-
Notifications
You must be signed in to change notification settings - Fork 21
/
certbundle.run
executable file
·42 lines (38 loc) · 1.26 KB
/
certbundle.run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash
# vim: syntax=sh
set -e
[ -d "$statedir" ]
cafile="$destdir/$statedir/ca-bundle.pem"
cadir="$destdir/$statedir/pem"
for i in "$@"; do
if [ "$i" = "-f" ]; then
fresh=1
elif [ "$i" = "-v" ]; then
verbose=1
fi
done
if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then
exit 0
fi
[ -z "$verbose" ] || echo "creating $cafile ..."
trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors --overwrite $cafile.tmp
cat - $cafile.tmp > "$cafile.new" <<EOF
#
# automatically created by $0. Do not edit!
#
# Use of this file is deprecated and should only be used as last
# resort by applications that do not support p11-kit or reading /etc/ssl/certs.
# You should avoid hardcoding any paths in applications anyways though. Use
# functions that know the operating system defaults instead:
#
# - openssl: SSL_CTX_set_default_verify_paths()
# - gnutls: gnutls_certificate_set_x509_system_trust(cred)
#
EOF
rm -f $cafile.tmp
mv -f "$cafile.new" "$cafile"
if ! test -e $destdir/etc/ssl/ca-bundle.pem && ! test -L $destdir/etc/ssl/ca-bundle.pem; then
[ -z "$verbose" ] || echo "restoring $destdir/etc/ssl/ca-bundle.pem ..."
install -d -m 0755 $destdir/etc/ssl
ln -s ../../var/lib/ca-certificates/ca-bundle.pem $destdir/etc/ssl/ca-bundle.pem
fi