[packages/openssl102: 269/432] - shell version of c_rehash perl script (Author: Ben Secrest <blsecres at gmail.com>)
adwol
adwol at pld-linux.org
Sat Sep 29 01:24:11 CEST 2018
commit 59039eaf3c77096b87996979589c1c1c4e26f839
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Mon Nov 3 12:49:51 2008 +0000
- shell version of c_rehash perl script (Author: Ben Secrest <blsecres at gmail.com>)
Changed files:
openssl-c_rehash.sh -> 1.1
openssl-c_rehash.sh | 218 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 218 insertions(+)
---
diff --git a/openssl-c_rehash.sh b/openssl-c_rehash.sh
new file mode 100644
index 0000000..1069eea
--- /dev/null
+++ b/openssl-c_rehash.sh
@@ -0,0 +1,218 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres at gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+
+# default certificate location
+DIR=/etc/openssl
+
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+
+
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+# 1. the filename to be scanned
+# returns:
+# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+ local IS_TYPE=0
+
+ # make IFS a newline so we can process grep output line by line
+ local OLDIFS=${IFS}
+ IFS=$( printf "\n" )
+
+ # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+ for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+ do
+ if echo ${LINE} \
+ | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ break
+ fi
+ elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+ then
+ IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+
+ if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ break
+ fi
+ fi
+ done
+
+ # restore IFS
+ IFS=${OLDIFS}
+
+ return ${IS_TYPE}
+}
+
+
+#
+# use openssl to fingerprint a file
+# arguments:
+# 1. the filename to fingerprint
+# 2. the method to use (x509, crl)
+# returns:
+# none
+# assumptions:
+# user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+
+
+#
+# link_hash - create links to certificate files
+# arguments:
+# 1. the filename to create a link for
+# 2. the type of certificate being linked (x509, crl)
+# returns:
+# 0 on success, 1 otherwise
+#
+link_hash()
+{
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+ local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+ local SUFFIX=0
+ local LINKFILE=''
+ local TAG=''
+
+ if [ ${2} = "crl" ]
+ then
+ TAG='r'
+ fi
+
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+
+ while [ -f ${LINKFILE} ]
+ do
+ if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+ then
+ printf "WARNING: Skipping duplicate file ${1}\n" >&2
+ return 1
+ fi
+
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+
+ printf "${1} => ${LINKFILE}\n"
+
+ # assume any system with a POSIX shell will either support symlinks or
+ # do something to handle this gracefully
+ ln -s ${1} ${LINKFILE}
+
+ return 0
+}
+
+
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+ printf "Doing ${1}\n"
+
+ cd ${1}
+
+ for FILE in *
+ do
+ # no files in directory at all, no point in continuing
+ if ! [ -f ${FILE} ]
+ then
+ return 1
+ fi
+
+ if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+ && [ -h "${FILE}" ]
+ then
+ rm ${FILE}
+ fi
+ done
+
+ for FILE in *.pem
+ do
+ # no pem files so FILE gets set to the unexpanded *.pem
+ if ! [ -f ${FILE} ]
+ then
+ break
+ fi
+
+ check_file ${FILE}
+ local FILE_TYPE=${?}
+ local TYPE_STR=''
+
+ if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+ then
+ TYPE_STR='x509'
+ elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+ then
+ TYPE_STR='crl'
+ else
+ printf "WARNING: ${FILE} does not contain a certificate or CRL: skipping\n" >&2
+ continue
+ fi
+
+ link_hash ${FILE} ${TYPE_STR}
+ done
+}
+
+
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+ SSL_CMD=${OPENSSL}
+else
+ SSL_CMD=openssl
+ OPENSSL=${SSL_CMD}
+ export ${OPENSSL}
+fi
+
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+
+# confirm existance/executability of ssl command
+if ! [ -x $( which ${SSL_CMD} ) ]
+then
+ printf "${0}: rehashing skipped ('openssl' program not available)\n" >&2
+ exit 0
+fi
+
+# determine which directories to process
+# XXX: can't handle directories with spaces in names
+# XXX: ...use \n as dir separator and manipulate IFS?
+if [ ${#} -gt 0 ]
+then
+ DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+ DIRLIST=$( echo ${SSL_CERT_DIR} | tr ':' ' ' )
+else
+ DIRLIST=${DIR}/certs
+fi
+
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+ if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+ then
+ hash_dir ${CERT_DIR}
+ fi
+done
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssl102.git/commitdiff/9fc1b1b87b259e8a327c99835865e91a391efc9e
More information about the pld-cvs-commit
mailing list