]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/sh -e | |
2 | # | |
3 | # make-cacerts.sh | |
4 | # | |
5 | # based on: | |
6 | # | |
7 | # update-ca-certificates | |
8 | # | |
9 | # Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp> | |
10 | # Copyright (c) 2009 Philipp Kern <pkern@debian.org> | |
11 | # | |
12 | # This program is free software; you can redistribute it and/or modify | |
13 | # it under the terms of the GNU General Public License as published by | |
14 | # the Free Software Foundation; either version 2 of the License, or | |
15 | # (at your option) any later version. | |
16 | # | |
17 | # This program is distributed in the hope that it will be useful, | |
18 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | # GNU General Public License for more details. | |
21 | # | |
22 | # You should have received a copy of the GNU General Public License | |
23 | # along with this program; if not, write to the Free Software | |
24 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, | |
25 | # USA. | |
26 | # | |
27 | ||
28 | verbose=0 | |
29 | DESTDIR= | |
30 | while [ $# -gt 0 ]; | |
31 | do | |
32 | case $1 in | |
33 | --verbose|-v) | |
34 | verbose=1;; | |
35 | --destdir) | |
36 | DESTDIR=$2; shift;; | |
37 | --help|-h|*) | |
38 | echo "$0: [--verbose]" | |
39 | exit;; | |
40 | esac | |
41 | shift | |
42 | done | |
43 | ||
44 | CERTSCONF=$DESTDIR/etc/ca-certificates.conf | |
45 | CERTSCONFD=$DESTDIR/etc/ca-certificates.d | |
46 | CERTSDIR=$DESTDIR/usr/share/ca-certificates | |
47 | LOCALCERTSDIR=$DESTDIR/etc/certs | |
48 | CERTBUNDLE=$DESTDIR/etc/certs/ca-certificates.crt | |
49 | ETCCERTSDIR=$DESTDIR/etc/openssl/certs | |
50 | ||
51 | KEYSTORE=$PWD/cacerts | |
52 | KEYTOOL=$PWD/tmp-bin/keytool | |
53 | ||
54 | export LC_ALL=C.utf-8 | |
55 | ||
56 | # Adds a certificate to the list of trusted ones. | |
57 | # Adds the certificate to the cacerts file | |
58 | add() { | |
59 | CERT="$1" | |
60 | NAME="$2" | |
61 | ALIAS="$(echo "$NAME" | sed -e 's/.\(crt|pem\)$//' -e 's/ /_/g' \ | |
62 | -e 's/[()]/=/g' -e 's/,/_/g')" | |
63 | ||
64 | if [ "$verbose" = 1 ] ; then | |
65 | echo " adding '$CERT' as '$ALIAS'" | |
66 | fi | |
67 | if ! $KEYTOOL -noprompt -import -alias "$ALIAS" \ | |
68 | -keystore $KEYSTORE -storepass 'changeit' \ | |
69 | -file "$CERT" ; then | |
70 | echo "W: $NAME certification could not be added" | |
71 | fi | |
72 | } | |
73 | ||
74 | cd $ETCCERTSDIR | |
75 | ||
76 | for conf in $CERTSCONF $CERTSCONFD/*.conf; do | |
77 | # skip inexistent files (matched by glob) | |
78 | [ -f $conf ] || continue | |
79 | ||
80 | sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read crt | |
81 | do | |
82 | if test -f "$CERTSDIR/$crt" | |
83 | then | |
84 | add "$CERTSDIR/$crt" "$crt" | |
85 | elif test -f "$LOCALCERTSDIR/$crt" | |
86 | then | |
87 | add "$LOCALCERTSDIR/$crt" "$crt" | |
88 | else | |
89 | echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $conf." >&2 | |
90 | continue | |
91 | fi | |
92 | done | |
93 | done | |
94 | ||
95 | echo "done." | |
96 | ||
97 | # vim:set et sw=2: | |
98 |