1 |
darkside 10/09/28 14:04:54 |
2 |
|
3 |
Added: openssl-c_rehash.sh-rev-1.7 |
4 |
Log: |
5 |
QA: Fix SRC_URI of c_rehash and move it to FILESDIR, bug 339027 |
6 |
|
7 |
(Portage version: 2.1.9.9/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7 |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: openssl-c_rehash.sh-rev-1.7 |
16 |
=================================================================== |
17 |
#!/bin/sh |
18 |
# |
19 |
# Ben Secrest <blsecres@×××××.com> |
20 |
# |
21 |
# sh c_rehash script, scan all files in a directory |
22 |
# and add symbolic links to their hash values. |
23 |
# |
24 |
# based on the c_rehash perl script distributed with openssl |
25 |
# |
26 |
# LICENSE: See OpenSSL license |
27 |
# ^^acceptable?^^ |
28 |
# |
29 |
|
30 |
# default certificate location |
31 |
DIR=/etc/openssl |
32 |
|
33 |
# for filetype bitfield |
34 |
IS_CERT=$(( 1 << 0 )) |
35 |
IS_CRL=$(( 1 << 1 )) |
36 |
|
37 |
|
38 |
# check to see if a file is a certificate file or a CRL file |
39 |
# arguments: |
40 |
# 1. the filename to be scanned |
41 |
# returns: |
42 |
# bitfield of file type; uses ${IS_CERT} and ${IS_CRL} |
43 |
# |
44 |
check_file() |
45 |
{ |
46 |
local IS_TYPE=0 |
47 |
|
48 |
# make IFS a newline so we can process grep output line by line |
49 |
local OLDIFS=${IFS} |
50 |
IFS=$( printf "\n" ) |
51 |
|
52 |
# XXX: could be more efficient to have two 'grep -m' but is -m portable? |
53 |
for LINE in $( grep '^-----BEGIN .*-----' ${1} ) |
54 |
do |
55 |
if echo ${LINE} \ |
56 |
| grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' |
57 |
then |
58 |
IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) |
59 |
|
60 |
if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] |
61 |
then |
62 |
break |
63 |
fi |
64 |
elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' |
65 |
then |
66 |
IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) |
67 |
|
68 |
if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] |
69 |
then |
70 |
break |
71 |
fi |
72 |
fi |
73 |
done |
74 |
|
75 |
# restore IFS |
76 |
IFS=${OLDIFS} |
77 |
|
78 |
return ${IS_TYPE} |
79 |
} |
80 |
|
81 |
|
82 |
# |
83 |
# use openssl to fingerprint a file |
84 |
# arguments: |
85 |
# 1. the filename to fingerprint |
86 |
# 2. the method to use (x509, crl) |
87 |
# returns: |
88 |
# none |
89 |
# assumptions: |
90 |
# user will capture output from last stage of pipeline |
91 |
# |
92 |
fingerprint() |
93 |
{ |
94 |
${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' |
95 |
} |
96 |
|
97 |
|
98 |
# |
99 |
# link_hash - create links to certificate files |
100 |
# arguments: |
101 |
# 1. the filename to create a link for |
102 |
# 2. the type of certificate being linked (x509, crl) |
103 |
# returns: |
104 |
# 0 on success, 1 otherwise |
105 |
# |
106 |
link_hash() |
107 |
{ |
108 |
local FINGERPRINT=$( fingerprint ${1} ${2} ) |
109 |
local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) |
110 |
local SUFFIX=0 |
111 |
local LINKFILE='' |
112 |
local TAG='' |
113 |
|
114 |
if [ ${2} = "crl" ] |
115 |
then |
116 |
TAG='r' |
117 |
fi |
118 |
|
119 |
LINKFILE=${HASH}.${TAG}${SUFFIX} |
120 |
|
121 |
while [ -f ${LINKFILE} ] |
122 |
do |
123 |
if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] |
124 |
then |
125 |
echo "WARNING: Skipping duplicate file ${1}" >&2 |
126 |
return 1 |
127 |
fi |
128 |
|
129 |
SUFFIX=$(( ${SUFFIX} + 1 )) |
130 |
LINKFILE=${HASH}.${TAG}${SUFFIX} |
131 |
done |
132 |
|
133 |
echo "${1} => ${LINKFILE}" |
134 |
|
135 |
# assume any system with a POSIX shell will either support symlinks or |
136 |
# do something to handle this gracefully |
137 |
ln -s ${1} ${LINKFILE} |
138 |
|
139 |
return 0 |
140 |
} |
141 |
|
142 |
|
143 |
# hash_dir create hash links in a given directory |
144 |
hash_dir() |
145 |
{ |
146 |
echo "Doing ${1}" |
147 |
|
148 |
cd ${1} |
149 |
|
150 |
ls -1 * 2>/dev/null | while read FILE |
151 |
do |
152 |
if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ |
153 |
&& [ -h "${FILE}" ] |
154 |
then |
155 |
rm ${FILE} |
156 |
fi |
157 |
done |
158 |
|
159 |
ls -1 *.pem 2>/dev/null | while read FILE |
160 |
do |
161 |
check_file ${FILE} |
162 |
local FILE_TYPE=${?} |
163 |
local TYPE_STR='' |
164 |
|
165 |
if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] |
166 |
then |
167 |
TYPE_STR='x509' |
168 |
elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] |
169 |
then |
170 |
TYPE_STR='crl' |
171 |
else |
172 |
echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2 |
173 |
continue |
174 |
fi |
175 |
|
176 |
link_hash ${FILE} ${TYPE_STR} |
177 |
done |
178 |
} |
179 |
|
180 |
|
181 |
# choose the name of an ssl application |
182 |
if [ -n "${OPENSSL}" ] |
183 |
then |
184 |
SSL_CMD=$(which ${OPENSSL} 2>/dev/null) |
185 |
else |
186 |
SSL_CMD=/usr/bin/openssl |
187 |
OPENSSL=${SSL_CMD} |
188 |
export OPENSSL |
189 |
fi |
190 |
|
191 |
# fix paths |
192 |
PATH=${PATH}:${DIR}/bin |
193 |
export PATH |
194 |
|
195 |
# confirm existance/executability of ssl command |
196 |
if ! [ -x ${SSL_CMD} ] |
197 |
then |
198 |
echo "${0}: rehashing skipped ('openssl' program not available)" >&2 |
199 |
exit 0 |
200 |
fi |
201 |
|
202 |
# determine which directories to process |
203 |
old_IFS=$IFS |
204 |
if [ ${#} -gt 0 ] |
205 |
then |
206 |
IFS=':' |
207 |
DIRLIST=${*} |
208 |
elif [ -n "${SSL_CERT_DIR}" ] |
209 |
then |
210 |
DIRLIST=$SSL_CERT_DIR |
211 |
else |
212 |
DIRLIST=${DIR}/certs |
213 |
fi |
214 |
|
215 |
IFS=':' |
216 |
|
217 |
# process directories |
218 |
for CERT_DIR in ${DIRLIST} |
219 |
do |
220 |
if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] |
221 |
then |
222 |
IFS=$old_IFS |
223 |
hash_dir ${CERT_DIR} |
224 |
IFS=':' |
225 |
fi |
226 |
done |