allow using own private key w/o danger of committing, use test-key by default

diff --git a/.gitignore b/.gitignore
index adb230d..317d9fd 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ regulatory.bin
 dump
 *.pyc
 keys-*.c
+key.priv.pem

diff --git a/Makefile b/Makefile
index b5437fb..e961425 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,8 @@ CFLAGS += -Wall -g3
 CFLAGS += -DVERIFY_SIGNATURE -DUSE_GCRYPT
 LDFLAGS += -lgcrypt
 
-all:   regulatory.bin verify
+all:   regulatory.bin warn
+       @$(MAKE) --no-print-directory -f Makefile verify
 
 regulatory.bin:        db2bin.py key.priv.pem db.txt dbparse.py
        @./db2bin.py
@@ -12,13 +13,24 @@ regulatory.bin:     db2bin.py key.priv.pem db.txt dbparse.py
 clean:
        @rm -f regulatory.bin dump *~ *.pyc keys-*.c
 
+warn:
+       @if test !  -f key.priv.pem || diff -qNs test-key key.priv.pem >/dev/null ; then \
+       echo '**************************************';\
+       echo '**  WARNING!                        **';\
+       echo '**  No key found, using TEST key!   **';\
+       echo '**************************************';\
+       fi
+
+key.priv.pem:
+       cp test-key key.priv.pem
+
 generate_key:
        openssl genrsa -out key.priv.pem 2048
 
 dump:  dump.c regdb.h keys-ssl.c keys-gcrypt.c
        $(CC) $(CFLAGS) $(LDFLAGS) dump.c -o dump
 
-keys-ssl.c: key2pub.py *.pem
+keys-ssl.c: key2pub.py $(wildcard *.pem)
        @./key2pub.py --ssl *.pem > keys-ssl.c
 
 keys-gcrypt.c: key2pub.py *.pem

diff --git a/key.priv.pem b/test-key
similarity index 94%
rename from key.priv.pem
rename to test-key
index eaba350..5c8b93e 100644 (file)
--- a/key.priv.pem
+++ b/test-key
@@ -1,3 +1,6 @@
+This file is not named *.pem on purpose so it will not be added
+to the default verification key list.
+
 -----BEGIN RSA PRIVATE KEY-----
 MIIEpAIBAAKCAQEAuLoAeB1DUceJZdqWZ5OZGLWfuM9OoXy+etdpr0mgu689owre
 xi+TF7Y2K2UfXyyq8hoZEoIsQluokEtjXJGMvv/4G1El6pZV4N9ZsBBKiE+aH+gC