Accueil Explorer Aide
Connexion
oss
/
openadk
4
1
Fork 3
Fichiers Tickets 1 Pull Requests 0 Wiki
Aborescence: 713b492e72
Branches Tags
openadk
/
package
/
ca-certificates
/
extra
/
update-ca-certificates

update-ca-certificates 2.0 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # update-ca-certificates script for embedded systems.
    4. 

  4. #
    5. 

  5. # Copyright (C) 2009  Phil Sutter <phil@nwl.cc>
    6. 

  6. #
    7. 

  7. #  This program is free software; you can redistribute it and/or modify
    8. 

  8. #  it under the terms of the GNU General Public License as published by
    9. 

  9. #  the Free Software Foundation; either version 2 of the License, or
    10. 

  10. #  (at your option) any later version.
    11. 

  11. #
    12. 

  12. #  This program is distributed in the hope that it will be useful,
    13. 

  13. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15. #  GNU General Public License for more details.
    16. 

  16. #
    17. 

  17. #  You should have received a copy of the GNU General Public License
    18. 

  18. #  along with this program; if not, write to the Free Software
    19. 

  19. #  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
    20. 

  20. 

  21. CRTCONF=/etc/ca-certificates.conf
    22. 

  22. CRTDIR=/usr/share/ca-certificates
    23. 

  23. LNKDIR=/etc/ssl/certs
    24. 

  24. OPENSSL="openssl"
    25. 

  25. 

  26. cert_type() { # (certfile)
    27. 

  27. 	grep -qE '^-----BEGIN (X509 |TRUSTED |)CERTIFICATE-----' $1 && {
    28. 

  28. 		echo "cert"
    29. 

  29. 		return 0
    30. 

  30. 	}
    31. 

  31. 	grep -qE '^-----BEGIN X509 CRL-----' $1 && {
    32. 

  32. 		echo "crl"
    33. 

  33. 		return 0
    34. 

  34. 	}
    35. 

  35. 	echo "unknown"
    36. 

  36. 	return 1
    37. 

  37. }
    38. 

  38. 

  39. ${OPENSSL} version >/dev/null 2>&1 || {
    40. 

  40. 	echo "Fatal: no openssl executable found, bailing out"
    41. 

  41. 	exit 1
    42. 

  42. }
    43. 

  43. 

  44. for l in $(ls ${DESTDIR}${LNKDIR}/* 2>/dev/null); do
    45. 

  45. 	[ -L "$l" ] && rm -f "$l"
    46. 

  46. done
    47. 

  47. 

  48. cat ${DESTDIR}$CRTCONF | while read crt; do
    49. 

  49. 	[ -n "$crt" ] || continue
    50. 

  50. 	[[ "$crt" = -* ]] && continue
    51. 

  51. 

  52. 	cname="$(basename $crt)"
    53. 

  53. 

  54. 	ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/$cname
    55. 

  55. 

  56. 	ctype="$(cert_type ${DESTDIR}${CRTDIR}/$crt)"
    57. 

  57. 	case $ctype in
    58. 

  58. 		cert)
    59. 

  59. 			sslcmd="x509"
    60. 

  60. 			pfx=""
    61. 

  61. 		;;
    62. 

  62. 		crl)
    63. 

  63. 			sslcmd="crl"
    64. 

  64. 			pfx="r"
    65. 

  65. 		;;
    66. 

  66. 		*)
    67. 

  67. 			echo "Warning: ignoring unknown filetype ${DESTDIR}${CRTDIR}/$crt"
    68. 

  68. 			continue
    69. 

  69. 		;;
    70. 

  70. 	esac
    71. 

  71. 

  72. 	hsh="$(${OPENSSL} $sslcmd -hash -noout -in ${DESTDIR}${CRTDIR}/$crt)"
    73. 

  73. 	idx=0
    74. 

  74. 	while [ -e ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx} ]; do
    75. 

  75. 		let "idx++"
    76. 

  76. 	done
    77. 

  77. 	ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx}
    78. 

  78. done
    79. 

  79. 

  80. cat /etc/ssl/certs/*.0 > /etc/ssl/cert.pem
    81. 

  81. 

  82. exit 0
    83.