Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2014-04-16 11:45:50 +0000
committershtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2014-04-16 11:45:50 +0000
commit143ef40445b76d88550be866a26ec56131cc450f (patch)
treefeb7ff531356df59e720490e5c299bd1292bc9bd
parent80d38d9c6bd6f48ea1a58b9db10795cea73380e6 (diff)
[scripts] Script to reinstall CAcert.org certificates on a Debian-ish system.
git-svn-id: svn+ssh://scm.narf.ssji.net/svn/shtrom/scripts@1796 1991c358-8f32-0410-a49a-990740bdf4c2
-rwxr-xr-xreinstall-cacert.org_certs.sh65
1 files changed, 65 insertions, 0 deletions
diff --git a/reinstall-cacert.org_certs.sh b/reinstall-cacert.org_certs.sh
new file mode 100755
index 0000000..e6dadc2
--- /dev/null
+++ b/reinstall-cacert.org_certs.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# Reinstall the CAcert.org root certificates on a Debian system
+# Copyright (c) 2014, Olivier Mehani <shtrom@ssji.net>
+# All rights reserved.
+#
+# $Id: bsdnotice.ab.sh 799 2010-05-26 01:07:56Z shtrom $
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+# 3. Neither the name of Olivier Mehani nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+BASEPATH=/usr/share/ca-certificates
+CACERTORGPATH=${BASEPATH}/cacert.org
+CACERTCERTSURL=http://www.cacert.org/certs
+
+# XXX: We should check the PGP sigs
+MD5_ROOT=fb262d55709427e2e9acadf2c1298c99
+MD5_CLASS3=95c1c1820c0ed1de88d512cb10e25182
+
+WGET="/usr/bin/wget -nv"
+SED="/bin/sed"
+
+mkdir -p ${CACERTORGPATH}
+
+${WGET} ${CACERTCERTSURL}/root.crt -O ${CACERTORGPATH}/cacert.org_root.crt
+if [ "`md5sum ${CACERTORGPATH}/cacert.org_root.crt | sed 's/\s.*//'`" != "$MD5_ROOT" ]; then
+ echo "MD5 mismatch for root, aborting"
+ rm ${CACERTORGPATH}/cacert.org_root.crt
+ exit 1
+fi
+
+${WGET} ${CACERTCERTSURL}/class3.crt -O ${CACERTORGPATH}/cacert.org_class3.crt
+if [ "`md5sum ${CACERTORGPATH}/cacert.org_class3.crt | sed 's/\s.*//'`" != "$MD5_CLASS3" ]; then
+ echo "MD5 mismatch for class3, aborting"
+ rm ${CACERTORGPATH}/cacert.org_class3.crt
+ rm ${CACERTORGPATH}/cacert.org_root.crt
+ exit 1
+fi
+
+cat ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt > ${CACERTORGPATH}/cacert.org.crt
+rm ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt
+
+${SED} -i "s%^!cacert.org/cacert.org.crt%cacert.org/cacert.org.crt%" /etc/ca-certificates.conf
+
+/usr/sbin/update-ca-certificates