emo/make-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update README and minor text modification

Browse Source
This commit is contained in:
DJ Lucas 2019-01-01 20:09:21 -06:00
parent 30fc33d7fe
commit 73c979f2b8
2 changed files with 5 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
README
View File

@ -42,43 +42,11 @@ Additionally, for the p11-kit distro hook, remove the "not configured" and
commands: commands:
=============================================================================== ===============================================================================
# Use make-ca to manage certificates # Copy existing modifications to local store
if [ -f /etc/make-ca.conf ]; then /usr/libexec/make-ca/copy-trust-modifications
. /etc/make-ca.conf
else
#Use defaults if make-ca.conf does not exist
ANCHORDIR="/etc/pki/anchors"
ANCHORLIST="/etc/pki/anchors.txt"
LOCALDIR="/etc/ssl/local"
CERTLIST=""
fi
# Create a list of certificates not present at previous run
for ca in `/bin/ls -1 --color=none "${ANCHORDIR}"` ; do
/bin/grep "${ca}" "${ANCHORLIST}" 2>&1>/dev/null || \
CERTLIST="${CERTLIST} ${ca}"
done
# Dump to a temporary directory
TEMPDIR=`mktemp -d`
/usr/bin/trust extract --filter=certificates --format=openssl-directory \
--overwrite "${TEMPDIR}"
# Copy new certificates to LOCALDIR
for certificate in `echo "${CERTLIST}"` ; do
LABEL=`/bin/grep -m 1 "label:" "${ANCHORDIR}/${certificate}"`
LABELNEW=`echo "${LABEL}" | \
/bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
cp -v "${TEMPDIR}/${LABELNEW}.pem" "${LOCALDIR}"
unset LABEL LABELNEW
done
# Clean up
rm -rf "${TEMPDIR}"
unset ANCHORDIR ANCHORLIST LOCALDIR CERTLIST TEMPDIR
# Generate a new trust store # Generate a new trust store
/usr/sbin/make-ca -f /usr/sbin/make-ca -f -g
EOF EOF
=============================================================================== ===============================================================================

3
copy-trust-modifcations
View File

@ -19,12 +19,13 @@ TEMPDIR=`mktemp -d`
--overwrite \ --overwrite \
"${TEMPDIR}" "${TEMPDIR}"
# Create a list of certificates not present at, or modified since previous run # Create a list of anchors that were not present or have been modified
"${MD5SUM}" "${ANCHORDIR}"/*.pem > "${TEMPDIR}/anchors.md5sums" "${MD5SUM}" "${ANCHORDIR}"/*.pem > "${TEMPDIR}/anchors.md5sums"
diff -au "${ANCHORLIST}" "${TEMPDIR}/anchors.md5sums" > "${TEMPDIR}/diff" diff -au "${ANCHORLIST}" "${TEMPDIR}/anchors.md5sums" > "${TEMPDIR}/diff"
grep "^+[a-z,0-9]" "${TEMPDIR}/diff" | cut -d " " -f 3 > "${TEMPDIR}/certlist" grep "^+[a-z,0-9]" "${TEMPDIR}/diff" | cut -d " " -f 3 > "${TEMPDIR}/certlist"
echo -e "\nThe following certificates have local modifications:\n" echo -e "\nThe following certificates have local modifications:\n"
# Copy new certificates to LOCALDIR # Copy new certificates to LOCALDIR
for certificate in `cat "${TEMPDIR}/certlist"` ; do for certificate in `cat "${TEMPDIR}/certlist"` ; do
LABEL=`grep -m 1 "label:" "${certificate}"` LABEL=`grep -m 1 "label:" "${certificate}"`