make-ca/copy-trust-modifications

#!/bin/bash

# Get configuration
if [ -f /etc/make-ca.conf ]; then
    . /etc/make-ca.conf
else
    #Use defaults if make-ca.conf does not exist
    ANCHORDIR="/etc/pki/anchors"
    ANCHORLIST="/etc/pki/anchors.md5sums"
    LOCALDIR="/etc/ssl/local"
    MD5SUM="/usr/bin/md5sum"
fi

# Dump to a temporary directory
TEMPDIR=`mktemp -d`
/usr/bin/trust extract --filter=certificates \
                       --format=openssl-directory \
                       --overwrite \
                       "${TEMPDIR}"

# Create a list of anchors that were not present or have been modified
"${MD5SUM}" "${ANCHORDIR}"/* \
    2> /dev/null > "${TEMPDIR}/anchors.md5sums"
diff -au "${ANCHORLIST}" "${TEMPDIR}/anchors.md5sums" \
    2> /dev/null > "${TEMPDIR}/diff" 
grep "^+[a-z,0-9]" "${TEMPDIR}/diff" | cut -d " " -f 3 | \
    sed '/x-certificate-extension/d' 2> /dev/null > "${TEMPDIR}/certlist"

echo -e "\nThe following certificates have local modifications:\n"

# Copy new certificates to LOCALDIR
for certificate in `cat "${TEMPDIR}/certlist"` ; do
    LABEL=`grep -m 1 "label:" "${certificate}"`
    LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
    # if added this way, then just assume serverAuth only
    # Auth can be changed in /etc/ssl/local or anchors
    openssl x509 -in "${certificate}" -text -fingerprint \
            -addtrust serverAuth -out "${LOCALDIR}/${LABELNEW}.pem"
    echo -e "${LABELNEW}"
    unset LABEL LABELNEW
done

# Clean up
rm -rf "${TEMPDIR}"
unset ANCHORDIR ANCHORLIST LOCALDIR CERTLIST TEMPDIR
Changed default name of anchors list to use md5sums extension Added copy-trust-modifcations script for use by p11-kit 2019-01-02 07:30:04 +05:30			`#!/bin/bash`

			`# Get configuration`
			`if [ -f /etc/make-ca.conf ]; then`
			`. /etc/make-ca.conf`
			`else`
			`#Use defaults if make-ca.conf does not exist`
			`ANCHORDIR="/etc/pki/anchors"`
			`ANCHORLIST="/etc/pki/anchors.md5sums"`
			`LOCALDIR="/etc/ssl/local"`
			`MD5SUM="/usr/bin/md5sum"`
			`fi`

			`# Dump to a temporary directory`
			TEMPDIR=`mktemp -d`
			`/usr/bin/trust extract --filter=certificates \`
			`--format=openssl-directory \`
			`--overwrite \`
			`"${TEMPDIR}"`

Update README and minor text modification 2019-01-02 07:39:21 +05:30			`# Create a list of anchors that were not present or have been modified`
make-ca,copy-trust-modifications: omit x-certificate-extension.p11kit and assume serverAuth 2021-08-05 08:47:50 +05:30			`"${MD5SUM}" "${ANCHORDIR}"/* \`
Redirect errors in copy-trust-modifications script Use update-ca-certificates for systemd service 2019-04-13 09:41:01 +05:30			`2> /dev/null > "${TEMPDIR}/anchors.md5sums"`
			`diff -au "${ANCHORLIST}" "${TEMPDIR}/anchors.md5sums" \`
			`2> /dev/null > "${TEMPDIR}/diff"`
make-ca,copy-trust-modifications: omit x-certificate-extension.p11kit and assume serverAuth 2021-08-05 08:47:50 +05:30			`grep "^+[a-z,0-9]" "${TEMPDIR}/diff" \| cut -d " " -f 3 \| \`
			`sed '/x-certificate-extension/d' 2> /dev/null > "${TEMPDIR}/certlist"`
Changed default name of anchors list to use md5sums extension Added copy-trust-modifcations script for use by p11-kit 2019-01-02 07:30:04 +05:30
			`echo -e "\nThe following certificates have local modifications:\n"`
Update README and minor text modification 2019-01-02 07:39:21 +05:30
Changed default name of anchors list to use md5sums extension Added copy-trust-modifcations script for use by p11-kit 2019-01-02 07:30:04 +05:30			`# Copy new certificates to LOCALDIR`
			for certificate in `cat "${TEMPDIR}/certlist"` ; do
			LABEL=`grep -m 1 "label:" "${certificate}"`
			LABELNEW=`echo "${LABEL}" \| /bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
make-ca,copy-trust-modifications: omit x-certificate-extension.p11kit and assume serverAuth 2021-08-05 08:47:50 +05:30			`# if added this way, then just assume serverAuth only`
			`# Auth can be changed in /etc/ssl/local or anchors`
			`openssl x509 -in "${certificate}" -text -fingerprint \`
			`-addtrust serverAuth -out "${LOCALDIR}/${LABELNEW}.pem"`
Changed default name of anchors list to use md5sums extension Added copy-trust-modifcations script for use by p11-kit 2019-01-02 07:30:04 +05:30			`echo -e "${LABELNEW}"`
			`unset LABEL LABELNEW`
			`done`

			`# Clean up`
			`rm -rf "${TEMPDIR}"`
			`unset ANCHORDIR ANCHORLIST LOCALDIR CERTLIST TEMPDIR`