diff options
author | shtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2> | 2014-04-16 11:45:50 +0000 |
---|---|---|
committer | shtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2> | 2014-04-16 11:45:50 +0000 |
commit | 143ef40445b76d88550be866a26ec56131cc450f (patch) | |
tree | feb7ff531356df59e720490e5c299bd1292bc9bd /reinstall-cacert.org_certs.sh | |
parent | 80d38d9c6bd6f48ea1a58b9db10795cea73380e6 (diff) |
[scripts] Script to reinstall CAcert.org certificates on a Debian-ish system.
git-svn-id: svn+ssh://scm.narf.ssji.net/svn/shtrom/scripts@1796 1991c358-8f32-0410-a49a-990740bdf4c2
Diffstat (limited to 'reinstall-cacert.org_certs.sh')
-rwxr-xr-x | reinstall-cacert.org_certs.sh | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/reinstall-cacert.org_certs.sh b/reinstall-cacert.org_certs.sh new file mode 100755 index 0000000..e6dadc2 --- /dev/null +++ b/reinstall-cacert.org_certs.sh @@ -0,0 +1,65 @@ +#!/bin/sh +# Reinstall the CAcert.org root certificates on a Debian system +# Copyright (c) 2014, Olivier Mehani <shtrom@ssji.net> +# All rights reserved. +# +# $Id: bsdnotice.ab.sh 799 2010-05-26 01:07:56Z shtrom $ +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# 3. Neither the name of Olivier Mehani nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# +BASEPATH=/usr/share/ca-certificates +CACERTORGPATH=${BASEPATH}/cacert.org +CACERTCERTSURL=http://www.cacert.org/certs + +# XXX: We should check the PGP sigs +MD5_ROOT=fb262d55709427e2e9acadf2c1298c99 +MD5_CLASS3=95c1c1820c0ed1de88d512cb10e25182 + +WGET="/usr/bin/wget -nv" +SED="/bin/sed" + +mkdir -p ${CACERTORGPATH} + +${WGET} ${CACERTCERTSURL}/root.crt -O ${CACERTORGPATH}/cacert.org_root.crt +if [ "`md5sum ${CACERTORGPATH}/cacert.org_root.crt | sed 's/\s.*//'`" != "$MD5_ROOT" ]; then + echo "MD5 mismatch for root, aborting" + rm ${CACERTORGPATH}/cacert.org_root.crt + exit 1 +fi + +${WGET} ${CACERTCERTSURL}/class3.crt -O ${CACERTORGPATH}/cacert.org_class3.crt +if [ "`md5sum ${CACERTORGPATH}/cacert.org_class3.crt | sed 's/\s.*//'`" != "$MD5_CLASS3" ]; then + echo "MD5 mismatch for class3, aborting" + rm ${CACERTORGPATH}/cacert.org_class3.crt + rm ${CACERTORGPATH}/cacert.org_root.crt + exit 1 +fi + +cat ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt > ${CACERTORGPATH}/cacert.org.crt +rm ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt + +${SED} -i "s%^!cacert.org/cacert.org.crt%cacert.org/cacert.org.crt%" /etc/ca-certificates.conf + +/usr/sbin/update-ca-certificates |