]> git.ipfire.org Git - ipfire-2.x.git/blame - config/ca-certificates/build.sh
core126: Ship recently updated packages
[ipfire-2.x.git] / config / ca-certificates / build.sh
CommitLineData
f0aa99fb
AF
1#!/bin/bash
2
3set -e
4
5# Create file layout.
6mkdir -pv certs certs/legacy-default certs/legacy-disable
f574f9ea 7cp certdata.txt certs
f0aa99fb
AF
8cd certs
9
10python ../certdata2pem.py
11
12cd ..
13cat <<EOF > ca-bundle.crt
14# This is a bundle of X.509 certificates of public Certificate
15# Authorities. It was generated from the Mozilla root CA list.
16#
17# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
18#
19EOF
20
21cat <<EOF > ca-bundle.trust.crt
22# This is a bundle of X.509 certificates of public Certificate
23# Authorities. It was generated from the Mozilla root CA list.
24# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
25# format and have trust bits set accordingly.
26#
27# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
28#
29EOF
30
31for f in certs/*.crt; do
32 [ -z "${f}" ] && continue
33
34 tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
35 case "${tbits}" in
36 *serverAuth*)
37 openssl x509 -text -in "${f}" >> ca-bundle.crt
38 ;;
39 esac
40
41 if [ -n "$tbits" ]; then
42 targs=""
43 for t in ${tbits}; do
44 targs="${targs} -addtrust ${t}"
45 done
46
47 openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
48 fi
49done
50
51exit 0