[ipfire-2.x.git] / config / ca-certificates / build.sh

#!/bin/bash

set -e

# Create file layout.
mkdir -pv certs
mkdir -pv /etc/pki/ca-trust/source
cp certdata.txt certs
cd certs

python3 ../certdata2pem.py

cd ..


cat <<EOF > ca-bundle.trust.p11-kit
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
# These certificates and trust/distrust attributes use the file format accepted
# by the p11-kit-trust module.
#
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
#
EOF


P11FILES=`find certs -name \*.tmp-p11-kit | wc -l`
if [ $P11FILES -ne 0 ]; then
  for p in certs/*.tmp-p11-kit; do 
    cat "$p" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
  done	
fi

cat <<EOF > ca-bundle.crt
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
# 
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
#
EOF

cat <<EOF > ca-bundle.trust.crt
# This is a bundle of X.509 certificates of public Certificate
# Authorities.  It was generated from the Mozilla root CA list.
# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
# format and have trust bits set accordingly.
#
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
#
EOF

trust extract --comment --filter=certificates --format=openssl-bundle --overwrite ca-bundle.trust
cat ca-bundle.trust >> ca-bundle.trust.crt

trust extract --comment --filter=ca-anchors --format=pem-bundle --overwrite --purpose server-auth ca-bundle
cat ca-bundle >> ca-bundle.crt


exit 0
Commit	Line	Data
f0aa99fb AF	1	#!/bin/bash
	2
	3	set -e
	4
	5	# Create file layout.
043abb98 AB	6	mkdir -pv certs
043abb98 AB	7	mkdir -pv /etc/pki/ca-trust/source
f574f9ea	8	cp certdata.txt certs
f0aa99fb AF	9	cd certs
f0aa99fb AF	10
043abb98	11	python3 ../certdata2pem.py
f0aa99fb AF	12
f0aa99fb AF	13	cd ..
043abb98 AB	14
	15
	16	cat <<EOF > ca-bundle.trust.p11-kit
	17	# This is a bundle of X.509 certificates of public Certificate
	18	# Authorities. It was generated from the Mozilla root CA list.
	19	# These certificates and trust/distrust attributes use the file format accepted
	20	# by the p11-kit-trust module.
	21	#
	22	# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
	23	#
	24	EOF
	25
	26
	27	P11FILES=`find certs -name \*.tmp-p11-kit \| wc -l`
	28	if [ $P11FILES -ne 0 ]; then
	29	for p in certs/*.tmp-p11-kit; do
	30	cat "$p" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
	31	done
	32	fi
	33
f0aa99fb AF	34	cat <<EOF > ca-bundle.crt
	35	# This is a bundle of X.509 certificates of public Certificate
	36	# Authorities. It was generated from the Mozilla root CA list.
	37	#
	38	# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
	39	#
	40	EOF
	41
	42	cat <<EOF > ca-bundle.trust.crt
	43	# This is a bundle of X.509 certificates of public Certificate
	44	# Authorities. It was generated from the Mozilla root CA list.
	45	# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
	46	# format and have trust bits set accordingly.
	47	#
	48	# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
	49	#
	50	EOF
	51
043abb98 AB	52	trust extract --comment --filter=certificates --format=openssl-bundle --overwrite ca-bundle.trust
043abb98 AB	53	cat ca-bundle.trust >> ca-bundle.trust.crt
f0aa99fb	54
043abb98 AB	55	trust extract --comment --filter=ca-anchors --format=pem-bundle --overwrite --purpose server-auth ca-bundle
043abb98 AB	56	cat ca-bundle >> ca-bundle.crt
f0aa99fb	57
f0aa99fb	58
043abb98	59	exit 0