• R/O
  • HTTP
  • SSH
  • HTTPS

Commit

Tags
No Tags

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

Commit MetaInfo

Revisionbdbcbde41da8e59f8edd4f3430adea87b26fec6d (tree)
Time2012-02-26 19:08:47
Authormatsuand <matsuand@user...>
Commitermatsuand

Log Message

Added cacerts.sh, git.sh.

Change Summary

Incremental Difference

--- /dev/null
+++ b/BLFS/cacerts.sh
@@ -0,0 +1,270 @@
1+#!/bin/sh
2+
3+TARGET=cacerts
4+TARGETDIR=$TARGET
5+
6+. ./_blfsset.sh
7+
8+echo Check Required...
9+./_checkRequired.sh openssl || exit 1
10+if test "$1" == "check"; then
11+ exit 0
12+fi
13+
14+if test "$1" == "check"; then
15+ exit 0
16+fi
17+
18+cd $SRC
19+
20+echo $TARGET
21+
22+echo \ \ Removing old directory...
23+rm -fr $TARGETDIR
24+
25+echo \ \ Creating directory
26+mkdir -pv $TARGETDIR
27+
28+cd $TARGETDIR
29+
30+cat > /bin/make-cert.pl << "EOF"
31+#!/usr/bin/perl -w
32+
33+# Used to generate PEM encoded files from Mozilla certdata.txt.
34+# Run as ./mkcrt.pl > certificate.crt
35+#
36+# Parts of this script courtesy of RedHat (mkcabundle.pl)
37+#
38+# This script modified for use with single file data (tempfile.cer) extracted
39+# from certdata.txt, taken from the latest version in the Mozilla NSS source.
40+# mozilla/security/nss/lib/ckfw/builtins/certdata.txt
41+#
42+# Authors: DJ Lucas
43+# Bruce Dubbs
44+#
45+# Version 20120211
46+
47+my $certdata = './tempfile.cer';
48+
49+open( IN, "cat $certdata|" )
50+ || die "could not open $certdata";
51+
52+my $incert = 0;
53+
54+while ( <IN> )
55+{
56+ if ( /^CKA_VALUE MULTILINE_OCTAL/ )
57+ {
58+ $incert = 1;
59+ open( OUT, "|openssl x509 -text -inform DER -fingerprint" )
60+ || die "could not pipe to openssl x509";
61+ }
62+
63+ elsif ( /^END/ && $incert )
64+ {
65+ close( OUT );
66+ $incert = 0;
67+ print "\n\n";
68+ }
69+
70+ elsif ($incert)
71+ {
72+ my @bs = split( /\\/ );
73+ foreach my $b (@bs)
74+ {
75+ chomp $b;
76+ printf( OUT "%c", oct($b) ) unless $b eq '';
77+ }
78+ }
79+}
80+EOF
81+
82+paco -p $TARGET "touch /bin/make-cert.pl"
83+chmod +x /bin/make-cert.pl
84+
85+cat > /bin/make-ca.sh << "EOF"
86+#!/bin/bash
87+# Begin make-ca.sh
88+# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs
89+#
90+# The file certdata.txt must exist in the local directory
91+# Version number is obtained from the version of the data.
92+#
93+# Authors: DJ Lucas
94+# Bruce Dubbs
95+#
96+# Version 20120211
97+
98+certdata="certdata.txt"
99+
100+if [ ! -r $certdata ]; then
101+ echo "$certdata must be in the local directory"
102+ exit 1
103+fi
104+
105+REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')
106+
107+if [ -z "${REVISION}" ]; then
108+ echo "$certfile has no 'Revision' in CVS_ID"
109+ exit 1
110+fi
111+
112+VERSION=$(echo $REVISION | cut -f2 -d" ")
113+
114+TEMPDIR=$(mktemp -d)
115+TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH"
116+BUNDLE="BLFS-ca-bundle-${VERSION}.crt"
117+CONVERTSCRIPT="make-cert.pl"
118+SSLDIR="/etc/ssl"
119+
120+mkdir "${TEMPDIR}/certs"
121+
122+# Get a list of staring lines for each cert
123+CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1)
124+
125+# Get a list of ending lines for each cert
126+CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1`
127+
128+# Start a loop
129+for certbegin in ${CERTBEGINLIST}; do
130+ for certend in ${CERTENDLIST}; do
131+ if test "${certend}" -gt "${certbegin}"; then
132+ break
133+ fi
134+ done
135+
136+ # Dump to a temp file with the name of the file as the beginning line number
137+ sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp"
138+done
139+
140+unset CERTBEGINLIST CERTDATA CERTENDLIST certebegin certend
141+
142+mkdir -p certs
143+rm certs/* # Make sure the directory is clean
144+
145+for tempfile in ${TEMPDIR}/certs/*.tmp; do
146+ # Make sure that the cert is trusted...
147+ grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \
148+ egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null
149+
150+ if test "${?}" = "0"; then
151+ # Throw a meaningful error and remove the file
152+ cp "${tempfile}" tempfile.cer
153+ "${CONVERTSCRIPT}" > tempfile.crt
154+ keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
155+ echo "Certificate ${keyhash} is not trusted! Removing..."
156+ rm -f tempfile.cer tempfile.crt "${tempfile}"
157+ continue
158+ fi
159+
160+ # If execution made it to here in the loop, the temp cert is trusted
161+ # Find the cert data and generate a cert file for it
162+
163+ cp "${tempfile}" tempfile.cer
164+ "${CONVERTSCRIPT}" > tempfile.crt
165+ keyhash=$(openssl x509 -noout -in tempfile.crt -hash)
166+ mv tempfile.crt "certs/${keyhash}.pem"
167+ rm -f tempfile.cer "${tempfile}"
168+ echo "Created ${keyhash}.pem"
169+done
170+
171+# Remove blacklisted files
172+# MD5 Collision Proof of Concept CA
173+if test -f certs/8f111d69.pem; then
174+ echo "Certificate 8f111d69 is not trusted! Removing..."
175+ rm -f certs/8f111d69.pem
176+fi
177+
178+# Finally, generate the bundle and clean up.
179+cat certs/*.pem > ${BUNDLE}
180+rm -r "${TEMPDIR}"
181+EOF
182+
183+paco -p+ $TARGET "touch /bin/make-ca.sh"
184+chmod +x /bin/make-ca.sh
185+
186+cat > /bin/remove-expired-certs.sh << "EOF"
187+#!/bin/bash
188+# Begin /bin/remove-expired-certs.sh
189+#
190+# Version 20120211
191+
192+# Make sure the date is parsed correctly on all systems
193+function mydate()
194+{
195+ local y=$( echo $1 | cut -d" " -f4 )
196+ local M=$( echo $1 | cut -d" " -f1 )
197+ local d=$( echo $1 | cut -d" " -f2 )
198+ local m
199+
200+ if [ ${d} -lt 10 ]; then d="0${d}"; fi
201+
202+ case $M in
203+ Jan) m="01";;
204+ Feb) m="02";;
205+ Mar) m="03";;
206+ Apr) m="04";;
207+ May) m="05";;
208+ Jun) m="06";;
209+ Jul) m="07";;
210+ Aug) m="08";;
211+ Sep) m="09";;
212+ Oct) m="10";;
213+ Nov) m="11";;
214+ Dec) m="12";;
215+ esac
216+
217+ certdate="${y}${m}${d}"
218+}
219+
220+OPENSSL=/usr/bin/openssl
221+DIR=/etc/ssl/certs
222+
223+if [ $# -gt 0 ]; then
224+ DIR="$1"
225+fi
226+
227+certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" )
228+today=$( date +%Y%m%d )
229+
230+for cert in $certs; do
231+ notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout )
232+ date=$( echo ${notafter} | sed 's/^notAfter=//' )
233+ mydate "$date"
234+
235+ if [ ${certdate} -lt ${today} ]; then
236+ echo "${cert} expired on ${certdate}! Removing..."
237+ rm -f "${cert}"
238+ fi
239+done
240+EOF
241+
242+paco -p+ $TARGET "touch /bin/remove-expired-certs.sh"
243+chmod +x /bin/remove-expired-certs.sh
244+
245+certhost='http://mxr.mozilla.org'
246+certdir='/mozilla/source/security/nss/lib/ckfw/builtins'
247+url="$certhost$certdir/certdata.txt?raw=1"
248+
249+wget --output-document certdata.txt $url
250+unset certhost certdir url
251+make-ca.sh
252+remove-expired-certs.sh certs
253+
254+SSLDIR=/etc/ssl
255+
256+paco -p+ $TARGET "\
257+install -d ${SSLDIR}/certs"
258+
259+paco -p+ $TARGET "\
260+cp -v certs/*.pem ${SSLDIR}/certs"
261+
262+c_rehash
263+
264+paco -p+ $TARGET "\
265+install BLFS-ca-bundle*.crt ${SSLDIR}/ca-bundle.crt"
266+
267+unset SSLDIR
268+
269+rm -r certs BLFS-ca-bundle*
270+
--- /dev/null
+++ b/BLFS/git.sh
@@ -0,0 +1,51 @@
1+#!/bin/sh
2+
3+. ./_blfsset.sh
4+
5+VER=1.7.9.2
6+TARGET=git-$VER
7+TARGETBALL=$TARGET.tar.gz
8+TARGETDIR=$TARGET
9+
10+echo Check Required...
11+./_checkRequired.sh openssl expat curl python || exit 1
12+if test "$1" == "check"; then
13+ exit 0
14+fi
15+
16+if test "$1" == "check"; then
17+ exit 0
18+fi
19+
20+cd $SRC
21+
22+echo $TARGET
23+
24+echo \ \ Removing old directory...
25+rm -fr $TARGETDIR
26+
27+echo \ \ Extracting...
28+tar xf $DLD/$TARGETBALL || (echo Tarball not found && exit 1)
29+
30+cd $TARGETDIR
31+
32+echo \ \ Configuring...
33+./configure --prefix=/usr \
34+ --sysconfdir=/etc \
35+ --libexecdir=/usr/lib \
36+ --with-openssl --with-curl --with-expat \
37+ 1> $LOG/$TARGET.1_conf.log 2>&1
38+
39+echo \ \ Making...
40+make \
41+ 1> $LOG/$TARGET.2_make.log 2>&1
42+
43+echo \ \ Installing...
44+paco -p $TARGET 'make install' \
45+ 1> $LOG/$TARGET.3_install.log 2>&1
46+
47+echo -n \ \ Pacoing:\ && paco -a1 | grep $TARGET || echo none
48+
49+echo \ \ Removing directory...
50+cd .. && rm -fr $TARGETDIR
51+