Mercurial > illumos > illumos-gate

changeset 3667:089a83b5d0bc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6391249 elfsign needs to support Verisign certificate chain
author johnz
date Fri, 16 Feb 2007 12:27:32 -0800
parents 4c0bd30907d2
children dc5b9a9208ca
files usr/src/Makefile.master usr/src/cmd/cmd-crypto/etc/Makefile usr/src/cmd/cmd-crypto/etc/certs/SUNWObjectCA usr/src/pkgdefs/SUNWcryptoint/prototype_com usr/src/pkgdefs/SUNWcsr/prototype_com usr/src/req.flg
diffstat 6 files changed, 92 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/Makefile.master	Fri Feb 16 09:49:34 2007 -0800
+++ b/usr/src/Makefile.master	Fri Feb 16 12:27:32 2007 -0800
@@ -775,24 +775,28 @@
 ELFSIGN_CRYPTO=	$(ELFSIGN_O)
 ELFSIGN_OBJECT=	$(ELFSIGN_O)
 $(EXPORT_RELEASE_BUILD)ELFSIGN_O =	$(ELFSIGN)
+$(EXPORT_RELEASE_BUILD)ELFSIGN_CFNAME =	SUNWosnetCF
 $(EXPORT_RELEASE_BUILD)ELFSIGN_KEY =	\
-			$(CLOSED)/cmd/cmd-crypto/etc/keys/SUNWosnet
+			$(CLOSED)/cmd/cmd-crypto/etc/keys/$(ELFSIGN_CFNAME)
 $(EXPORT_RELEASE_BUILD)ELFSIGN_CERT=	\
-			$(CLOSED)/cmd/cmd-crypto/etc/certs/SUNWosnet
+			$(CLOSED)/cmd/cmd-crypto/etc/certs/$(ELFSIGN_CFNAME)
+$(EXPORT_RELEASE_BUILD)ELFSIGN_CLNAME =	SUNWosnetCFLimited
 $(EXPORT_RELEASE_BUILD)ELFSIGN_KEY_LIMITED =	\
-			$(CLOSED)/cmd/cmd-crypto/etc/keys/SUNWosnetLimited
+			$(CLOSED)/cmd/cmd-crypto/etc/keys/$(ELFSIGN_CLNAME)
 $(EXPORT_RELEASE_BUILD)ELFSIGN_CERT_LIMITED=	\
-			$(CLOSED)/cmd/cmd-crypto/etc/certs/SUNWosnetLimited
+			$(CLOSED)/cmd/cmd-crypto/etc/certs/$(ELFSIGN_CLNAME)
+$(EXPORT_RELEASE_BUILD)ELFSIGN_SENAME =	SUNWosnetSE
 $(EXPORT_RELEASE_BUILD)ELFSIGN_SEKEY =	\
-			$(CLOSED)/cmd/cmd-crypto/etc/keys/SUNWosnetSolaris
+			$(CLOSED)/cmd/cmd-crypto/etc/keys/$(ELFSIGN_SENAME)
 $(EXPORT_RELEASE_BUILD)ELFSIGN_SECERT=	\
-			$(CLOSED)/cmd/cmd-crypto/etc/certs/SUNWosnetSolaris
+			$(CLOSED)/cmd/cmd-crypto/etc/certs/$(ELFSIGN_SENAME)
 $(EXPORT_RELEASE_BUILD)ELFSIGN_CRYPTO=	$(ELFSIGN_O) sign \
 			$(ELFSIGN_FORMAT_OPTION) \
 			-k $(ELFSIGN_KEY) -c $(ELFSIGN_CERT) -e $@
 $(EXPORT_RELEASE_BUILD)ELFSIGN_CRYPTO_LIMITED=	$(ELFSIGN_O) sign \
 			$(ELFSIGN_FORMAT_OPTION) \
-			-k $(ELFSIGN_KEY_LIMITED) -c $(ELFSIGN_CERT_LIMITED) -e $@
+			-k $(ELFSIGN_KEY_LIMITED) -c $(ELFSIGN_CERT_LIMITED) \
+			-e $@
 $(EXPORT_RELEASE_BUILD)ELFSIGN_OBJECT=	$(ELFSIGN_O) sign \
 			$(ELFSIGN_FORMAT_OPTION) \
 			-k $(ELFSIGN_SEKEY) -c $(ELFSIGN_SECERT) -e $@
--- a/usr/src/cmd/cmd-crypto/etc/Makefile	Fri Feb 16 09:49:34 2007 -0800
+++ b/usr/src/cmd/cmd-crypto/etc/Makefile	Fri Feb 16 12:27:32 2007 -0800
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -33,11 +33,13 @@
 	kcf.conf \
 	pkcs11.conf \
 	$(RELEASECRYPTO:%=certs/%) \
-	certs/CA
+	certs/CA \
+	certs/SUNWObjectCA
 
 ETCCERTSFILES = \
 	$(RELEASECERTS) \
-	SUNWSolarisCA
+	SUNWSolarisCA \
+	SUNWObjectCA
 
 include ../../Makefile.cmd
 
@@ -56,6 +58,10 @@
 IETCCRYPTOFILES=	$(ETCCRYPTOFILES:%=$(ROOTCRYPTODIR)/%)
 IETCCERTSFILES=		$(ETCCERTSFILES:%=$(ROOTETCCERTSDIR)/%)
 
+$(ROOTCRYPTOCERTSDIR)/SUNWObjectCA: \
+			$(ROOTETCCERTSDIR)/SUNWObjectCA
+			$(RM) $@
+			$(LN) $(ROOTETCCERTSDIR)/SUNWObjectCA $@
 $(ROOTCRYPTODIR)/%:	%
 			$(INS.file)
 $(RELEASECRYPTO:%=$(ROOTCRYPTODIR)/certs/%): \
@@ -65,6 +71,10 @@
 				certs/$(@F:SUNW_SunOS_5.%=SUNWCryptographic%)
 			$(MV) $(@D)/$(@F:SUNW_SunOS_5.%=SUNWCryptographic%) $@
 
+$(ROOTETCCERTSDIR)/SUNWObjectCA: \
+			certs/$(@F)
+			$(RM) $@
+			$(INS) -s -m $(FILEMODE) -f $(@D) certs/$(@F)
 $(ROOTETCCERTSDIR)/%:	certs/%
 			$(INS.file)
 $(RELEASECERTS:%=$(ROOTETCCERTSDIR)/%): \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/cmd/cmd-crypto/etc/certs/SUNWObjectCA	Fri Feb 16 12:27:32 2007 -0800
@@ -0,0 +1,55 @@
+CDDL HEADER START
+
+The contents of this file are subject to the terms of the
+Common Development and Distribution License (the "License").
+You may not use this file except in compliance with the License.
+
+You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+or http://www.opensolaris.org/os/licensing.
+See the License for the specific language governing permissions
+and limitations under the License.
+
+When distributing Covered Code, include this CDDL HEADER in each
+file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+If applicable, add the following below this CDDL HEADER, with the
+fields enclosed by brackets "[]" replaced with your own identifying
+information: Portions Copyright [yyyy] [name of copyright owner]
+
+CDDL HEADER END
+
+Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+Use is subject to license terms.
+
+ident	"%Z%%M%	%I%	%E% SMI"
+
+Subject: O=Sun Microsystems Inc, OU=VeriSign Trust Network,
+	 OU=Class 2 OnSite Subscriber CA, CN=Object Signing CA
+-----BEGIN CERTIFICATE-----
+MIIE5jCCA86gAwIBAgIQHiBGeRMOJw614tvYy3sSTTANBgkqhkiG9w0BAQUFADBn
+MR0wGwYDVQQKExRTdW4gTWljcm9zeXN0ZW1zIEluYzEfMB0GA1UECxMWVmVyaVNp
+Z24gVHJ1c3QgTmV0d29yazElMCMGA1UEAxMcU3VuIE1pY3Jvc3lzdGVtcyBJbmMg
+Um9vdCBDQTAeFw0wNTA2MDIwMDAwMDBaFw0xNTA2MDEyMzU5NTlaMIGDMR0wGwYD
+VQQKExRTdW4gTWljcm9zeXN0ZW1zIEluYzEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
+c3QgTmV0d29yazElMCMGA1UECxMcQ2xhc3MgMiBPblNpdGUgU3Vic2NyaWJlciBD
+QTEaMBgGA1UEAxMRT2JqZWN0IFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQCg11iz+jzt569G9o4Vs3MlR2fdElcXuqKSwjPicPFDy4m2
+6dZY9ZQo81pAWJ0fN4MqDnGsyrhJx+ql2rjbdpa260aSEGMSXLc4EDk9aXXmUxzR
+F1qCQtHi6jGK8yjg2cBN3YDOGXGZhJ/2G3jrMIeXzJCBStp0vYvWQTDEAwCy/4Il
+EkAt+YT/YBaY1Ezw1wm0IU33hx5QUgcOty5sjIhqMdruOBRS7g/Qkql+d2jDrfon
+nM4ihhoo/TCg+c5IQka73gdPh7/3GrfYBbh7pLH3vI6eaaw0K7v8L7P47cxNFWkV
+PLIaSf6lGJsBjSQ3qAXobOdwfNxDZebu6aysnUp1AgMBAAGjggFvMIIBazASBgNV
+HRMBAf8ECDAGAQH/AgEBMH4GA1UdIAR3MHUwOQYLYIZIAYb4RQEHFwIwKjAoBggr
+BgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTA4BgtghkgBhvcA
+g32cPzApMCcGCCsGAQUFBwIBFhtodHRwczovL3d3dy5zdW4uY29tL3BraS9jcHMw
+VQYDVR0fBE4wTDBKoEigRoZEaHR0cDovL29uc2l0ZWNybC52ZXJpc2lnbi5jb20v
+b2ZmbGluZWNhL1N1bk1pY3Jvc3lzdGVtc0luY1Jvb3RDQS5jcmwwDgYDVR0PAQH/
+BAQDAgEGMC4GA1UdEQQnMCWkIzAhMR8wHQYDVQQDExZQcml2YXRlTGFiZWwzLTIw
+NDgtMTM5MB0GA1UdDgQWBBSzRyuCflO0c8q4uxm3voFNB5XH7TAfBgNVHSMEGDAW
+gBSWnZvglBo6TSLGmzGaYEOhH6GvCDANBgkqhkiG9w0BAQUFAAOCAQEAQWYm4iue
+jc604UZPYHMcpUb9lpLliKs6bNyNUYruMNe2yonsNDGZnj6yxJhHfC8B1z8lpcY1
++GsgfWXClBDQqDDahCXnOey5XZ91GXjYDNBY78K3lgUtBwIHof35QD/pOXgpk6V0
+pTn7K/A+kv3N/ccYTaP0hFV886UrpN8FVUQCVRvMIMGMeoNgSFK4E61oDgx0gZL7
+DScQgXqQzdBkWvlsNnms5dxycWCC2qPlhO9psU1DhwBCKWuxb3JAEm4jlqD8wY4L
+HudIlOgGyGLqTyca7FvZJoBUdk7r1Vg5bL/+ct1PUA4C199C0A2CzUOJhf6NOKcB
+NOy6lEf7vs3myQ==
+-----END CERTIFICATE-----
--- a/usr/src/pkgdefs/SUNWcryptoint/prototype_com	Fri Feb 16 09:49:34 2007 -0800
+++ b/usr/src/pkgdefs/SUNWcryptoint/prototype_com	Fri Feb 16 12:27:32 2007 -0800
@@ -19,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -48,10 +48,13 @@
 d none etc 755 root sys
 d none etc/certs 755 root sys
 f none etc/certs/SUNWosnetSolaris 644 root sys
+f none etc/certs/SUNWosnetSE 644 root sys
 d none etc/crypto 755 root sys
 d none etc/crypto/certs 755 root sys
 f none etc/crypto/certs/SUNWosnet 644 root sys
 f none etc/crypto/certs/SUNWosnetLimited 644 root sys
+f none etc/crypto/certs/SUNWosnetCF 644 root sys
+f none etc/crypto/certs/SUNWosnetCFLimited 644 root sys
 d none kernel 755 root sys
 d none kernel/crypto 755 root sys
 d none kernel/drv 755 root sys
--- a/usr/src/pkgdefs/SUNWcsr/prototype_com	Fri Feb 16 09:49:34 2007 -0800
+++ b/usr/src/pkgdefs/SUNWcsr/prototype_com	Fri Feb 16 12:27:32 2007 -0800
@@ -96,6 +96,7 @@
 s none etc/TIMEZONE=./default/init
 s none etc/autopush=../sbin/autopush
 d none etc/certs 755 root sys
+f none etc/certs/SUNWObjectCA 644 root sys
 f none etc/certs/SUNWSolarisCA 644 root sys
 f none etc/certs/SUNW_SunOS_5.10 644 root sys
 s none etc/cfgadm=../usr/sbin/cfgadm
@@ -110,6 +111,7 @@
 e pkcs11confbase etc/crypto/pkcs11.conf 644 root sys
 d none etc/crypto/certs 755 root sys
 f none etc/crypto/certs/CA 644 root sys
+l none etc/crypto/certs/SUNWObjectCA=../../../etc/certs/SUNWObjectCA
 f none etc/crypto/certs/SUNW_SunOS_5.10 644 root sys
 f none etc/crypto/certs/SUNW_SunOS_5.11_Limited 644 root sys
 d none etc/crypto/crls 755 root sys
--- a/usr/src/req.flg	Fri Feb 16 09:49:34 2007 -0800
+++ b/usr/src/req.flg	Fri Feb 16 12:27:32 2007 -0800
@@ -20,7 +20,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
@@ -37,9 +37,9 @@
 echo_file usr/src/tools/abi/etc/ABI_sparc.db
 echo_file usr/src/tools/abi/etc/ABI_i386.db
 echo_file usr/src/tools/abi/etc/exceptions
-echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnet
-echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnetLimited
-echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnetSolaris
-echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnet
-echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnetLimited
-echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnetSolaris
+echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnetCF
+echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnetCFLimited
+echo_file usr/closed/cmd/cmd-crypto/etc/certs/SUNWosnetSE
+echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnetCF
+echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnetCFLimited
+echo_file usr/closed/cmd/cmd-crypto/etc/keys/SUNWosnetSE