forked from openSUSE/ca-certificates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
certbundle.run
executable file
·37 lines (33 loc) · 974 Bytes
/
certbundle.run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/bin/bash
# vim: syntax=sh
set -e
cafile="/var/lib/ca-certificates/ca-bundle.pem"
cadir="/var/lib/ca-certificates/pem"
for i in "$@"; do
if [ "$i" = "-f" ]; then
fresh=1
elif [ "$i" = "-v" ]; then
verbose=1
fi
done
if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then
exit 0
fi
[ -z "$verbose" ] || echo "creating $cafile ..."
cat > "$cafile.new" <<EOF
#
# automatically created by $0. Do not edit!
#
# Use of this file is deprecated and should only be used as last
# resort by applications that do not support p11-kit or reading /etc/ssl/certs.
# You should avoid hardcoding any paths in applications anyways though. Use
# functions that know the operating system defaults instead:
#
# - openssl: SSL_CTX_set_default_verify_paths()
# - gnutls: gnutls_certificate_set_x509_system_trust(cred)
#
EOF
trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors $cafile.tmp
cat $cafile.tmp >> $cafile.new
rm -f $cafile.tmp
mv "$cafile.new" "$cafile"