- ca-certificates: move files to package dir

4 years ago · e559d0b598
3 changed files with 0 additions and 412 deletions
--- a/skel-root/general/ca-certificates/usr/bin/c_rehash
+++ b/skel-root/general/ca-certificates/usr/bin/c_rehash
@ -1,210 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-
-# default certificate location
-DIR=/etc/ssl
-
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-	if echo ${LINE} \
-	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-	then
-	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
-	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-	    then
-	    	break
-	    fi
-	fi
-    done
-
-    # restore IFS
-    IFS=${OLDIFS}
-
-    return ${IS_TYPE}
-}
-
-
-#
-# use openssl to fingerprint a file
-#    arguments:
-#	1. the filename to fingerprint
-#	2. the method to use (x509, crl)
-#    returns:
-#	none
-#    assumptions:
-#	user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-
-
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#	2. the type of certificate being linked (x509, crl)
-#    returns:
-#	0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-
-    if [ ${2} = "crl" ]
-    then
-    	TAG='r'
-    fi
-
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-
-    while [ -f ${LINKFILE} ]
-    do
-	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-	then
-	    echo "WARNING: Skipping duplicate file ${1}" >&2
-	    return 1
-	fi	
-
-	SUFFIX=$(( ${SUFFIX} + 1 ))
-	LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-
-    echo "${1} => ${LINKFILE}"
-
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${1} ${LINKFILE}
-
-    return 0
-}
-
-
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-
-    cd ${1}
-
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-	    	&& [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-	check_file ${FILE}
-        local FILE_TYPE=${?}
-	local TYPE_STR=''
-
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
-	    continue
-        fi
-
-	link_hash ${FILE} ${TYPE_STR}
-    done
-}
-
-
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-
-IFS=':'
-
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
--- a/skel-root/general/ca-certificates/usr/bin/certsconf.sh
+++ b/skel-root/general/ca-certificates/usr/bin/certsconf.sh
@ -1,15 +0,0 @@
-#!/bin/sh
-
-CERTSCONF=/etc/ca-certificates.conf
-CERTSDIR=/usr/share/ca-certificates
-
-rm -f $CERTSCONF
-
-subdirs="$(ls -1 $CERTSDIR)"
-for subdir in $subdirs; do
-	certs="$(ls -1 $CERTSDIR/$subdir)"
-	for cert in $certs; do
-		echo "add $subdir/$cert"
-		echo "$subdir/$cert" >> $CERTSCONF
-	done
-done
--- a/skel-root/general/ca-certificates/usr/sbin/update-ca-certificates
+++ b/skel-root/general/ca-certificates/usr/sbin/update-ca-certificates
@ -1,187 +0,0 @@
-#!/bin/sh -e
-#
-# update-ca-certificates
-#
-# Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp>
-# Copyright (c) 2009 Philipp Kern <pkern@debian.org>
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301,
-# USA.
-#
-
-verbose=0
-fresh=0
-default=0
-CERTSCONF=/etc/ca-certificates.conf
-CERTSDIR=/usr/share/ca-certificates
-LOCALCERTSDIR=/var/share/ca-certificates
-CERTBUNDLE=ca-certificates.crt
-ETCCERTSDIR=/etc/ssl/certs
-
-while [ $# -gt 0 ];
-do
-  case $1 in
-    --verbose|-v)
-      verbose=1;;
-    --fresh|-f)
-      fresh=1;;
-    --default|-d)
-      default=1
-      fresh=1;;
-    --certsconf)
-      shift
-      CERTSCONF="$1";;
-    --certsdir)
-      shift
-      CERTSDIR="$1";;
-    --localcertsdir)
-      shift
-      LOCALCERTSDIR="$1";;
-    --certbundle)
-      shift
-      CERTBUNDLE="$1";;
-    --etccertsdir)
-      shift
-      ETCCERTSDIR="$1";;
-    --help|-h|*)
-      echo "$0: [--verbose] [--fresh]"
-      exit;;
-  esac
-  shift
-done
-
-if [ ! -s "$CERTSCONF" ]
-then
-  fresh=1
-fi
-
-cleanup() {
-  rm -f "$TEMPBUNDLE"
-  rm -f "$ADDED"
-  rm -f "$REMOVED"
-}
-trap cleanup 0
-
-# Helper files.  (Some of them are not simple arrays because we spawn
-# subshells later on.)
-TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
-ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
-REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
-
-# Adds a certificate to the list of trusted ones.  This includes a symlink
-# in /etc/ssl/certs to the certificate file and its inclusion into the
-# bundle.
-add() {
-  CERT="$1"
-  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
-                                                  -e 's/[()]/=/g' \
-                                                  -e 's/,/_/g').pem"
-  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
-  then
-    ln -sf "$CERT" "$PEM"
-    echo "+$PEM" >> "$ADDED"
-  fi
-  # Add trailing newline to certificate, if it is missing (#635570)
-  sed -e '$a\' "$CERT" >> "$TEMPBUNDLE"
-}
-
-remove() {
-  CERT="$1"
-  PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
-  if test -L "$PEM"
-  then
-    rm -f "$PEM"
-    echo "-$PEM" >> "$REMOVED"
-  fi
-}
-
-mkdir -p "$ETCCERTSDIR"
-cd "$ETCCERTSDIR"
-if [ "$fresh" = 1 ]; then
-  echo "Clearing symlinks in $ETCCERTSDIR..."
-  find . -type l -print | while read symlink
-  do
-    case $(readlink "$symlink") in
-      $CERTSDIR*|$LOCALCERTSDIR*) rm -f $symlink;;
-    esac
-  done
-  find . -type l -print | while read symlink
-  do
-    test -f "$symlink" || rm -f "$symlink"
-  done
-  echo "done."
-fi
-
-echo "Updating certificates in $ETCCERTSDIR..."
-
-# Add default certificate authorities if requested
-if [ "$default" = 1 ]; then
-  find -L "$CERTSDIR" -type f -name '*.crt' | sort | while read crt
-  do
-    add "$crt"
-  done
-fi
-
-# Handle certificates that should be removed.  This is an explicit act
-# by prefixing lines in the configuration files with exclamation marks (!).
-sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt
-do
-  remove "$CERTSDIR/$crt"
-done
-
-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
-do
-  if ! test -f "$CERTSDIR/$crt"
-  then
-    echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
-    continue
-  fi
-  add "$CERTSDIR/$crt"
-done
-
-# Now process certificate authorities installed by the local system
-# administrator.
-if [ -d "$LOCALCERTSDIR" ]
-then
-  find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read crt
-  do
-    add "$crt"
-  done
-fi
-
-rm -f "$CERTBUNDLE"
-
-ADDED_CNT=$(wc -l < "$ADDED")
-REMOVED_CNT=$(wc -l < "$REMOVED")
-
-if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
-then
-  # only run if set of files has changed
-  if [ "$verbose" = 0 ]
-  then
-    c_rehash . > /dev/null
-  else
-    c_rehash .
-  fi
-fi
-
-chmod 0644 "$TEMPBUNDLE"
-mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
-# Restore proper SELinux label after moving the file
-[ -x /usr/sbin/restorecon ] && /usr/sbin/restorecon "$CERTBUNDLE" >/dev/null 2>&1
-
-echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
-
-# vim:set et sw=2: