#!/bin/sh # Reinstall the CAcert.org root certificates on a Debian system # Copyright (c) 2014, Olivier Mehani # All rights reserved. # # $Id: bsdnotice.ab.sh 799 2010-05-26 01:07:56Z shtrom $ # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # 3. Neither the name of Olivier Mehani nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # BASEPATH=/usr/share/ca-certificates CACERTORGPATH=${BASEPATH}/cacert.org CACERTCERTSURL=http://www.cacert.org/certs # XXX: We should check the PGP sigs MD5_ROOT=fb262d55709427e2e9acadf2c1298c99 MD5_CLASS3=95c1c1820c0ed1de88d512cb10e25182 WGET="/usr/bin/wget -nv" SED="/bin/sed" mkdir -p ${CACERTORGPATH} ${WGET} ${CACERTCERTSURL}/root.crt -O ${CACERTORGPATH}/cacert.org_root.crt if [ "`md5sum ${CACERTORGPATH}/cacert.org_root.crt | sed 's/\s.*//'`" != "$MD5_ROOT" ]; then echo "MD5 mismatch for root, aborting" rm ${CACERTORGPATH}/cacert.org_root.crt exit 1 fi ${WGET} ${CACERTCERTSURL}/class3.crt -O ${CACERTORGPATH}/cacert.org_class3.crt if [ "`md5sum ${CACERTORGPATH}/cacert.org_class3.crt | sed 's/\s.*//'`" != "$MD5_CLASS3" ]; then echo "MD5 mismatch for class3, aborting" rm ${CACERTORGPATH}/cacert.org_class3.crt rm ${CACERTORGPATH}/cacert.org_root.crt exit 1 fi cat ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt > ${CACERTORGPATH}/cacert.org.crt rm ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt ${SED} -i "s%^!cacert.org/cacert.org.crt%cacert.org/cacert.org.crt%" /etc/ca-certificates.conf /usr/sbin/update-ca-certificates