Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
blob: e6dadc2d01b9389b45bf35afeb98620d0edc4e4e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/sh
# Reinstall the CAcert.org root certificates on a Debian system
# Copyright (c) 2014, Olivier Mehani <shtrom@ssji.net>
# All rights reserved.
#
# $Id: bsdnotice.ab.sh 799 2010-05-26 01:07:56Z shtrom $
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright notice, this
#    list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
#    this list of conditions and the following disclaimer in the documentation
#    and/or other materials provided with the distribution.
# 3. Neither the name of Olivier Mehani nor the names of its contributors
#    may be used to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# 
BASEPATH=/usr/share/ca-certificates
CACERTORGPATH=${BASEPATH}/cacert.org
CACERTCERTSURL=http://www.cacert.org/certs

# XXX: We should check the PGP sigs
MD5_ROOT=fb262d55709427e2e9acadf2c1298c99
MD5_CLASS3=95c1c1820c0ed1de88d512cb10e25182

WGET="/usr/bin/wget -nv"
SED="/bin/sed"

mkdir -p ${CACERTORGPATH}

${WGET} ${CACERTCERTSURL}/root.crt -O ${CACERTORGPATH}/cacert.org_root.crt
if [ "`md5sum ${CACERTORGPATH}/cacert.org_root.crt | sed 's/\s.*//'`" != "$MD5_ROOT" ]; then
	echo "MD5 mismatch for root, aborting"
	rm ${CACERTORGPATH}/cacert.org_root.crt
	exit 1
fi

${WGET} ${CACERTCERTSURL}/class3.crt -O ${CACERTORGPATH}/cacert.org_class3.crt
if [ "`md5sum ${CACERTORGPATH}/cacert.org_class3.crt | sed 's/\s.*//'`" != "$MD5_CLASS3" ]; then
	echo "MD5 mismatch for class3, aborting"
	rm ${CACERTORGPATH}/cacert.org_class3.crt
	rm ${CACERTORGPATH}/cacert.org_root.crt
	exit 1
fi

cat ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt > ${CACERTORGPATH}/cacert.org.crt
rm ${CACERTORGPATH}/cacert.org_root.crt ${CACERTORGPATH}/cacert.org_class3.crt

${SED} -i "s%^!cacert.org/cacert.org.crt%cacert.org/cacert.org.crt%" /etc/ca-certificates.conf

/usr/sbin/update-ca-certificates