17
18
# You should have received a copy of the GNU General Public License
18
19
# along with this program; if not, write to the Free Software
19
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301,
38
40
CERTSCONF=/etc/ca-certificates.conf
39
41
CERTSDIR=/usr/share/ca-certificates
42
LOCALCERTSDIR=/usr/local/share/ca-certificates
40
43
CERTBUNDLE=ca-certificates.crt
41
44
ETCCERTSDIR=/etc/ssl/certs
53
# Helper files. (Some of them are not simple arrays because we spawn
54
# subshells later on.)
55
TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
56
ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
57
REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
59
# Adds a certificate to the list of trusted ones. This includes a symlink
60
# in /etc/ssl/certs to the certificate file and its inclusion into the
64
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
67
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
70
echo +$PEM >> "$ADDED"
72
cat "$CERT" >> "$TEMPBUNDLE"
77
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt).pem"
81
echo -$PEM >> "$REMOVED"
43
86
if [ "$fresh" = 1 ]; then
44
87
echo -n "Clearing symlinks in $ETCCERTSDIR..."
57
echo -n "Updating certificates in $ETCCERTSDIR...."
59
bundletmp=`mktemp "${CERTBUNDLE}.tmp.XXXXXX"`
60
removed="$(sed -ne 's/^!//p' $CERTSCONF | while read crt
62
if test "$crt" = ""; then continue; fi
63
pem=$(basename "$crt" .crt).pem
64
if test -e "$pem"; then
66
echo "-$ETCCERTSDIR/$pem"
70
added="$(sed -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
72
if test "$crt" = ""; then continue; fi
73
if ! test -f "$CERTSDIR/$crt"; then continue; fi
74
pem=$(basename "$crt" .crt).pem
75
if ! test -e "$pem"; then echo "+$ETCCERTSDIR/$pem"; fi
76
ln -sf "$CERTSDIR/$crt" "$pem"
77
cat "$CERTSDIR/$crt" >> "$bundletmp"
79
chmod 0644 "$bundletmp"
80
mv -f "$bundletmp" "$CERTBUNDLE"
82
if [ -n "$added" ] || [ -n "$removed" ]; then
101
echo -n "Updating certificates in $ETCCERTSDIR... "
103
# Handle certificates that should be removed. This is an explicit act
104
# by prefixing lines in the configuration files with exclamation marks (!).
105
sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt
107
remove "$CERTSDIR/$crt"
110
sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
112
if ! test -f "$CERTSDIR/$crt"
114
echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
120
# Now process certificate authorities installed by the local system
122
if [ -d "$LOCALCERTSDIR" ]
124
find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt
130
chmod 0644 "$TEMPBUNDLE"
131
mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
133
ADDED_CNT=$(wc -l < "$ADDED")
134
REMOVED_CNT=$(wc -l < "$REMOVED")
136
if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
83
138
# only run if set of files has changed
85
if [ "$verbose" = 0 ]; then
86
c_rehash . > /dev/null 2>&1
139
if [ "$verbose" = 0 ]
141
c_rehash . > /dev/null
92
HOOKSDIR=/etc/ca-certificates/update.d
93
echo -n "Running hooks in $HOOKSDIR...."
95
[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
96
eval run-parts $VERB_ARG --test -- $HOOKSDIR | while read hook; do
97
printf -- "${removed:+$removed\n}${added:+$added\n}" | eval $hook
147
echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
149
HOOKSDIR=/etc/ca-certificates/update.d
150
echo -n "Running hooks in $HOOKSDIR...."
152
[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
153
eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook
156
cat $REMOVED ) | $hook || echo E: $hook exited with code $?.