wok annotate cacerts/stuff/make-ca.sh @ rev 16193

Add libxkbcommon and up libxcb with xkb support
author Christophe Lincoln <pankso@slitaz.org>
date Sun Mar 30 21:43:58 2014 +0200 (2014-03-30)
parents
children f29d4912ea56
rev   line source
al@14468 1 #!/bin/sh
al@14468 2 # Begin make-ca.sh
al@14468 3 # Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs
al@14468 4 #
al@14468 5 # The file certdata.txt must exist in the local directory
al@14468 6 # Version number is obtained from the version of the data.
al@14468 7 #
al@14468 8 # Authors: DJ Lucas
al@14468 9 # Bruce Dubbs
al@14468 10 #
al@14468 11 # Version 20120211
al@14468 12
al@14468 13 certdata="certdata.txt"
al@14468 14
al@14468 15 if [ ! -r $certdata ]; then
al@14468 16 echo "$certdata must be in the local directory"
al@14468 17 exit 1
al@14468 18 fi
al@14468 19
al@14468 20 REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')
al@14468 21
al@14468 22 if [ -z "${REVISION}" ]; then
al@14468 23 echo "$certfile has no 'Revision' in CVS_ID"
al@14468 24 exit 1
al@14468 25 fi
al@14468 26
al@14468 27 VERSION=$(echo $REVISION | cut -f2 -d" ")
al@14468 28
al@14468 29 TEMPDIR=$(mktemp -d)
al@14468 30 TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH"
al@14468 31 BUNDLE="ca-bundle.crt"
al@14468 32 CONVERTSCRIPT="./make-cert.pl"
al@14468 33 SSLDIR="${DESTDIR}/etc/ssl"
al@14468 34
al@14468 35 mkdir "${TEMPDIR}/certs"
al@14468 36
al@14468 37 # Get a list of staring lines for each cert
al@14468 38 CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1)
al@14468 39
al@14468 40 # Get a list of ending lines for each cert
al@14468 41 CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1`
al@14468 42
al@14468 43 # Start a loop
al@14468 44 for certbegin in ${CERTBEGINLIST}; do
al@14468 45 for certend in ${CERTENDLIST}; do
al@14468 46 if test "${certend}" -gt "${certbegin}"; then
al@14468 47 break
al@14468 48 fi
al@14468 49 done
al@14468 50
al@14468 51 # Dump to a temp file with the name of the file as the beginning line number
al@14468 52 sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp"
al@14468 53 done
al@14468 54
al@14468 55 unset CERTBEGINLIST CERTDATA CERTENDLIST certebegin certend
al@14468 56
al@14468 57 mkdir -p certs
al@14468 58 touch certs/dummy
al@14468 59 rm certs/* # Make sure the directory is clean
al@14468 60
al@14468 61 for tempfile in ${TEMPDIR}/certs/*.tmp; do
al@14468 62 # Make sure that the cert is trusted...
al@14468 63 grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \
al@14468 64 egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null
al@14468 65
al@14468 66 if test "${?}" = "0"; then
al@14468 67 # Throw a meaningful error and remove the file
al@14468 68 cp "${tempfile}" tempfile.cer
al@14468 69 perl ${CONVERTSCRIPT} > tempfile.crt
al@14468 70 keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
al@14468 71 echo "Certificate ${keyhash} is not trusted! Removing..."
al@14468 72 rm -f tempfile.cer tempfile.crt "${tempfile}"
al@14468 73 continue
al@14468 74 fi
al@14468 75
al@14468 76 # If execution made it to here in the loop, the temp cert is trusted
al@14468 77 # Find the cert data and generate a cert file for it
al@14468 78
al@14468 79 cp "${tempfile}" tempfile.cer
al@14468 80 perl ${CONVERTSCRIPT} > tempfile.crt
al@14468 81 keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
al@14468 82 mv tempfile.crt "certs/${keyhash}.pem"
al@14468 83 rm -f tempfile.cer "${tempfile}"
al@14468 84 echo "Created ${keyhash}.pem"
al@14468 85 done
al@14468 86
al@14468 87 # Remove blacklisted files
al@14468 88 # MD5 Collision Proof of Concept CA
al@14468 89 if test -f certs/8f111d69.pem; then
al@14468 90 echo "Certificate 8f111d69 is not trusted! Removing..."
al@14468 91 rm -f certs/8f111d69.pem
al@14468 92 fi
al@14468 93
al@14468 94 # Finally, generate the bundle and clean up.
al@14468 95 cat certs/*.pem > ${BUNDLE}
al@14468 96 rm -r "${TEMPDIR}"