make-ca,copy-trust-modifications: omit x-certificate-extension.p11kit and assume serverAuth

2021-08-04 22:17:50 -05:00 · 2021-08-04 22:17:50 -05:00 · e4b5db9b34
commit e4b5db9b34
parent 45e198f198
2 changed files with 8 additions and 5 deletions
--- a/11
+++ b/11
@ -19,12 +19,12 @@ TEMPDIR=`mktemp -d`
                       "${TEMPDIR}"
 # Create a list of anchors that were not present or have been modified
-"${MD5SUM}" "${ANCHORDIR}"/*.pem \
+"${MD5SUM}" "${ANCHORDIR}"/* \
    2> /dev/null > "${TEMPDIR}/anchors.md5sums"
 diff -au "${ANCHORLIST}" "${TEMPDIR}/anchors.md5sums" \
    2> /dev/null > "${TEMPDIR}/diff" 
-grep "^+[a-z,0-9]" "${TEMPDIR}/diff" | cut -d " " -f 3 \
+grep "^+[a-z,0-9]" "${TEMPDIR}/diff" | cut -d " " -f 3 | \
-    2> /dev/null > "${TEMPDIR}/certlist"
+    sed '/x-certificate-extension/d' 2> /dev/null > "${TEMPDIR}/certlist"
 echo -e "\nThe following certificates have local modifications:\n"
@ -32,7 +32,10 @@ echo -e "\nThe following certificates have local modifications:\n"
 for certificate in `cat "${TEMPDIR}/certlist"` ; do
    LABEL=`grep -m 1 "label:" "${certificate}"`
    LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@^label: @@' -e 's@"@@g' -e 's@ @_@g'`
-    cp -f "${TEMPDIR}/${LABELNEW}.pem" "${LOCALDIR}"
+    # if added this way, then just assume serverAuth only
    # Auth can be changed in /etc/ssl/local or anchors
    openssl x509 -in "${certificate}" -text -fingerprint \
            -addtrust serverAuth -out "${LOCALDIR}/${LABELNEW}.pem"
    echo -e "${LABELNEW}"
    unset LABEL LABELNEW
 done
--- a/2
+++ b/2
@ -817,7 +817,7 @@ fi
 popd > /dev/null 2>&1
 rm -rf "${TEMPDIR}"
 # Build ANCHORLIST
-"${MD5SUM}" "${DESTDIR}${ANCHORDIR}"/*.pem > "${DESTDIR}${ANCHORLIST}"
+"${MD5SUM}" "${DESTDIR}${ANCHORDIR}"/* > "${DESTDIR}${ANCHORLIST}"
 # Build alternate formats using p11-kit trust
 mkdir -p "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"