summaryrefslogtreecommitdiff
path: root/package/ca-certificates/extra
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2009-08-22 22:45:52 +0200
committerPhil Sutter <phil@nwl.cc>2009-08-22 22:51:38 +0200
commitba0c06d2bb46e087f1782eb76573e0bef735c062 (patch)
tree5a1457c71ffba8be861365cc45ad4c02443ba6ca /package/ca-certificates/extra
parentc823698fc91f462eae028ba7e0dfcb9cc0f3e98c (diff)
new package ca-certificates
"Oh boy, here it comes ..."
Diffstat (limited to 'package/ca-certificates/extra')
-rw-r--r--package/ca-certificates/extra/update-ca-certificates80
1 files changed, 80 insertions, 0 deletions
diff --git a/package/ca-certificates/extra/update-ca-certificates b/package/ca-certificates/extra/update-ca-certificates
new file mode 100644
index 000000000..c86f7676f
--- /dev/null
+++ b/package/ca-certificates/extra/update-ca-certificates
@@ -0,0 +1,80 @@
+#!/bin/sh
+#
+# update-ca-certificates script for embedded systems.
+#
+# Copyright (C) 2009 Phil Sutter <phil@nwl.cc>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+CRTCONF=/etc/ca-certificates.conf
+CRTDIR=/usr/share/ca-certificates
+LNKDIR=/etc/ssl/certs
+OPENSSL="openssl"
+
+cert_type() { # (certfile)
+ grep -qE '^-----BEGIN (X509 |TRUSTED |)CERTIFICATE-----' $1 && {
+ echo "cert"
+ return 0
+ }
+ grep -qE '^-----BEGIN X509 CRL-----' $1 && {
+ echo "crl"
+ return 0
+ }
+ echo "unknown"
+ return 1
+}
+
+${OPENSSL} version >/dev/null 2>&1 || {
+ echo "Fatal: no openssl executable found, bailing out"
+ exit 1
+}
+
+for l in $(ls ${DESTDIR}${LNKDIR}/* 2>/dev/null); do
+ [ -L "$l" ] && rm -f "$l"
+done
+
+cat ${DESTDIR}$CRTCONF | while read crt; do
+ [ -n "$crt" ] || continue
+ [[ "$crt" = -* ]] && continue
+
+ cname="$(basename $crt)"
+
+ ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/$cname
+
+ ctype="$(cert_type ${DESTDIR}${CRTDIR}/$crt)"
+ case $ctype in
+ cert)
+ sslcmd="x509"
+ pfx=""
+ ;;
+ crl)
+ sslcmd="crl"
+ pfx="r"
+ ;;
+ *)
+ echo "Warning: ignoring unknown filetype ${DESTDIR}${CRTDIR}/$crt"
+ continue
+ ;;
+ esac
+
+ hsh="$(${OPENSSL} $sslcmd -hash -noout -in ${DESTDIR}${CRTDIR}/$crt)"
+ idx=0
+ while [ -e ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx} ]; do
+ let "idx++"
+ done
+ ln -s ${CRTDIR}/$crt ${DESTDIR}${LNKDIR}/${hsh}.${pfx}${idx}
+done
+
+exit 0