]>
Commit | Line | Data |
---|---|---|
f0aa99fb AF |
1 | #!/bin/bash |
2 | ||
3 | set -e | |
4 | ||
5 | # Create file layout. | |
043abb98 AB |
6 | mkdir -pv certs |
7 | mkdir -pv /etc/pki/ca-trust/source | |
f574f9ea | 8 | cp certdata.txt certs |
f0aa99fb AF |
9 | cd certs |
10 | ||
043abb98 | 11 | python3 ../certdata2pem.py |
f0aa99fb AF |
12 | |
13 | cd .. | |
043abb98 AB |
14 | |
15 | ||
16 | cat <<EOF > ca-bundle.trust.p11-kit | |
17 | # This is a bundle of X.509 certificates of public Certificate | |
18 | # Authorities. It was generated from the Mozilla root CA list. | |
19 | # These certificates and trust/distrust attributes use the file format accepted | |
20 | # by the p11-kit-trust module. | |
21 | # | |
22 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
23 | # | |
24 | EOF | |
25 | ||
26 | ||
27 | P11FILES=`find certs -name \*.tmp-p11-kit | wc -l` | |
28 | if [ $P11FILES -ne 0 ]; then | |
29 | for p in certs/*.tmp-p11-kit; do | |
30 | cat "$p" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit | |
31 | done | |
32 | fi | |
33 | ||
f0aa99fb AF |
34 | cat <<EOF > ca-bundle.crt |
35 | # This is a bundle of X.509 certificates of public Certificate | |
36 | # Authorities. It was generated from the Mozilla root CA list. | |
37 | # | |
38 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
39 | # | |
40 | EOF | |
41 | ||
42 | cat <<EOF > ca-bundle.trust.crt | |
43 | # This is a bundle of X.509 certificates of public Certificate | |
44 | # Authorities. It was generated from the Mozilla root CA list. | |
45 | # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" | |
46 | # format and have trust bits set accordingly. | |
47 | # | |
48 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
49 | # | |
50 | EOF | |
51 | ||
043abb98 AB |
52 | trust extract --comment --filter=certificates --format=openssl-bundle --overwrite ca-bundle.trust |
53 | cat ca-bundle.trust >> ca-bundle.trust.crt | |
f0aa99fb | 54 | |
043abb98 AB |
55 | trust extract --comment --filter=ca-anchors --format=pem-bundle --overwrite --purpose server-auth ca-bundle |
56 | cat ca-bundle >> ca-bundle.crt | |
f0aa99fb | 57 | |
f0aa99fb | 58 | |
043abb98 | 59 | exit 0 |