48 lines
1.1 KiB
Plaintext
48 lines
1.1 KiB
Plaintext
|
#!/bin/bash
|
||
|
|
# print fingerprints of new or changed certificates
|
||
|
|
set -e
|
||
|
|
cleanup()
|
||
|
|
{
|
||
|
|
rm -rf new{,.files} old{,.files}
|
||
|
|
}
|
||
|
|
showcert()
|
||
|
|
{
|
||
|
|
openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
|
||
|
|
| sed -ne 's/ *commonName *= / CN=/p; s/.*Fingerprint=/ sha1=/p'
|
||
|
|
sed -ne '/^# \(openssl\|distrust\|alias\)/s/^#/ /p' < "$1"
|
||
|
|
}
|
||
|
|
cleanup
|
||
|
|
trap cleanup EXIT
|
||
|
|
mkdir old new
|
||
|
|
cd old
|
||
|
|
echo old...
|
||
|
|
ln -s ../.osc/certdata.txt
|
||
|
|
python3 ../certdata2pem.py > stdout 2> stderr
|
||
|
|
ls -1 cert-* | sort > ../old.files
|
||
|
|
cd ..
|
||
|
|
cd new
|
||
|
|
echo new...
|
||
|
|
ln -s ../certdata.txt
|
||
|
|
python3 ../certdata2pem.py > stdout 2> stderr
|
||
|
|
ls -1 cert-* | sort > ../new.files
|
||
|
|
cd ..
|
||
|
|
echo '----------------------------'
|
||
|
|
while read line; do
|
||
|
|
IFS='#' eval set -- \$line
|
||
|
|
old="$1"
|
||
|
|
new="$2"
|
||
|
|
common="$3"
|
||
|
|
if [ -n "$old" ]; then
|
||
|
|
echo "- $old"
|
||
|
|
showcert old/$old
|
||
|
|
elif [ -n "$new" ]; then
|
||
|
|
echo "+ $new"
|
||
|
|
showcert new/$new
|
||
|
|
elif ! cmp "old/$common" "new/$common"; then
|
||
|
|
echo "~ $common"
|
||
|
|
showcert old/$common
|
||
|
|
showcert new/$common
|
||
|
|
diff -u old/$common new/$common || true
|
||
|
|
fi
|
||
|
|
done < <(comm --output-delimiter='#' old.files new.files)
|