pki: Install pki(1) as utility directly in $prefix/bin

ipsec pki is maintained as alias.

configure.ac

@@ -1493,17 +1493,17 @@ AC_CONFIG_FILES([
 	man/ipsec.secrets.5
 	man/strongswan.conf.5
 	src/charon-cmd/charon-cmd.8
-	src/pki/man/ipsec-pki.8
-	src/pki/man/pki---gen.8
-	src/pki/man/pki---issue.8
-	src/pki/man/pki---keyid.8
-	src/pki/man/pki---pkcs7.8
-	src/pki/man/pki---print.8
-	src/pki/man/pki---pub.8
-	src/pki/man/pki---req.8
-	src/pki/man/pki---self.8
-	src/pki/man/pki---signcrl.8
-	src/pki/man/pki---verify.8
+	src/pki/man/pki.1
+	src/pki/man/pki---gen.1
+	src/pki/man/pki---issue.1
+	src/pki/man/pki---keyid.1
+	src/pki/man/pki---pkcs7.1
+	src/pki/man/pki---print.1
+	src/pki/man/pki---pub.1
+	src/pki/man/pki---req.1
+	src/pki/man/pki---self.1
+	src/pki/man/pki---signcrl.1
+	src/pki/man/pki---verify.1
 ])
 
 AC_OUTPUT

src/ipsec/Android.mk

@@ -19,6 +19,7 @@ $(GEN) : PRIVATE_CUSTOM_TOOL = sed \
 	-e "s:@IPSEC_DISTRO@::" \
 	-e "s:@IPSEC_DIR@:$(strongswan_DIR):" \
 	-e "s:@IPSEC_SCRIPT@:ipsec:" \
+	-e "s:@IPSEC_BINDIR@:$(strongswan_DIR):" \
 	-e "s:@IPSEC_SBINDIR@:$(strongswan_SBINDIR):" \
 	-e "s:@IPSEC_CONFDIR@:$(strongswan_CONFDIR):" \
 	-e "s:@IPSEC_PIDDIR@:$(strongswan_PIDDIR):" \

src/ipsec/Makefile.am

@@ -20,6 +20,7 @@ _ipsec : _ipsec.in
 	-e "s:@IPSEC_DISTRO@::" \
 	-e "s:@IPSEC_DIR@:$(ipsecdir):" \
 	-e "s:@IPSEC_SCRIPT@:$(ipsec_script):" \
+	-e "s:@IPSEC_BINDIR@:$(bindir):" \
 	-e "s:@IPSEC_SBINDIR@:$(sbindir):" \
 	-e "s:@IPSEC_CONFDIR@:$(sysconfdir):" \
 	-e "s:@IPSEC_PIDDIR@:$(piddir):" \

src/ipsec/_ipsec.in

@@ -15,7 +15,7 @@
 # for more details.
 
 # define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
 export PATH
 
 # set daemon name
@@ -28,6 +28,7 @@ IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
 
 # where the private directory and the config files are
 IPSEC_DIR="@IPSEC_DIR@"
+IPSEC_BINDIR="@IPSEC_BINDIR@"
 IPSEC_SBINDIR="@IPSEC_SBINDIR@"
 IPSEC_CONFDIR="@IPSEC_CONFDIR@"
 IPSEC_PIDDIR="@IPSEC_PIDDIR@"
@@ -39,7 +40,7 @@ IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid"
 IPSEC_STROKE="${IPSEC_DIR}/stroke"
 IPSEC_STARTER="${IPSEC_DIR}/starter"
 
-export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
+export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
 
 IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
 
@@ -313,6 +314,10 @@ update)
 		exit 7
 	fi
 	;;
+pki)
+	shift
+	exec $IPSEC_BINDIR/pki "$@"
+	;;
 version|--version)
 	printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
 	printf "$IPSEC_DISTRO\n"

src/pki/Makefile.am

@@ -1,6 +1,6 @@
 SUBDIRS = man
 
-ipsec_PROGRAMS = pki
+bin_PROGRAMS = pki
 
 pki_SOURCES = pki.c pki.h command.c command.h \
 	commands/gen.c \

src/pki/man/Makefile.am

@@ -1,14 +1,14 @@
-man8_MANS = \
-	ipsec-pki.8 \
-	pki---gen.8 \
-	pki---self.8 \
-	pki---issue.8 \
-	pki---signcrl.8 \
-	pki---req.8 \
-	pki---pkcs7.8 \
-	pki---keyid.8 \
-	pki---print.8 \
-	pki---pub.8 \
-	pki---verify.8
+man1_MANS = \
+	pki.1 \
+	pki---gen.1 \
+	pki---self.1 \
+	pki---issue.1 \
+	pki---signcrl.1 \
+	pki---req.1 \
+	pki---pkcs7.1 \
+	pki---keyid.1 \
+	pki---print.1 \
+	pki---pub.1 \
+	pki---verify.1
 
-CLEANFILES = $(man8_MANS)
+CLEANFILES = $(man1_MANS)

src/pki/man/pki---gen.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-GEN" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -29,7 +29,7 @@ pki \-\-gen \- Generate a new RSA or ECDSA private key
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 is used to generate a new RSA or ECDSA private key.
 .
 .SH "OPTIONS"
@@ -100,13 +100,13 @@ of lower quality.
 .SH "EXAMPLES"
 .
 .TP
-.B ipsec pki \-\-gen \-\-size 3072 > rsa_key.der
+.B pki \-\-gen \-\-size 3072 > rsa_key.der
 Generates a 3072-bit RSA private key.
 .
 .TP
-.B ipsec pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
+.B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
 Generates a 256-bit ECDSA private key.
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---issue.1.in

@@ -45,7 +45,7 @@ pki \-\-issue \- Issue a certificate using a CA certificate and key
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 is used to issue a certificate using a CA certificate and private key.
 .
 .SH "OPTIONS"
@@ -170,10 +170,10 @@ Then the following command can be used to issue a certificate based on a
 given PKCS#10 certificate request and the options above:
 .PP
 .EX
-  ipsec pki --issue --options pki.opt --in req.der > cert.der
+  pki --issue --options pki.opt --in req.der > cert.der
 .EE
 .PP
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---keyid.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-KEYID" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-KEYID" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -25,7 +25,7 @@ pki \-\-keyid \- Calculate key identifiers of a key or certificate
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 calculates key identifiers of private keys and certificates.
 .
 .SH "OPTIONS"
@@ -53,7 +53,7 @@ request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR.
 Calculate key identifiers of an RSA private key:
 .PP
 .EX
-  ipsec pki --keyid --in key.der
+  pki --keyid --in key.der
   subjectKeyIdentifier:      6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
   subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
 .EE
@@ -61,7 +61,7 @@ Calculate key identifiers of an RSA private key:
 Calculate key identifiers of an X.509 certificate:
 .PP
 .EX
-  ipsec pki --keyid --in cert.der --type x509
+  pki --keyid --in cert.der --type x509
   subjectKeyIdentifier:      6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
   subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
 .EE
@@ -69,4 +69,4 @@ Calculate key identifiers of an X.509 certificate:
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---pkcs7.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-PKCS7" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PKCS7" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -27,7 +27,7 @@ pki \-\-pkcs7 \- Provides PKCS#7 wrap/unwrap functions
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 provides functions to wrap/unwrap PKCS#7 containers.
 .
 .SH "OPTIONS"
@@ -76,4 +76,4 @@ Can be used multiple times.
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---print.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-PRINT" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -25,7 +25,7 @@ pki \-\-print \- Print a credential (key, certificate etc.) in human readable fo
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 prints credentials (keys, certificates etc.) in human readable form.
 .
 .SH "OPTIONS"
@@ -50,4 +50,4 @@ private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---pub.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-PUB" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PUB" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -28,7 +28,7 @@ pki \-\-pub \- Extract a public key from a private key or certificate
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 extracts public keys from a private keys and certificates.
 .
 .SH "OPTIONS"
@@ -60,16 +60,16 @@ Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR
 Extract the public key from an RSA private key:
 .PP
 .EX
-  ipsec pki --pub --in key.der > pub.der
+  pki --pub --in key.der > pub.der
 .EE
 .PP
 Extract the public key from an X.509 certificate:
 .PP
 .EX
-  ipsec pki --pub --in cert.der --type x509 > pub.der
+  pki --pub --in cert.der --type x509 > pub.der
 .EE
 .PP
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---req.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-REQ" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-REQ" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -30,7 +30,7 @@ pki \-\-req \- Create a PKCS#10 certificate request
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 is used to create a PKCS#10 certificate request.
 .
 .SH "OPTIONS"
@@ -74,18 +74,18 @@ Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
 Generate a certificate request for an RSA key, with a subjectAltName extension:
 .PP
 .EX
-  ipsec pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
-            \-\-san moon@strongswan.org > req.der
+  pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+       \-\-san moon@strongswan.org > req.der
 .EE
 .PP
 Generate a certificate request for an ECDSA key and a different digest:
 .PP
 .EX
-  ipsec pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
-            \-\-dn "C=CH, O=strongSwan, CN=carol"  > req.der
+  pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
+      \-\-dn "C=CH, O=strongSwan, CN=carol"  > req.der
 .EE
 .PP
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---self.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-SELF" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -44,7 +44,7 @@ pki \-\-self \- Create a self-signed certificate
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 is used to create a self-signed certificate.
 .
 .SH "OPTIONS"
@@ -139,10 +139,10 @@ User notice for certificatePolicy.
 Generate a self-signed certificate using the given RSA key:
 .PP
 .EX
-  ipsec pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
-            \-\-san moon.strongswan.org > cert.der
+  pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+      \-\-san moon.strongswan.org > cert.der
 .EE
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---signcrl.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-SIGNCRL" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-SIGNCRL" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -32,7 +32,7 @@ pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certific
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 is used to issue a Certificate Revocation List (CRL) using a CA certificate and
 private key.
 .
@@ -107,18 +107,18 @@ Hexadecimal encoded serial number of the certificate to revoke.
 Revoke a certificate:
 .PP
 .EX
-  ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
-            \-\-reason superseded \-\-cert cert.der > crl.der
+  pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+      \-\-reason superseded \-\-cert cert.der > crl.der
 .EE
 .PP
 Update an existing CRL with two new revocations, using the certificate's serial
 number, but no reason:
 .PP
 .EX
-  ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
-            \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
+  pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+      \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
 .EE
 .PP
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki---verify.1.in

@@ -1,4 +1,4 @@
-.TH "PKI \-\-VERIFY" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
@@ -25,7 +25,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate
 .SH "DESCRIPTION"
 .
 This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
 verifies a certificate using an optional CA certificate.
 .
 .SH "OPTIONS"
@@ -53,4 +53,4 @@ the verification failed.
 .
 .SH "SEE ALSO"
 .
-.BR ipsec\-pki (8)
+.BR pki (1)

src/pki/man/pki.1.in

@@ -1,17 +1,17 @@
-.TH IPSEC\-PKI 8 "2013-07-30" "@PACKAGE_VERSION@" "strongSwan"
+.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
 .
 .SH "NAME"
 .
-ipsec pki \- Simple public key infrastructure (PKI) management tool
+pki \- Simple public key infrastructure (PKI) management tool
 .
 .SH "SYNOPSIS"
 .
-.SY "ipsec pki"
+.SY "pki"
 .I command
 .RI [ option\~ .\|.\|.]
 .YS
 .
-.SY "ipsec pki"
+.SY "pki"
 .B \-h
 |
 .B \-\-help
@@ -19,7 +19,7 @@ ipsec pki \- Simple public key infrastructure (PKI) management tool
 .
 .SH "DESCRIPTION"
 .
-.B ipsec pki
+.B pki
 is a suite of commands that allow you to manage a simple public key
 infrastructure (PKI).
 .P
@@ -76,7 +76,7 @@ The first step is to generate a private key using the
 command. By default this generates a 2048-bit RSA key.
 .PP
 .EX
-  ipsec pki \-\-gen > ca_key.der
+  pki \-\-gen > ca_key.der
 .EE
 .PP
 This key is used to create the self-signed CA certificate, using the
@@ -84,8 +84,8 @@ This key is used to create the self-signed CA certificate, using the
 command. The distinguished name should be adjusted to your needs.
 .PP
 .EX
-  ipsec pki \-\-self \-\-ca \-\-in ca_key.der \\
-            \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der
+  pki \-\-self \-\-ca \-\-in ca_key.der \\
+      \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der
 .EE
 .PP
 .
@@ -97,14 +97,14 @@ which in turn can issue other certificates.
 To generate a certificate for a server, we start by generating a private key.
 .PP
 .EX
-  ipsec pki \-\-gen > server_key.der
+  pki \-\-gen > server_key.der
 .EE
 .PP
 The public key will be included in the certificate so lets extract that from the
 private key.
 .PP
 .EX
-  ipsec pki \-\-pub \-\-in server_key.der > server_pub.der
+  pki \-\-pub \-\-in server_key.der > server_pub.der
 .EE
 .PP
 The following command will use the CA certificate and private key to issue the
@@ -114,9 +114,9 @@ and flags as needed (check
 for more options).
 .PP
 .EX
-  ipsec pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\
-            \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\
-            \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der
+  pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\
+      \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\
+      \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der
 .EE
 .PP
 Instead of storing the public key in a separate
@@ -132,8 +132,8 @@ the
 command.
 .PP
 .EX
-  ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
-            \-\-reason superseded \-\-cert server_cert.der > crl.der
+  pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+      \-\-reason superseded \-\-cert server_cert.der > crl.der
 .EE
 .PP
 The certificate given with \-\-cacert must be either a CA certificate or a
@@ -144,14 +144,13 @@ certificates with the \-\-crl option.
 .
 .SH "SEE ALSO"
 .
-.BR ipsec (8),
-.BR pki\ \-\-gen (8),
-.BR pki\ \-\-self (8),
-.BR pki\ \-\-issue (8),
-.BR pki\ \-\-signcrl (8),
-.BR pki\ \-\-req (8),
-.BR pki\ \-\-pkcs7 (8),
-.BR pki\ \-\-keyid (8),
-.BR pki\ \-\-print (8),
-.BR pki\ \-\-pub (8),
-.BR pki\ \-\-verify (8)
+.BR pki\ \-\-gen (1),
+.BR pki\ \-\-self (1),
+.BR pki\ \-\-issue (1),
+.BR pki\ \-\-signcrl (1),
+.BR pki\ \-\-req (1),
+.BR pki\ \-\-pkcs7 (1),
+.BR pki\ \-\-keyid (1),
+.BR pki\ \-\-print (1),
+.BR pki\ \-\-pub (1),
+.BR pki\ \-\-verify (1)