diff options
author | Ricardo Salveti <ricardo@opensourcefoundries.com> | 2018-03-29 15:47:26 -0300 |
---|---|---|
committer | Ricardo Salveti <ricardo@opensourcefoundries.com> | 2018-03-29 15:47:26 -0300 |
commit | 82a9c20ffb045011b53f3188d04d79f440ee8b06 (patch) | |
tree | 8309cc593f59861ed4848dea09b09b3f04e18416 /recipes-sota | |
parent | 2619e3f3312713f4077d83b2f2e5f9c7de66d12b (diff) | |
parent | b1a114da280a05cfc2b7b099c97101bd20cc6b8f (diff) | |
download | meta-updater-82a9c20ffb045011b53f3188d04d79f440ee8b06.tar.gz |
Merge remote-tracking branch 'origin/rocko' into rocko-merge
Signed-off-by: Ricardo Salveti <ricardo@opensourcefoundries.com>
Diffstat (limited to 'recipes-sota')
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-auto-prov.bb | 4 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | 72 | ||||
-rw-r--r-- | recipes-sota/aktualizr/aktualizr_git.bb | 65 | ||||
-rw-r--r-- | recipes-sota/aktualizr/environment.inc | 2 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/aktualizr-secondary.service | 9 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/aktualizr-secondary.socket | 6 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/aktualizr.service | 1 | ||||
-rw-r--r-- | recipes-sota/aktualizr/files/ca.cnf | 10 |
8 files changed, 147 insertions, 22 deletions
diff --git a/recipes-sota/aktualizr/aktualizr-auto-prov.bb b/recipes-sota/aktualizr/aktualizr-auto-prov.bb index 2190512..07e5bb8 100644 --- a/recipes-sota/aktualizr/aktualizr-auto-prov.bb +++ b/recipes-sota/aktualizr/aktualizr-auto-prov.bb | |||
@@ -35,7 +35,9 @@ do_install() { | |||
35 | install -d ${D}${libdir}/sota | 35 | install -d ${D}${libdir}/sota |
36 | install -d ${D}${localstatedir}/sota | 36 | install -d ${D}${localstatedir}/sota |
37 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then | 37 | if [ -n "${SOTA_PACKED_CREDENTIALS}" ]; then |
38 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_autoprov.toml ${D}${libdir}/sota/sota.toml | 38 | aktualizr_toml=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-network', 'sota_autoprov_primary.toml', 'sota_autoprov.toml', d)} |
39 | |||
40 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/${aktualizr_toml} ${D}${libdir}/sota/sota.toml | ||
39 | 41 | ||
40 | # deploy SOTA credentials | 42 | # deploy SOTA credentials |
41 | if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then | 43 | if [ -e ${SOTA_PACKED_CREDENTIALS} ]; then |
diff --git a/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb new file mode 100644 index 0000000..51e313d --- /dev/null +++ b/recipes-sota/aktualizr/aktualizr-ca-implicit-prov.bb | |||
@@ -0,0 +1,72 @@ | |||
1 | SUMMARY = "Aktualizr configuration for implicit provisioning with CA" | ||
2 | DESCRIPTION = "Systemd service and configurations for implicitly provisioning Aktualizr using externally provided or generated CA" | ||
3 | |||
4 | # WARNING: it is NOT a production solution. The secure way to provision devices is to create certificate request directly on the device | ||
5 | # (either with HSM/TPM or with software) and then sign it with a CA stored on a disconnected machine | ||
6 | |||
7 | HOMEPAGE = "https://github.com/advancedtelematic/aktualizr" | ||
8 | SECTION = "base" | ||
9 | LICENSE = "MPL-2.0" | ||
10 | LIC_FILES_CHKSUM = "file://${WORKDIR}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | ||
11 | |||
12 | DEPENDS = "aktualizr-native openssl-native" | ||
13 | RDEPENDS_${PN} = "aktualizr" | ||
14 | |||
15 | SRC_URI = " \ | ||
16 | file://LICENSE \ | ||
17 | file://ca.cnf \ | ||
18 | " | ||
19 | PV = "1.0" | ||
20 | PR = "1" | ||
21 | |||
22 | require environment.inc | ||
23 | require credentials.inc | ||
24 | |||
25 | export SOTA_CACERT_PATH | ||
26 | export SOTA_CAKEY_PATH | ||
27 | |||
28 | do_install() { | ||
29 | install -d ${D}${libdir}/sota | ||
30 | |||
31 | if [ -z "${SOTA_PACKED_CREDENTIALS}" ]; then | ||
32 | bberror "SOTA_PACKED_CREDENTIALS are required for implicit provisioning" | ||
33 | fi | ||
34 | |||
35 | if [ -z ${SOTA_CACERT_PATH} ]; then | ||
36 | SOTA_CACERT_PATH=${DEPLOY_DIR_IMAGE}/CA/cacert.pem | ||
37 | SOTA_CAKEY_PATH=${DEPLOY_DIR_IMAGE}/CA/ca.private.pem | ||
38 | mkdir -p ${DEPLOY_DIR_IMAGE}/CA | ||
39 | bbwarn "SOTA_CACERT_PATH is not specified, use default one at $SOTA_CACERT_PATH" | ||
40 | |||
41 | if [ ! -f ${SOTA_CACERT_PATH} ]; then | ||
42 | bbwarn "${SOTA_CACERT_PATH} does not exist, generate a new CA" | ||
43 | SOTA_CACERT_DIR_PATH="$(dirname "$SOTA_CACERT_PATH")" | ||
44 | openssl genrsa -out ${SOTA_CACERT_DIR_PATH}/ca.private.pem 4096 | ||
45 | openssl req -key ${SOTA_CACERT_DIR_PATH}/ca.private.pem -new -x509 -days 7300 -out ${SOTA_CACERT_PATH} -subj "/C=DE/ST=Berlin/O=Reis und Kichererbsen e.V/commonName=meta-updater" -batch -config ${WORKDIR}/ca.cnf -extensions cacert | ||
46 | bbwarn "${SOTA_CACERT_PATH} has been created, you'll need to upload it to the server" | ||
47 | fi | ||
48 | fi | ||
49 | |||
50 | if [ -z ${SOTA_CAKEY_PATH} ]; then | ||
51 | bberror "SOTA_CAKEY_PATH should be set when using implicit provisioning" | ||
52 | fi | ||
53 | |||
54 | install -d ${D}${libdir}/sota | ||
55 | install -d ${D}${localstatedir}/sota | ||
56 | install -m 0644 ${STAGING_DIR_NATIVE}${libdir}/sota/sota_implicit_prov_ca.toml ${D}${libdir}/sota/sota.toml | ||
57 | aktualizr_cert_provider --credentials ${SOTA_PACKED_CREDENTIALS} \ | ||
58 | --device-ca ${SOTA_CACERT_PATH} \ | ||
59 | --device-ca-key ${SOTA_CAKEY_PATH} \ | ||
60 | --root-ca \ | ||
61 | --server-url \ | ||
62 | --local ${D}${localstatedir}/sota \ | ||
63 | --config ${D}${libdir}/sota/sota.toml | ||
64 | } | ||
65 | |||
66 | FILES_${PN} = " \ | ||
67 | ${localstatedir}/sota/* \ | ||
68 | ${libdir}/sota/sota.toml \ | ||
69 | ${libdir}/sota/root.crt \ | ||
70 | " | ||
71 | |||
72 | # vim:set ts=4 sw=4 sts=4 expandtab: | ||
diff --git a/recipes-sota/aktualizr/aktualizr_git.bb b/recipes-sota/aktualizr/aktualizr_git.bb index 768ec3d..2a803a8 100644 --- a/recipes-sota/aktualizr/aktualizr_git.bb +++ b/recipes-sota/aktualizr/aktualizr_git.bb | |||
@@ -6,11 +6,10 @@ LICENSE = "MPL-2.0" | |||
6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" | 6 | LIC_FILES_CHKSUM = "file://${S}/LICENSE;md5=9741c346eef56131163e13b9db1241b3" |
7 | 7 | ||
8 | DEPENDS = "boost curl openssl libarchive libsodium asn1c-native " | 8 | DEPENDS = "boost curl openssl libarchive libsodium asn1c-native " |
9 | DEPENDS_append_class-target = "jansson ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " | 9 | DEPENDS_append_class-target = "ostree ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' libp11', '', d)} " |
10 | DEPENDS_append_class-native = "glib-2.0-native " | 10 | DEPENDS_append_class-native = "glib-2.0-native " |
11 | 11 | ||
12 | RDEPENDS_${PN}_class-target = "lshw " | 12 | RDEPENDS_${PN}_class-target = "lshw " |
13 | RDEPENDS_${PN}_append_class-target = "${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', ' engine-pkcs11', '', d)} " | ||
14 | RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " | 13 | RDEPENDS_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', ' slcand-start', '', d)} " |
15 | 14 | ||
16 | PV = "1.0+git${SRCPV}" | 15 | PV = "1.0+git${SRCPV}" |
@@ -19,9 +18,11 @@ PR = "7" | |||
19 | SRC_URI = " \ | 18 | SRC_URI = " \ |
20 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ | 19 | gitsm://github.com/advancedtelematic/aktualizr;branch=${BRANCH} \ |
21 | file://aktualizr.service \ | 20 | file://aktualizr.service \ |
21 | file://aktualizr-secondary.service \ | ||
22 | file://aktualizr-secondary.socket \ | ||
22 | file://aktualizr-serialcan.service \ | 23 | file://aktualizr-serialcan.service \ |
23 | " | 24 | " |
24 | SRCREV = "d861896e7467e3e0cafdd7384ff87c62fe724640" | 25 | SRCREV = "930d8eef6eb584686654601c056d7c9c6fca3048" |
25 | BRANCH ?= "master" | 26 | BRANCH ?= "master" |
26 | 27 | ||
27 | S = "${WORKDIR}/git" | 28 | S = "${WORKDIR}/git" |
@@ -29,56 +30,80 @@ S = "${WORKDIR}/git" | |||
29 | inherit cmake | 30 | inherit cmake |
30 | 31 | ||
31 | inherit systemd | 32 | inherit systemd |
33 | |||
34 | SYSTEMD_PACKAGES = "${PN} ${PN}-secondary" | ||
32 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" | 35 | SYSTEMD_SERVICE_${PN} = "aktualizr.service" |
36 | SYSTEMD_SERVICE_${PN}-secondary = "aktualizr-secondary.socket" | ||
33 | 37 | ||
34 | BBCLASSEXTEND =+ "native" | 38 | BBCLASSEXTEND =+ "native" |
35 | 39 | ||
36 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " | 40 | EXTRA_OECMAKE = "-DWARNING_AS_ERROR=OFF -DCMAKE_BUILD_TYPE=Release -DAKTUALIZR_VERSION=${PV} " |
37 | EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " | 41 | EXTRA_OECMAKE_append_class-target = " -DBUILD_OSTREE=ON -DBUILD_ISOTP=ON ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'hsm', '-DBUILD_P11=ON', '', d)} " |
38 | EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF " | 42 | EXTRA_OECMAKE_append_class-native = " -DBUILD_SOTA_TOOLS=ON -DBUILD_OSTREE=OFF -DBUILD_SYSTEMD=OFF " |
39 | 43 | ||
40 | do_install_append () { | 44 | do_install_append () { |
41 | rm -f ${D}${bindir}/aktualizr_cert_provider | 45 | rm -fr ${D}${libdir}/systemd |
46 | rm -f ${D}${libdir}/sota/sota.toml # Only needed for the Debian package | ||
47 | install -d ${D}${libdir}/sota | ||
48 | install -m 0644 ${S}/config/sota_secondary.toml ${D}/${libdir}/sota/sota_secondary.toml | ||
49 | install -d ${D}${systemd_unitdir}/system | ||
50 | install -m 0644 ${WORKDIR}/aktualizr-secondary.socket ${D}${systemd_unitdir}/system/aktualizr-secondary.socket | ||
51 | install -m 0644 ${WORKDIR}/aktualizr-secondary.service ${D}${systemd_unitdir}/system/aktualizr-secondary.service | ||
42 | } | 52 | } |
43 | do_install_append_class-target () { | ||
44 | rm -f ${D}${bindir}/aktualizr_implicit_writer | ||
45 | rm -f ${D}${libdir}/sota/sota.toml | ||
46 | ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', '', 'rm -f ${D}${bindir}/example-interface', d)} | ||
47 | ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', '', 'rm -f ${D}${bindir}/isotp-test-interface', d)} | ||
48 | 53 | ||
54 | do_install_append_class-target () { | ||
49 | install -d ${D}${systemd_unitdir}/system | 55 | install -d ${D}${systemd_unitdir}/system |
50 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} | 56 | aktualizr_service=${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'serialcan', '${WORKDIR}/aktualizr-serialcan.service', '${WORKDIR}/aktualizr.service', d)} |
51 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service | 57 | install -m 0644 ${aktualizr_service} ${D}${systemd_unitdir}/system/aktualizr.service |
52 | } | 58 | } |
59 | |||
53 | do_install_append_class-native () { | 60 | do_install_append_class-native () { |
54 | rm -f ${D}${bindir}/aktualizr | ||
55 | rm -f ${D}${bindir}/aktualizr-info | ||
56 | rm -f ${D}${bindir}/example-interface | ||
57 | install -d ${D}${libdir}/sota | 61 | install -d ${D}${libdir}/sota |
58 | install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml | 62 | install -m 0644 ${S}/config/sota_autoprov.toml ${D}/${libdir}/sota/sota_autoprov.toml |
63 | install -m 0644 ${S}/config/sota_autoprov_primary.toml ${D}/${libdir}/sota/sota_autoprov_primary.toml | ||
59 | install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml | 64 | install -m 0644 ${S}/config/sota_hsm_prov.toml ${D}/${libdir}/sota/sota_hsm_prov.toml |
60 | install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml | 65 | install -m 0644 ${S}/config/sota_implicit_prov.toml ${D}/${libdir}/sota/sota_implicit_prov.toml |
66 | install -m 0644 ${S}/config/sota_implicit_prov_ca.toml ${D}/${libdir}/sota/sota_implicit_prov_ca.toml | ||
61 | 67 | ||
62 | install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir} | 68 | install -m 0755 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/bin/* ${D}${bindir} |
63 | install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir} | 69 | install -m 0644 ${B}/src/sota_tools/garage-sign-prefix/src/garage-sign/lib/* ${D}${libdir} |
64 | } | 70 | } |
65 | 71 | ||
66 | FILES_${PN}_append = " \ | 72 | PACKAGES =+ " ${PN}-common ${PN}-examples ${PN}-host-tools ${PN}-secondary " |
67 | ${libdir}/sota \ | ||
68 | " | ||
69 | 73 | ||
70 | FILES_${PN}_class-target = " \ | 74 | FILES_${PN} = " \ |
71 | ${bindir}/aktualizr \ | 75 | ${bindir}/aktualizr \ |
72 | ${bindir}/aktualizr-info \ | 76 | ${bindir}/aktualizr-info \ |
77 | ${bindir}/aktualizr-check-discovery \ | ||
73 | ${systemd_unitdir}/system/aktualizr.service \ | 78 | ${systemd_unitdir}/system/aktualizr.service \ |
74 | " | 79 | " |
75 | 80 | ||
76 | FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-example', ' ${bindir}/example-interface', '', d)} " | 81 | FILES_${PN}-common = " \ |
77 | FILES_${PN}_append_class-target = " ${@bb.utils.contains('SOTA_CLIENT_FEATURES', 'secondary-isotp-example', ' ${bindir}/isotp-test-interface', '', d)} " | 82 | ${libdir}/sota/schemas \ |
78 | FILES_${PN}_class-native = " \ | 83 | " |
84 | |||
85 | FILES_${PN}-examples = " \ | ||
86 | ${libdir}/sota/demo_secondary.json \ | ||
87 | ${bindir}/example-interface \ | ||
88 | ${bindir}/isotp-test-interface \ | ||
89 | " | ||
90 | |||
91 | FILES_${PN}-host-tools = " \ | ||
92 | ${bindir}/aktualizr_cert_provider \ | ||
79 | ${bindir}/aktualizr_implicit_writer \ | 93 | ${bindir}/aktualizr_implicit_writer \ |
80 | ${bindir}/garage-deploy \ | 94 | ${bindir}/garage-deploy \ |
81 | ${bindir}/garage-push \ | 95 | ${bindir}/garage-push \ |
82 | " | 96 | " |
83 | 97 | ||
98 | FILES_${PN}-secondary = " \ | ||
99 | ${bindir}/aktualizr-secondary \ | ||
100 | ${libdir}/sota/sota_secondary.toml \ | ||
101 | ${systemd_unitdir}/system/aktualizr-secondary.socket \ | ||
102 | ${systemd_unitdir}/system/aktualizr-secondary.service \ | ||
103 | " | ||
104 | |||
105 | # Both primary and secondary need the SQL Schemas | ||
106 | RDEPENDS_${PN}_class-target =+ "${PN}-common" | ||
107 | RDEPENDS_${PN}-secondary_class-target =+ "${PN}-common" | ||
108 | |||
84 | # vim:set ts=4 sw=4 sts=4 expandtab: | 109 | # vim:set ts=4 sw=4 sts=4 expandtab: |
diff --git a/recipes-sota/aktualizr/environment.inc b/recipes-sota/aktualizr/environment.inc index cba77e7..09da6b7 100644 --- a/recipes-sota/aktualizr/environment.inc +++ b/recipes-sota/aktualizr/environment.inc | |||
@@ -3,7 +3,7 @@ export SOTA_VIRTUAL_SECONDARIES | |||
3 | 3 | ||
4 | do_install_append() { | 4 | do_install_append() { |
5 | if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then | 5 | if [ -n "${SOTA_LEGACY_SECONDARY_INTERFACE}" ]; then |
6 | AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}"; | 6 | AKTUALIZR_PARAMETERS_LEGACYSEC="--legacy-interface ${SOTA_LEGACY_SECONDARY_INTERFACE}" |
7 | fi | 7 | fi |
8 | 8 | ||
9 | AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" | 9 | AKTUALIZR_PARAMETERS_CONFIGFILE="--config /usr/lib/sota/sota.toml" |
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.service b/recipes-sota/aktualizr/files/aktualizr-secondary.service new file mode 100644 index 0000000..a1e0e1b --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.service | |||
@@ -0,0 +1,9 @@ | |||
1 | [Unit] | ||
2 | Description=Aktualizr SOTA Client (UPTANE Secondary) | ||
3 | |||
4 | [Service] | ||
5 | RestartSec=10 | ||
6 | Restart=always | ||
7 | EnvironmentFile=-/etc/sota/sota.env | ||
8 | ExecStart=/usr/bin/aktualizr-secondary --config /usr/lib/sota/sota_secondary.toml | ||
9 | |||
diff --git a/recipes-sota/aktualizr/files/aktualizr-secondary.socket b/recipes-sota/aktualizr/files/aktualizr-secondary.socket new file mode 100644 index 0000000..da0ee44 --- /dev/null +++ b/recipes-sota/aktualizr/files/aktualizr-secondary.socket | |||
@@ -0,0 +1,6 @@ | |||
1 | [Socket] | ||
2 | ListenStream=9030 | ||
3 | ListenDatagram=9031 | ||
4 | |||
5 | [Install] | ||
6 | WantedBy=sockets.target \ No newline at end of file | ||
diff --git a/recipes-sota/aktualizr/files/aktualizr.service b/recipes-sota/aktualizr/files/aktualizr.service index b6df9d7..1c2e1df 100644 --- a/recipes-sota/aktualizr/files/aktualizr.service +++ b/recipes-sota/aktualizr/files/aktualizr.service | |||
@@ -8,6 +8,7 @@ Requires=network-online.target | |||
8 | RestartSec=10 | 8 | RestartSec=10 |
9 | Restart=always | 9 | Restart=always |
10 | EnvironmentFile=/usr/lib/sota/sota.env | 10 | EnvironmentFile=/usr/lib/sota/sota.env |
11 | EnvironmentFile=-/etc/sota/sota.env | ||
11 | ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS | 12 | ExecStart=/usr/bin/aktualizr $AKTUALIZR_CMDLINE_PARAMETERS |
12 | 13 | ||
13 | [Install] | 14 | [Install] |
diff --git a/recipes-sota/aktualizr/files/ca.cnf b/recipes-sota/aktualizr/files/ca.cnf new file mode 100644 index 0000000..352ec38 --- /dev/null +++ b/recipes-sota/aktualizr/files/ca.cnf | |||
@@ -0,0 +1,10 @@ | |||
1 | [req] | ||
2 | req_extensions = cacert | ||
3 | distinguished_name = req_distinguished_name | ||
4 | |||
5 | [req_distinguished_name] | ||
6 | |||
7 | [cacert] | ||
8 | basicConstraints = critical,CA:true | ||
9 | keyUsage = keyCertSign | ||
10 | |||