diff options
| author | Phil Sutter <phil@nwl.cc> | 2009-08-22 22:45:52 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2009-08-22 22:51:38 +0200 |
| commit | ba0c06d2bb46e087f1782eb76573e0bef735c062 (patch) | |
| tree | 5a1457c71ffba8be861365cc45ad4c02443ba6ca /package/ca-certificates/extra | |
| parent | c823698fc91f462eae028ba7e0dfcb9cc0f3e98c (diff) | |
new package ca-certificates
"Oh boy, here it comes ..."
Diffstat (limited to 'package/ca-certificates/extra')
| -rw-r--r-- | package/ca-certificates/extra/update-ca-certificates | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/package/ca-certificates/extra/update-ca-certificates b/package/ca-certificates/extra/update-ca-certificates new file mode 100644 index 000000000..c86f7676f --- /dev/null +++ b/package/ca-certificates/extra/update-ca-certificates @@ -0,0 +1,80 @@ +#!/bin/sh +# +# update-ca-certificates script for embedded systems. +# +# Copyright (C) 2009 Phil Sutter <phil@nwl.cc> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +CRTCONF=/etc/ca-certificates.conf +CRTDIR=/usr/share/ca-certificates +LNKDIR=/etc/ssl/certs +OPENSSL="openssl" + +cert_type() { # (certfile) + grep -qE '^-----BEGIN (X509 |TRUSTED |)CERTIFICATE-----' $1 && { + echo "cert" + return 0 + } + grep -qE '^-----BEGIN X509 CRL-----' $1 && { + echo "crl" + return 0 + } + echo "unknown" + return 1 +} + +${OPENSSL} version >/dev/null 2>&1 || { + echo "Fatal: no openssl executable found, bailing out" + exit 1 +} + +for l in $(ls ${DESTDIR}${LNKDIR}/* 2>/dev/null); do + [ -L "$l" ] && rm -f "$l" +done + +cat ${DESTDIR}$CRTCONF | while read crt; do + [ -n "$crt" ] || continue + [[ "$crt" = -* ]] && continue + + cname="$(basename $crt)" + + ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/$cname + + ctype="$(cert_type ${DESTDIR}${CRTDIR}/$crt)" + case $ctype in + cert) + sslcmd="x509" + pfx="" + ;; + crl) + sslcmd="crl" + pfx="r" + ;; + *) + echo "Warning: ignoring unknown filetype ${DESTDIR}${CRTDIR}/$crt" + continue + ;; + esac + + hsh="$(${OPENSSL} $sslcmd -hash -noout -in ${DESTDIR}${CRTDIR}/$crt)" + idx=0 + while [ -e ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx} ]; do + let "idx++" + done + ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx} +done + +exit 0 |