| @@ -1,46 +1,48 @@ | | | @@ -1,46 +1,48 @@ |
1 | #!/bin/sh | | 1 | #!/bin/sh |
2 | # | | 2 | # |
3 | # $NetBSD: mozilla-rootcerts.sh,v 1.8 2015/01/27 13:54:10 jperkin Exp $ | | 3 | # $NetBSD: mozilla-rootcerts.sh,v 1.9 2015/04/18 20:11:35 dholland Exp $ |
4 | # | | 4 | # |
5 | # This script is meant to be used as follows: | | 5 | # This script is meant to be used as follows: |
6 | # | | 6 | # |
7 | # # cd /etc/openssl/certs | | 7 | # # cd /etc/openssl/certs |
8 | # # mozilla-rootcerts extract | | 8 | # # mozilla-rootcerts extract |
9 | # # mozilla-rootcerts rehash | | 9 | # # mozilla-rootcerts rehash |
10 | # | | 10 | # |
11 | | | 11 | |
12 | : ${AWK=@AWK@} | | 12 | : ${AWK=@AWK@} |
13 | : ${ECHO=@ECHO@} | | 13 | : ${ECHO=@ECHO@} |
14 | : ${EXPR=@EXPR@} | | 14 | : ${EXPR=@EXPR@} |
15 | : ${LN=@LN@} | | 15 | : ${LN=@LN@} |
16 | : ${LS=@LS@} | | 16 | : ${LS=@LS@} |
17 | : ${MKDIR=@MKDIR@} | | 17 | : ${MKDIR=@MKDIR@} |
18 | : ${OPENSSL=@OPENSSL@} | | 18 | : ${OPENSSL=@OPENSSL@} |
19 | : ${SSLDIR=@SSLDIR@} | | 19 | : ${SSLDIR=@SSLDIR@} |
20 | : ${RM=@RM@} | | 20 | : ${RM=@RM@} |
21 | | | 21 | |
22 | self="@LOCALBASE@/sbin/mozilla-rootcerts" | | 22 | self="@LOCALBASE@/sbin/mozilla-rootcerts" |
23 | certfile="@DATADIR@/certdata.txt" | | 23 | certfile="@DATADIR@/certdata.txt" |
24 | certdir="/etc/ssl/certs" | | 24 | certdir="/etc/ssl/certs" |
| | | 25 | destdir= |
25 | | | 26 | |
26 | usage() | | 27 | usage() |
27 | { | | 28 | { |
28 | ${ECHO} 1>&2 "usage: $self [-f certfile] extract|rehash|install" | | 29 | ${ECHO} 1>&2 "usage: $self [-d destdir] [-f certfile] extract|rehash|install" |
29 | exit $1 | | 30 | exit $1 |
30 | } | | 31 | } |
31 | | | 32 | |
32 | while [ $# -gt 0 ]; do | | 33 | while [ $# -gt 0 ]; do |
33 | case "$1" in | | 34 | case "$1" in |
| | | 35 | -d) destdir="$2"; shift 2;; |
34 | -f) certfile="$2"; shift 2 ;; | | 36 | -f) certfile="$2"; shift 2 ;; |
35 | --) shift; break ;; | | 37 | --) shift; break ;; |
36 | -*) ${ECHO} 1>&2 "$self: unknown option -- $1" | | 38 | -*) ${ECHO} 1>&2 "$self: unknown option -- $1" |
37 | usage 128 ;; | | 39 | usage 128 ;; |
38 | *) break ;; | | 40 | *) break ;; |
39 | esac | | 41 | esac |
40 | done | | 42 | done |
41 | | | 43 | |
42 | [ $# -eq 1 ] || usage 128 | | 44 | [ $# -eq 1 ] || usage 128 |
43 | | | 45 | |
44 | action="$1"; shift | | 46 | action="$1"; shift |
45 | | | 47 | |
46 | # | | 48 | # |
| @@ -171,34 +173,34 @@ extract) | | | @@ -171,34 +173,34 @@ extract) |
171 | if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/) | | 173 | if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/) |
172 | untrusted = 1 | | 174 | untrusted = 1 |
173 | if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/) | | 175 | if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/) |
174 | untrusted = 1 | | 176 | untrusted = 1 |
175 | | | 177 | |
176 | if (untrusted) { | | 178 | if (untrusted) { |
177 | print filename " untrusted" | | 179 | print filename " untrusted" |
178 | system("rm -f " filename) | | 180 | system("rm -f " filename) |
179 | } | | 181 | } |
180 | } | | 182 | } |
181 | }' | | 183 | }' |
182 | ;; | | 184 | ;; |
183 | install) | | 185 | install) |
184 | if [ ! -d $SSLDIR ]; then | | 186 | if [ ! -d $destdir$SSLDIR ]; then |
185 | ${ECHO} 1>&2 "ERROR: $SSLDIR does not exist, aborting." | | 187 | ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR does not exist, aborting." |
186 | exit 1 | | 188 | exit 1 |
187 | fi | | 189 | fi |
188 | cd $SSLDIR | | 190 | cd $destdir$SSLDIR |
189 | if [ -n "`${LS}`" ]; then | | 191 | if [ -n "`${LS}`" ]; then |
190 | ${ECHO} 1>&2 "ERROR: $SSLDIR already contains certificates, aborting." | | 192 | ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR already contains certificates, aborting." |
191 | exit 1 | | 193 | exit 1 |
192 | fi | | 194 | fi |
193 | set -e | | 195 | set -e |
194 | $self extract | | 196 | $self extract |
195 | $self rehash | | 197 | $self rehash |
196 | set +e | | 198 | set +e |
197 | if [ -d $certdir ]; then | | 199 | if [ -d $destdir$certdir ]; then |
198 | ${ECHO} 1>&2 "ERROR: $certdir already exists, aborting." | | 200 | ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." |
199 | exit 1 | | 201 | exit 1 |
200 | fi | | 202 | fi |
201 | set -e | | 203 | set -e |
202 | $MKDIR $certdir | | 204 | $MKDIR $destdir$certdir |
203 | cat $SSLDIR/*.pem > $certdir/ca-certificates.crt | | 205 | cat $destdir$SSLDIR/*.pem > $destdir$certdir/ca-certificates.crt |
204 | esac | | 206 | esac |