ca-certificates-mozilla/compareoldnew

#!/bin/bash
# print fingerprints of new or changed certificates
set -e
cleanup()
{
	rm -rf new{,.files} old{,.files}
}
showcert()
{
	openssl x509 -in "$1" -noout -subject -fingerprint -nameopt multiline,utf8,-esc_msb \
	| sed -ne 's/ *commonName *= /   CN: /p; s/.*Fingerprint=/ sha1: /p'
}
cleanup
trap cleanup EXIT
mkdir old new
cd old
echo old...
VERBOSE=1 ../extractcerts.pl --trustbits < ../.osc/certdata.txt > tmp
sort < tmp > ../old.files
rm -f tmp
cd ..
cd new
echo new...
VERBOSE=1 ../extractcerts.pl --trustbits < ../certdata.txt > tmp
sort < tmp > ../new.files
rm -f tmp
cd ..
echo '----------------------------'
while read line; do
	IFS='#' eval set -- \$line
	old="$1"
	new="$2"
	common="$3"
	if [ -n "$old" ]; then
		echo "$old has been deleted"
	elif [ -n "$new" ]; then
		echo "new:   $new"
		showcert new/$new
	elif ! cmp "old/$common" "new/$common"; then
		echo "*** $common differs!"
		showcert old/$common
		showcert old/$common
	fi
done < <(comm --output-delimiter='#' old.files new.files)