python-httplib2/certbundle.run

#!/bin/bash
# vim: syntax=sh

shopt -s nullglob

cafile=${1:-/etc/ssl/ca-bundle.pem}
cadir="/etc/ssl/certs"

for i in "$@"; do
	if [ "$i" = "-f" ]; then
		fresh=1
	elif [ "$i" = "-v" ]; then
		verbose=1
	fi
done

if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then
	exit 0
fi
echo "creating $cafile ..."
cat > "$cafile.new" <<EOF
#
# automatically created by $0. Do not edit!
#
# Use of this file is deprecated and should only be used as last
# resort by applications that cannot parse the $cadir directory.
# You should avoid hardcoding any paths in applications anyways though.
# Use e.g.
# SSL_CTX_set_default_verify_paths() instead.
#
EOF
for i in "$cadir"/*.pem; do
	# only include certificates trusted for server auth
	if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
		trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
		case "$trust" in
			*serverAuth*) ;;
			*) [ -z "$verbose" ] || echo "skipping $i" >&2; continue ;;
		esac
	fi
	openssl x509 -in "$i"
done >> "$cafile.new"
mv "$cafile.new" "$cafile"
- Change the mechanism to use system-wide CA certificates: + on openSUSE, use the (new) upstream ca_certs_locater mechanism and don't ship a private copy of Mozilla's CA certs file + on SLES, regenerate cacerts.txt from /etc/ssl/certs when httplib2 is installed and/or openssl-certs is installed/updated OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-httplib2?expand=0&rev=38 2013-07-03 08:20:25 +00:00			`#!/bin/bash`
			`# vim: syntax=sh`

			`shopt -s nullglob`

			`cafile=${1:-/etc/ssl/ca-bundle.pem}`
			`cadir="/etc/ssl/certs"`

			`for i in "$@"; do`
			`if [ "$i" = "-f" ]; then`
			`fresh=1`
			`elif [ "$i" = "-v" ]; then`
			`verbose=1`
			`fi`
			`done`

			`if [ -z "$fresh" -a "$cafile" -nt "$cadir" ]; then`
			`exit 0`
			`fi`
			`echo "creating $cafile ..."`
			`cat > "$cafile.new" <<EOF`
			`#`
			`# automatically created by $0. Do not edit!`
			`#`
			`# Use of this file is deprecated and should only be used as last`
			`# resort by applications that cannot parse the $cadir directory.`
			`# You should avoid hardcoding any paths in applications anyways though.`
			`# Use e.g.`
			`# SSL_CTX_set_default_verify_paths() instead.`
			`#`
			`EOF`
			`for i in "$cadir"/*.pem; do`
			`# only include certificates trusted for server auth`
			`if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then`
			trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
			`case "$trust" in`
			`serverAuth) ;;`
			`*) [ -z "$verbose" ] \|\| echo "skipping $i" >&2; continue ;;`
			`esac`
			`fi`
			`openssl x509 -in "$i"`
			`done >> "$cafile.new"`
			`mv "$cafile.new" "$cafile"`