]> git.ipfire.org Git - ipfire-2.x.git/blob - config/ca-certificates/build.sh
core126: Ship recently updated packages
[ipfire-2.x.git] / config / ca-certificates / build.sh
1 #!/bin/bash
2
3 set -e
4
5 # Create file layout.
6 mkdir -pv certs certs/legacy-default certs/legacy-disable
7 cp certdata.txt certs
8 cd certs
9
10 python ../certdata2pem.py
11
12 cd ..
13 cat <<EOF > ca-bundle.crt
14 # This is a bundle of X.509 certificates of public Certificate
15 # Authorities. It was generated from the Mozilla root CA list.
16 #
17 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
18 #
19 EOF
20
21 cat <<EOF > ca-bundle.trust.crt
22 # This is a bundle of X.509 certificates of public Certificate
23 # Authorities. It was generated from the Mozilla root CA list.
24 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
25 # format and have trust bits set accordingly.
26 #
27 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
28 #
29 EOF
30
31 for f in certs/*.crt; do
32 [ -z "${f}" ] && continue
33
34 tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
35 case "${tbits}" in
36 *serverAuth*)
37 openssl x509 -text -in "${f}" >> ca-bundle.crt
38 ;;
39 esac
40
41 if [ -n "$tbits" ]; then
42 targs=""
43 for t in ${tbits}; do
44 targs="${targs} -addtrust ${t}"
45 done
46
47 openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
48 fi
49 done
50
51 exit 0