[gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-c_rehash.sh-rev-1.7 - gentoo-commits

From:	"Jeremy Olexa (darkside)" <darkside@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-c_rehash.sh-rev-1.7
Date:	Tue, 28 Sep 2010 14:04:57
Message-Id:	`20100928140454.5055A2005A@flycatcher.gentoo.org`

1

darkside    10/09/28 14:04:54

2

3

  Added:                openssl-c_rehash.sh-rev-1.7

4

  Log:

5

  QA: Fix SRC_URI of c_rehash and move it to FILESDIR, bug 339027

6

7

  (Portage version: 2.1.9.9/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.1                  dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&content-type=text/plain

14

15

Index: openssl-c_rehash.sh-rev-1.7

16

===================================================================

17

#!/bin/sh

18

#

19

# Ben Secrest <blsecres@×××××.com>

20

#

21

# sh c_rehash script, scan all files in a directory

22

# and add symbolic links to their hash values.

23

#

24

# based on the c_rehash perl script distributed with openssl

25

#

26

# LICENSE: See OpenSSL license

27

# ^^acceptable?^^

28

#

29

30

# default certificate location

31

DIR=/etc/openssl

32

33

# for filetype bitfield

34

IS_CERT=$(( 1 << 0 ))

35

IS_CRL=$(( 1 << 1 ))

36

37

38

# check to see if a file is a certificate file or a CRL file

39

# arguments:

40

#       1. the filename to be scanned

41

# returns:

42

#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}

43

#

44

check_file()

45

{

46

    local IS_TYPE=0

47

48

    # make IFS a newline so we can process grep output line by line

49

    local OLDIFS=${IFS}

50

    IFS=$( printf "\n" )

51

52

    # XXX: could be more efficient to have two 'grep -m' but is -m portable?

53

    for LINE in $( grep '^-----BEGIN .*-----' ${1} )

54

do

55

	if echo ${LINE} \

56

	    | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'

57

	then

58

	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))

59

60

	    if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]

61

	    then

62

	    	break

63

fi

64

	elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'

65

	then

66

	    IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))

67

68

	    if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]

69

	    then

70

	    	break

71

fi

72

fi

73

    done

74

75

    # restore IFS

76

    IFS=${OLDIFS}

77

78

    return ${IS_TYPE}

79

}

80

81

82

#

83

# use openssl to fingerprint a file

84

#    arguments:

85

#	1. the filename to fingerprint

86

#	2. the method to use (x509, crl)

87

#    returns:

88

#	none

89

#    assumptions:

90

#	user will capture output from last stage of pipeline

91

#

92

fingerprint()

93

{

94

    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'

95

}

96

97

98

#

99

# link_hash - create links to certificate files

100

#    arguments:

101

#       1. the filename to create a link for

102

#	2. the type of certificate being linked (x509, crl)

103

#    returns:

104

#	0 on success, 1 otherwise

105

#

106

link_hash()

107

{

108

    local FINGERPRINT=$( fingerprint ${1} ${2} )

109

    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )

110

    local SUFFIX=0

111

    local LINKFILE=''

112

    local TAG=''

113

114

    if [ ${2} = "crl" ]

115

    then

116

    	TAG='r'

117

fi

118

119

    LINKFILE=${HASH}.${TAG}${SUFFIX}

120

121

    while [ -f ${LINKFILE} ]

122

do

123

	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]

124

	then

125

	    echo "WARNING: Skipping duplicate file ${1}" >&2

126

	    return 1

127

fi

128

129

	SUFFIX=$(( ${SUFFIX} + 1 ))

130

	LINKFILE=${HASH}.${TAG}${SUFFIX}

131

    done

132

133

    echo "${1} => ${LINKFILE}"

134

135

    # assume any system with a POSIX shell will either support symlinks or

136

    # do something to handle this gracefully

137

    ln -s ${1} ${LINKFILE}

138

139

    return 0

140

}

141

142

143

# hash_dir create hash links in a given directory

144

hash_dir()

145

{

146

    echo "Doing ${1}"

147

148

    cd ${1}

149

150

    ls -1 * 2>/dev/null | while read FILE

151

do

152

        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \

153

	    	&& [ -h "${FILE}" ]

154

        then

155

            rm ${FILE}

156

fi

157

    done

158

159

    ls -1 *.pem 2>/dev/null | while read FILE

160

do

161

	check_file ${FILE}

162

        local FILE_TYPE=${?}

163

	local TYPE_STR=''

164

165

        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]

166

        then

167

            TYPE_STR='x509'

168

        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]

169

        then

170

            TYPE_STR='crl'

171

        else

172

            echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2

173

	    continue

174

fi

175

176

	link_hash ${FILE} ${TYPE_STR}

177

    done

178

}

179

180

181

# choose the name of an ssl application

182

if [ -n "${OPENSSL}" ]

183

then

184

    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)

185

else

186

    SSL_CMD=/usr/bin/openssl

187

    OPENSSL=${SSL_CMD}

188

    export OPENSSL

189

fi

190

191

# fix paths

192

PATH=${PATH}:${DIR}/bin

193

export PATH

194

195

# confirm existance/executability of ssl command

196

if ! [ -x ${SSL_CMD} ]

197

then

198

    echo "${0}: rehashing skipped ('openssl' program not available)" >&2

199

    exit 0

200

fi

201

202

# determine which directories to process

203

old_IFS=$IFS

204

if [ ${#} -gt 0 ]

205

then

206

    IFS=':'

207

    DIRLIST=${*}

208

elif [ -n "${SSL_CERT_DIR}" ]

209

then

210

    DIRLIST=$SSL_CERT_DIR

211

else

212

    DIRLIST=${DIR}/certs

213

fi

214

215

IFS=':'

216

217

# process directories

218

for CERT_DIR in ${DIRLIST}

219

do

220

    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]

221

    then

222

        IFS=$old_IFS

223

        hash_dir ${CERT_DIR}

224

        IFS=':'

225

fi

226

done

1	darkside 10/09/28 14:04:54
2
3	Added: openssl-c_rehash.sh-rev-1.7
4	Log:
5	QA: Fix SRC_URI of c_rehash and move it to FILESDIR, bug 339027
6
7	(Portage version: 2.1.9.9/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.1 dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-c_rehash.sh-rev-1.7?rev=1.1&content-type=text/plain
14
15	Index: openssl-c_rehash.sh-rev-1.7
16	===================================================================
17	#!/bin/sh
18	#
19	# Ben Secrest <blsecres@×××××.com>
20	#
21	# sh c_rehash script, scan all files in a directory
22	# and add symbolic links to their hash values.
23	#
24	# based on the c_rehash perl script distributed with openssl
25	#
26	# LICENSE: See OpenSSL license
27	# ^^acceptable?^^
28	#
29
30	# default certificate location
31	DIR=/etc/openssl
32
33	# for filetype bitfield
34	IS_CERT=$(( 1 << 0 ))
35	IS_CRL=$(( 1 << 1 ))
36
37
38	# check to see if a file is a certificate file or a CRL file
39	# arguments:
40	# 1. the filename to be scanned
41	# returns:
42	# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
43	#
44	check_file()
45	{
46	local IS_TYPE=0
47
48	# make IFS a newline so we can process grep output line by line
49	local OLDIFS=${IFS}
50	IFS=$( printf "\n" )
51
52	# XXX: could be more efficient to have two 'grep -m' but is -m portable?
53	for LINE in $( grep '^-----BEGIN .*-----' ${1} )
54	do
55	if echo ${LINE} \
56	\| grep -q -E '^-----BEGIN (X509 \|TRUSTED )?CERTIFICATE-----'
57	then
58	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CERT} ))
59
60	if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
61	then
62	break
63	fi
64	elif echo ${LINE} \| grep -q '^-----BEGIN X509 CRL-----'
65	then
66	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CRL} ))
67
68	if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
69	then
70	break
71	fi
72	fi
73	done
74
75	# restore IFS
76	IFS=${OLDIFS}
77
78	return ${IS_TYPE}
79	}
80
81
82	#
83	# use openssl to fingerprint a file
84	# arguments:
85	# 1. the filename to fingerprint
86	# 2. the method to use (x509, crl)
87	# returns:
88	# none
89	# assumptions:
90	# user will capture output from last stage of pipeline
91	#
92	fingerprint()
93	{
94	${SSL_CMD} ${2} -fingerprint -noout -in ${1} \| sed 's/^.*=//' \| tr -d ':'
95	}
96
97
98	#
99	# link_hash - create links to certificate files
100	# arguments:
101	# 1. the filename to create a link for
102	# 2. the type of certificate being linked (x509, crl)
103	# returns:
104	# 0 on success, 1 otherwise
105	#
106	link_hash()
107	{
108	local FINGERPRINT=$( fingerprint ${1} ${2} )
109	local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
110	local SUFFIX=0
111	local LINKFILE=''
112	local TAG=''
113
114	if [ ${2} = "crl" ]
115	then
116	TAG='r'
117	fi
118
119	LINKFILE=${HASH}.${TAG}${SUFFIX}
120
121	while [ -f ${LINKFILE} ]
122	do
123	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
124	then
125	echo "WARNING: Skipping duplicate file ${1}" >&2
126	return 1
127	fi
128
129	SUFFIX=$(( ${SUFFIX} + 1 ))
130	LINKFILE=${HASH}.${TAG}${SUFFIX}
131	done
132
133	echo "${1} => ${LINKFILE}"
134
135	# assume any system with a POSIX shell will either support symlinks or
136	# do something to handle this gracefully
137	ln -s ${1} ${LINKFILE}
138
139	return 0
140	}
141
142
143	# hash_dir create hash links in a given directory
144	hash_dir()
145	{
146	echo "Doing ${1}"
147
148	cd ${1}
149
150	ls -1 * 2>/dev/null \| while read FILE
151	do
152	if echo ${FILE} \| grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
153	&& [ -h "${FILE}" ]
154	then
155	rm ${FILE}
156	fi
157	done
158
159	ls -1 *.pem 2>/dev/null \| while read FILE
160	do
161	check_file ${FILE}
162	local FILE_TYPE=${?}
163	local TYPE_STR=''
164
165	if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
166	then
167	TYPE_STR='x509'
168	elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
169	then
170	TYPE_STR='crl'
171	else
172	echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
173	continue
174	fi
175
176	link_hash ${FILE} ${TYPE_STR}
177	done
178	}
179
180
181	# choose the name of an ssl application
182	if [ -n "${OPENSSL}" ]
183	then
184	SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
185	else
186	SSL_CMD=/usr/bin/openssl
187	OPENSSL=${SSL_CMD}
188	export OPENSSL
189	fi
190
191	# fix paths
192	PATH=${PATH}:${DIR}/bin
193	export PATH
194
195	# confirm existance/executability of ssl command
196	if ! [ -x ${SSL_CMD} ]
197	then
198	echo "${0}: rehashing skipped ('openssl' program not available)" >&2
199	exit 0
200	fi
201
202	# determine which directories to process
203	old_IFS=$IFS
204	if [ ${#} -gt 0 ]
205	then
206	IFS=':'
207	DIRLIST=${*}
208	elif [ -n "${SSL_CERT_DIR}" ]
209	then
210	DIRLIST=$SSL_CERT_DIR
211	else
212	DIRLIST=${DIR}/certs
213	fi
214
215	IFS=':'
216
217	# process directories
218	for CERT_DIR in ${DIRLIST}
219	do
220	if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
221	then
222	IFS=$old_IFS
223	hash_dir ${CERT_DIR}
224	IFS=':'
225	fi
226	done

Gentoo Archives: gentoo-commits