maintainer: Alex Denes <caskd@redxen.eu>
+pkgname=redxen-secret-selfsigned
+pkgver=2021.01.02
+pkgrel=1
+pkgdesc="Self-signed keys"
+url="https://git.redxen.eu/RedXen"
+arch="noarch"
+license="none"
+options="!check"
+makedepends="openssl"
+subpackages="$pkgname-private $pkgname-public $pkgname-fullchain"
+install="$pkgname-private.pre-install $pkgname-fullchain.pre-install"
+builddir="$srcdir"
+
+build() {
+	openssl genrsa -out private.key 4096
+	openssl req -new -key private.key -days 365 -out public.pem -x509 -subj '/C=DE/ST=Bavaria/L=Nurnberg/O=RedXen/CN=redxen.eu'
+	cat public.pem private.key > fullchain.crt
+}
+
+package() {
+	mkdir -p $pkgdir
+}
+
+private() {
+	pkgdesc="Private key"
+	install -Dm440 -g 3000 "$builddir"/private.key "$subpkgdir"/etc/ssl/redxen/selfsigned/private.key
+}
+fullchain() {
+	pkgdesc="Full chain of certificates (public and private)"
+	install -Dm440 -g 3000 "$builddir"/fullchain.crt "$subpkgdir"/etc/ssl/redxen/selfsigned/fullchain.crt
+}
+public() {
+	pkgdesc="Public key"
+	install -Dm444 -g 3000 "$builddir"/public.pem "$subpkgdir"/etc/ssl/redxen/selfsigned/public.pem
+}