94 lines
3.4 KiB
Bash
Executable File
94 lines
3.4 KiB
Bash
Executable File
#!/bin/sh
|
|
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
|
|
|
PREFIX=/usr/local
|
|
ROLE=testforge
|
|
BASE=/usr/share/ca-certificates/mozilla
|
|
TO=/usr/local/share/ca-certificates/mozilla
|
|
VER=20190110
|
|
DIR=ca-certificates-$VER
|
|
URL=deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_$VER.tar.xz
|
|
URL_CERTDATA=hg.mozilla.org/releases/mozilla-beta/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
|
|
LOG_DIR=/var/local/var/log
|
|
|
|
[ -d $LOG_DIR ] || mkdir $LOG_DIR
|
|
LOG_FILE=$LOG_DIR/ca-certificates_$$.log
|
|
rm -f $LOG_FILE
|
|
|
|
# on Gentoo it may be up to date
|
|
if false && which equery 2>/dev/null >/dev/null ; then
|
|
# 20190110.3.43
|
|
equery f app-misc/ca-certificates|grep /usr/share/doc/ca-certificates-$VER
|
|
fi
|
|
|
|
[ -d $TO ] || mkdir -p $TO
|
|
cd /usr/local/src || exit 1
|
|
|
|
if [ ! -d $DIR ] ; then
|
|
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; }
|
|
[ -f /usr/local/net/Http/$URL ] || \
|
|
wget -xcP /usr/local/net/Http/ http://$URL || exit 1
|
|
tar xvfJ /usr/local/net/Http/$URL
|
|
fi
|
|
|
|
cd $DIR/mozilla || exit 2
|
|
# will regenerate these if they exist
|
|
rm -f *crt
|
|
|
|
# leave the original OS /usr/share certs renamed to .old
|
|
ls $BASE/*.crt >/dev/null 2>/dev/null && \
|
|
for file in $BASE/*.crt ; do
|
|
[ -f "$file.old" ] && sudo rm "$file.old"
|
|
sudo mv "$file" "$file.old" || \
|
|
{ echo ERROR: moving $file $file.old ; exit 3 ; }
|
|
done
|
|
|
|
[ -f blacklist.txt ] || { echo ERROR: missing blacklist.txt ; exit 4 ; }
|
|
|
|
if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
|
|
[ -f /usr/local/net/Http/$URL_CERTDATA ] || \
|
|
wget -xcP /usr/local/net/Http/ http://$URL_CERTDATA
|
|
fi
|
|
if [ ! -f certdata.txt.mozilla ] && [ -f /usr/local/net/Http/$URL ] ; then
|
|
cp -p /usr/local/net/Http/$URL_CERTDATA certdata.txt.mozilla
|
|
fi
|
|
|
|
if [ -f certdata.txt.mozilla -a certdata.txt.mozilla -nt certdata.txt ] ; then
|
|
[ -f certdata.txt.debian ] || mv certdata.txt certdata.txt.debian
|
|
cp -p certdata.txt.mozilla certdata.txt
|
|
fi
|
|
python2 ./certdata2pem.py >> $LOG_FILE 2>&1 || exit 5
|
|
|
|
ls *.crt >/dev/null 2>/dev/null && \
|
|
for file in *crt ; do
|
|
sudo mv $file $TO/$file || \
|
|
{ echo ERROR: moving $file $TO/$file ; exit 6 ; }
|
|
done
|
|
|
|
[ -f $TO/blacklist.txt ] || \
|
|
sudo cp -p blacklist.txt $TO
|
|
|
|
#[ -f /etc/ca-certificates.conf ] && [ ! -f /etc/ca-certificates.conf.old ] && \
|
|
# sudo mv /etc/ca-certificates.conf /etc/ca-certificates.conf.old
|
|
# morons: this return rc=0 even when there is an exception - with java7 -
|
|
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
|
|
sudo bash /usr/sbin/update-ca-certificates --verbose > $LOG_FILE 2>&1
|
|
[ $? -ne 0 ] && exit 7$?
|
|
|
|
grep Exception: $LOG_FILE && exit 8
|
|
|
|
cd /usr/local/share/ca-certificates/mozilla || exit 9
|
|
for file in *crt; do diff $file /usr/share/ca-certificates/mozilla/$file.old ; done \
|
|
>> $LOG_FILE 2>&1
|
|
|
|
cd /usr/share/ca-certificates/mozilla || exit 10
|
|
echo INFO: /usr/share/ca-certificates/mozilla >> $LOG_FILE 2>&1
|
|
for file in *.old; do diff $file /usr/local/share/ca-certificates/mozilla$( basename $file .old );done \
|
|
>> $LOG_FILE 2>&1
|
|
|
|
exit 0
|
|
|
|
|
|
# alternate
|
|
# wget -xcP /usr/local/net/Http/ http://ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb;alien -t -c /usr/local/net/Http/ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb ; tar xvfz ca-certificates-20190110.tgz -C /usr/local/share/ca-certificates/mozilla
|