From owner-svn-src-all@FreeBSD.ORG  Thu Feb 26 14:22:28 2015
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id BB90D2C6;
 Thu, 26 Feb 2015 14:22:28 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id A6294CCC;
 Thu, 26 Feb 2015 14:22:28 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t1QEMSrQ022205;
 Thu, 26 Feb 2015 14:22:28 GMT (envelope-from trasz@FreeBSD.org)
Received: (from trasz@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t1QEMSkV022204;
 Thu, 26 Feb 2015 14:22:28 GMT (envelope-from trasz@FreeBSD.org)
Message-Id: <201502261422.t1QEMSkV022204@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: trasz set sender to
 trasz@FreeBSD.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Thu, 26 Feb 2015 14:22:28 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r279321 - head/share/examples/uefisign
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2015 14:22:28 -0000

Author: trasz
Date: Thu Feb 26 14:22:27 2015
New Revision: 279321
URL: https://svnweb.freebsd.org/changeset/base/279321

Log:
  Make the uefikeys script output slightly more obvious.
  
  MFC after:	1 month
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/share/examples/uefisign/uefikeys

Modified: head/share/examples/uefisign/uefikeys
==============================================================================
--- head/share/examples/uefisign/uefikeys	Thu Feb 26 12:51:05 2015	(r279320)
+++ head/share/examples/uefisign/uefikeys	Thu Feb 26 14:22:27 2015	(r279321)
@@ -18,7 +18,6 @@ fi
 certfile="${1}.pem"
 efifile="${1}.cer"
 keyfile="${1}.key"
-p12file="${1}.p12"
 # XXX: Set this to ten years; we don't want system to suddenly stop booting
 #      due to certificate expiration.  Better way would be to use Authenticode
 #      Timestamp.  That said, the rumor is UEFI implementations ignore it anyway.
@@ -28,13 +27,11 @@ subj="/CN=${1}"
 [ ! -e "${certfile}" ] || die "${certfile} already exists"
 [ ! -e "${efifile}" ] || die "${efifile} already exists"
 [ ! -e "${keyfile}" ] || die "${keyfile} already exists"
-[ ! -e "${p12file}" ] || die "${p12file} already exists"
 
 umask 077 || die "umask 077 failed"
 
 openssl genrsa -out "${keyfile}" 2048 2> /dev/null || die "openssl genrsa failed"
 openssl req -new -x509 -sha256 -days "${days}" -subj "${subj}" -key "${keyfile}" -out "${certfile}" || die "openssl req failed"
 openssl x509 -inform PEM -outform DER -in "${certfile}" -out "${efifile}" || die "openssl x509 failed"
-openssl pkcs12 -export -out "${p12file}" -inkey "${keyfile}" -in "${certfile}" -password 'pass:' || die "openssl pkcs12 failed"
 
-echo "certificate: ${certfile}; private key: ${keyfile}; UEFI public key: ${efifile}; private key with empty password for pesign: ${p12file}"
+echo "certificate: ${certfile}; private key: ${keyfile}; certificate to enroll in UEFI: ${efifile}"