WIP: working to get docs and features in congruent

docs/pki_agile

@@ -4,15 +4,15 @@
 [[ WORKING ]]
 
 * PKI Bootstrap:  cp lifecycle functions
-
+* PKI Lifecycle
 
 
 
 [[ BACKLOG ]]
 
 [ current ]
+* zip distribution folder (ca_i_4321.skunkworks.acme.xyz.zip)
 * add CA password
-* auto-increment SERIAL
 * create certificate installation guide
   -copy file to sd, select .p12 file, password="password"
 * can I install certificates from an android application??
@@ -21,25 +21,40 @@
 * add tool for .p12 file extractor for MH provisioning
 
 
-[ ver 1.4 ]
+[ ver 3.5  :  xdev bootstrap chain-of-trust ]
-* create new "certificate bootstrap" with .cfg parameters for CA ".mil" strings
-* create new CA generation script that also reads .cfg
-* create new CA-I generation script that uses a CA
-  -also packages .p12 for distrobution  (use random high quality password)
-
-
-[ bootstrap cert chain-of-trust ]
 * select bootstrap generation cpu (beaglebone, raspi)
 * change strings from "acme.xyz" to ".mil"
 * generate bootstrap
   -sneakernet two CA-I
+* integrate into the build
+  -modify CI global variables (for each build)
+  -certs are generated BEFORE pulled into image (not part of build process)
+  -modify cert gen on NAS (looks for files in mount dir)
 
 
-[ ver 1.5 ]
+[ ver 3.6 ]
 
 
 
 
+[[ COMPLETED ]]
+
+[ ver 3.3 ]
+* configuration defaults generated so that the CA-I package is all automated
+* gen_client.sh modified run with config defaults
+* gen_server.sh modified to run with config defaults
+* auto-increment SERIAL
+* CA FQDN saved to config file
+* CA-I FQDN saved to config file
+
+
+[ ver 3.2 ]
+* create new CA-I generation script that uses a CA
+  -also packages .p12 for distrobution  (use random high quality password)
+* added resources directory
+* added files to be copied during CA-I package creation
+
+
 
 [[ STORIES ]]
 
@@ -54,7 +69,6 @@ PKI Lifecycle Package
 
 
 
-[[ COMPLETED ]]
 
 
 

src/pki_bootstrap/pki_bootstrap.sh

@@ -29,10 +29,13 @@ usage() {
 # Grab the latest serial # from the file, auto-increment
 # 
 get_serial_ca() {
-  SERIAL=`head "res/cfg/SERIAL"`
+  SERIAL=`head res/cfg/SERIAL`
   if [[ -z $SERIAL ]]; then
     SERIAL=11111
     echo_block "WARN: no file 'SERIAL' found, using default 11111 as the serial # for CA"
+  else
+    PLUS1=$((SERIAL+1))
+    echo $PLUS1 > res/cfg/SERIAL
   fi
 }
 

src/pki_bootstrap/res/cfg/SERIAL

@@ -1 +1 @@
-101
+102

src/pki_bootstrap/res/libs/pki_funcs.sh

@@ -182,7 +182,7 @@ ca-i_create_shell() {
 
   DEST_DIR="${CDD}/distribution/ca_i_${UNIQ_ID}"
 
-  echo $UNIQ_ID > UNIQ_ID_CA-I
+  echo $UNIQ_ID > cfg/UNIQ_ID_CA-I
 
   # client
   mkdir -p $DEST_DIR/clients/cfg
@@ -196,7 +196,7 @@ ca-i_create_shell() {
   cp ca_i*.keys.pem     $DEST_DIR/clients/cfg/ca-i.keys.pem
   cp ca_cert-chain*.pem $DEST_DIR/clients/cfg/ca_cert-chain.crts.pem
   cp cfg/UNIQ_ID_CA-I   $DEST_DIR/clients/cfg/
-  cp UNIQ_ID            $DEST_DIR/clients/cfg/
+  cp cfg/UNIQ_ID_CA     $DEST_DIR/clients/cfg/
 
   # server
   mkdir -p $DEST_DIR/servers/cfg
@@ -210,7 +210,7 @@ ca-i_create_shell() {
   cp ca_i*.keys.pem     $DEST_DIR/servers/cfg/ca-i.keys.pem
   cp ca_cert-chain*.pem $DEST_DIR/servers/cfg/ca_cert-chain.crts.pem
   cp cfg/UNIQ_ID_CA-I   $DEST_DIR/servers/cfg/
-  cp UNIQ_ID            $DEST_DIR/servers/cfg/
+  cp cfg/UNIQ_ID_CA     $DEST_DIR/servers/cfg/
 
   # CA-I
   mkdir -p $DEST_DIR/ca-i/data
@@ -269,7 +269,7 @@ ca-i_gen_cert() {
 
 get_uniq_ids() {
   UNIQ_ID_CA=`head cfg/UNIQ_ID_CA`
-  UNIQ_ID_CA-I=`head cfg/UNIQ_ID_CA-I`
+  UNIQ_ID_CAI=`head cfg/UNIQ_ID_CA-I`
   # if [[ -z $ORG_URL ]]; then
   #   echo_block "WARN: no file 'UNIQ_ID' found, using default 11111 as the serial # for CA"
   #   exit 1