X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id A8E69DC05A4 for ; Mon, 4 May 2015 11:48:34 +0000 (UTC) Received: from mail-qc0-f176.google.com (mail-qc0-f176.google.com [209.85.216.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 6FA33DC01C2 for ; Mon, 4 May 2015 11:48:29 +0000 (UTC) Received: by qcbgu10 with SMTP id gu10so29733096qcb.2 for ; Mon, 04 May 2015 04:48:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=uEd8warAdn/wQt1yieiWZEGRlfTSIIQ8eJ6oxZBRZWQ=; b=JdrA2bMbvXFN0WGN1ohCa1OL9LErEMTYNNeZ4JeNy4Qm6q9gOb/gcTb4KZIayAslTd 4xZGNIYt/ECHkR7DhLJS9LNtuns1X2n4nqiAFk/agNXuriCnKciWmVWfG30adsjN5P6e PXluwEXFySsMl7SyT6GXOj9zlSsO8U0bizUZ41fJK8jkC/+mkh03+w4iZTJOp1In6Qz1 XeETLFNh698MZJyCaLqrSC2fNfyBqXQbTdS0sR2c9AObMjj8hOSrKuq6Qlj8arjmXPGG oypu+BszYvXk5wvaVy5tAwCxeALF/SDtoncxQ9UNr39jY5UErrObPRKMrj9/urKNgQ/A yFEQ== X-Gm-Message-State: ALoCoQmwoBNs3jDNClqwnhaImhNkNKa6sGQYBykpWx814YFPa9rGaUgSHeRr2rjoWwO7OU4AR4mH X-Received: by 10.55.22.139 with SMTP id 11mr44284689qkw.94.1430740108617; Mon, 04 May 2015 04:48:28 -0700 (PDT) Received: from [192.168.1.101] ([191.33.104.136]) by mx.google.com with ESMTPSA id 106sm9681532qge.22.2015.05.04.04.48.26 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 04 May 2015 04:48:28 -0700 (PDT) Subject: Re: [alpine-aports] [PATCH] main/ca-certificates: change update-ca-certificates lua script to a shell script X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Content-Type: multipart/alternative; boundary="Apple-Mail=_6AD71730-0E5A-423B-9B78-7B4532E511E6" From: Ramon Soares X-Priority: 3 In-Reply-To: Date: Mon, 4 May 2015 08:48:26 -0300 Cc: alpine-aports@lists.alpinelinux.org Message-Id: References: <1430652096-4857-1-git-send-email-ramon@codecraft63.com> To: timo.teras@gmail.com X-Mailer: Apple Mail (2.2070.6) X-Virus-Scanned: ClamAV using ClamSMTP --Apple-Mail=_6AD71730-0E5A-423B-9B78-7B4532E511E6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Is really necessary to have performance in this script?=20 To a script that should have little use, I believe the dependency of = other packages to be unnecessary. -- Ramon Soares ramon@codecraft63.com CodeCraft http://www.codecraft63.com.br/ +55 (71) 9162-1704 +55 (71) 3387-3814 > On May 3, 2015, at 11:02 AM, timo.teras@gmail.com wrote: >=20 > Nak. >=20 > We had shell script earlier but it was slow. I wrote lua script to fix = performance. >=20 > Either add features you need to the lua version. Or if you dont like = lua dependency (which really is small) the alternative is C rewrite. >=20 > See git log and issue tracker for details. >=20 > On Sun May 3 14:21:36 2015 GMT+0300, Ramon Soares wrote: >> --- >> main/ca-certificates/APKBUILD | 10 +- >> main/ca-certificates/update-ca-certificates | 250 = ++++++++++++++++++---------- >> 2 files changed, 168 insertions(+), 92 deletions(-) >>=20 >> diff --git a/main/ca-certificates/APKBUILD = b/main/ca-certificates/APKBUILD >> index 2db2af0..8f344f1 100644 >> --- a/main/ca-certificates/APKBUILD >> +++ b/main/ca-certificates/APKBUILD >> @@ -7,12 +7,12 @@ _nmu=3D"+nmu${pkgver#*_p}" >> [ "$_nmu" =3D "+nmu${pkgver}" ] && _nmu=3D"" >> _ver=3D${pkgver} >>=20 >> -pkgrel=3D1 >> +pkgrel=3D2 >> pkgdesc=3D"Common CA certificates PEM files" >> url=3D"http://packages.debian.org/sid/ca-certificates" >> arch=3D"noarch" >> license=3D"MPL 2.0 GPL2+" >> -depends=3D"run-parts openssl lua5.2 lua5.2-posix" >> +depends=3D"run-parts openssl" >> makedepends=3D"python" >> subpackages=3D"$pkgname-doc" >> options=3D"!fhs" >> @@ -62,8 +62,8 @@ EOF >> } >>=20 >> md5sums=3D"f619282081c8bfc65ea64c37fa5285ed = ca-certificates_20141019.tar.xz >> -bb24a9e2caf6150053a981e617a209a9 update-ca-certificates" >> +5d3218ff481e9236fc217080e325c2ca update-ca-certificates" >> = sha256sums=3D"684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1e= b73a ca-certificates_20141019.tar.xz >> -4f109a22d74ef36f691933716a83c015b8475ed4e47d21bd0d7f8baef4de046b = update-ca-certificates" >> +aa7d262788b36ff786ff94055b3f5d23d588a35e59aecd767fb31f9c75985fa8 = update-ca-certificates" >> = sha512sums=3D"5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670= b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b = ca-certificates_20141019.tar.xz >> = -dadf046999f226cef0b14bd9014e59f04fa05a984339ff84940a2beb0f33f70bc921233d2= 2291a294f9366c67989f5d337febd1832574c2e28317c14de84ff00 = update-ca-certificates" >> = +5104acd36b623a6cf65f13a1ce542d57fa9aeec351d46bc535c220007c876b1d1790a85d3= c51da9b723778e8a3dac18f1d90833268a2e4bf2f29a831a64a903b = update-ca-certificates" >> diff --git a/main/ca-certificates/update-ca-certificates = b/main/ca-certificates/update-ca-certificates >> index 53f45df..5375950 100755 >> --- a/main/ca-certificates/update-ca-certificates >> +++ b/main/ca-certificates/update-ca-certificates >> @@ -1,87 +1,163 @@ >> -#!/usr/bin/lua5.2 >> - >> -local CERTSDIR=3D'/usr/share/ca-certificates/' >> -local LOCALCERTSDIR=3D'/usr/local/share/ca-certificates/' >> -local ETCCERTSDIR=3D'/etc/ssl/certs/' >> -local CERTBUNDLE=3D'ca-certificates.crt' >> -local CERTSCONF=3D'/etc/ca-certificates.conf' >> - >> -local posix =3D require 'posix' >> -function string.begins(str, prefix) return = str:sub(1,#prefix)=3D=3Dprefix end >> - >> -local function add(fn, out, links) >> - -- Map fn to file in etc >> - local pem =3D "ca-cert-"..fn:gsub('.*/', = ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=3D')..".pem" >> - links[pem] =3D fn >> - -- Read the certificate for the bundle >> - local f =3D io.open(fn, "rb") >> - if f ~=3D nil then >> - local content =3D f:read("*all") >> - f:close() >> - out:write(content) >> - if content:sub(-1) ~=3D '\n' then out:write('\n') end >> - end >> -end >> - >> -local calinks =3D {} >> -local cacerts =3D {} >> - >> -local fd, tmpfile =3D posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') >> -if not fd then >> - print("Failed to open temporary file for ca bundle") >> - return 1 >> -end >> -posix.close(fd) >> -posix.chmod(tmpfile, "rw-r--r--") >> -local bundle =3D io.open(tmpfile, "wb") >> - >> --- Handle global CA certs from config file >> -for l in io.lines(CERTSCONF) do >> - local firstchar =3D l:sub(1,1) >> - if firstchar ~=3D "#" and firstchar ~=3D "!" then >> - add(CERTSDIR..l, bundle, calinks) >> - end >> -end >> - >> --- Handle local CA certificates >> -local certlist =3D posix.glob(LOCALCERTSDIR..'*.crt') >> -if certlist ~=3D nil then >> - table.sort(certlist) >> - for f in pairs(certlist) do >> - local fn =3D LOCALCERTSDIR..f >> - if posix.stat(fn, 'type') =3D=3D 'regular' then >> - add(fn, bundle, calinks) >> - end >> - end >> -end >> - >> --- Update etc cert dir for additions and deletions >> -local f, target >> -for f in posix.files(ETCCERTSDIR) do >> - local fn =3D ETCCERTSDIR..f >> - if posix.stat(fn, 'type') =3D=3D 'link' then >> - local curtgt =3D posix.readlink(fn) >> - local target =3D calinks[f] >> - if target =3D=3D nil then >> - -- Symlink exists but is not wanted >> - -- Delete it if it points to 'our' directory >> - if curtgt:begins(CERTSDIR) or = curtgt:begins(LOCALCERTSDIR) then >> - os.remove(fn) >> - end >> - elseif curtgt ~=3D target then >> - -- Symlink exists but points wrong >> - posix.link(target, ETCCERTSDIR..f, true) >> - else >> - -- Symlink exists and is ok >> - calinks[f] =3D nil >> - end >> - end >> -end >> -for f, target in pairs(calinks) do >> - posix.link(target, ETCCERTSDIR..f, true) >> -end >> - >> --- Update hashes and the bundle >> -bundle:close() >> -os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) >> -os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null") >> +#!/bin/sh -e >> +# >> +# update-ca-certificates >> +# >> +# Copyright (c) 2003 Fumitoshi UKAI >> +# Copyright (c) 2009 Philipp Kern >> +#=20 >> +# This program is free software; you can redistribute it and/or = modify >> +# it under the terms of the GNU General Public License as published = by >> +# the Free Software Foundation; either version 2 of the License, or >> +# (at your option) any later version. >> +# >> +# This program is distributed in the hope that it will be useful, >> +# but WITHOUT ANY WARRANTY; without even the implied warranty of >> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >> +# GNU General Public License for more details. >> +# >> +# You should have received a copy of the GNU General Public License >> +# along with this program; if not, write to the Free Software >> +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA = 02111-1301, >> +# USA. >> +# >> + >> +verbose=3D0 >> +fresh=3D0 >> +while [ $# -gt 0 ]; >> +do >> + case $1 in >> + --verbose|-v) >> + verbose=3D1;; >> + --fresh|-f) >> + fresh=3D1;; >> + --help|-h|*) >> + echo "$0: [--verbose] [--fresh]" >> + exit;; >> + esac >> + shift >> +done >> + >> +CERTSCONF=3D/etc/ca-certificates.conf >> +CERTSDIR=3D/usr/share/ca-certificates >> +LOCALCERTSDIR=3D/usr/local/share/ca-certificates >> +CERTBUNDLE=3Dca-certificates.crt >> +ETCCERTSDIR=3D/etc/ssl/certs >> + >> +cleanup() { >> + rm -f "$TEMPBUNDLE" >> + rm -f "$ADDED" >> + rm -f "$REMOVED" >> +} >> +trap cleanup 0 >> + >> +# Helper files. (Some of them are not simple arrays because we = spawn >> +# subshells later on.) >> +TEMPBUNDLE=3D"$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")" >> +ADDED=3D"$(mktemp -t "ca-certificates.tmp.XXXXXX")" >> +REMOVED=3D"$(mktemp -t "ca-certificates.tmp.XXXXXX")" >> + >> +# Adds a certificate to the list of trusted ones. This includes a = symlink >> +# in /etc/ssl/certs to the certificate file and its inclusion into = the >> +# bundle. >> +add() { >> + CERT=3D"$1" >> + PEM=3D"$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ >> + -e 's/[()]/=3D/g' = \ >> + -e 's/,/_/g').pem" >> + if ! test -e "$PEM" || [ "$(readlink "$PEM")" !=3D "$CERT" ] >> + then >> + ln -sf "$CERT" "$PEM" >> + echo +$PEM >> "$ADDED" >> + fi >> + cat "$CERT" >> "$TEMPBUNDLE" >> +} >> + >> +remove() { >> + CERT=3D"$1" >> + PEM=3D"$ETCCERTSDIR/$(basename "$CERT" .crt).pem" >> + if test -L "$PEM" >> + then >> + rm -f "$PEM" >> + echo -$PEM >> "$REMOVED" >> + fi >> +} >> + >> +cd $ETCCERTSDIR >> +if [ "$fresh" =3D 1 ]; then >> + echo -n "Clearing symlinks in $ETCCERTSDIR..." >> + find . -type l -print | while read symlink >> + do >> + case $(readlink $symlink) in >> + $CERTSDIR*) rm -f $symlink;; >> + esac >> + done >> + find . -type l -print | while read symlink >> + do >> + test -f $symlink || rm -f $symlink >> + done >> + echo "done." >> +fi >> + >> +echo -n "Updating certificates in $ETCCERTSDIR... " >> + >> +# Handle certificates that should be removed. This is an explicit = act >> +# by prefixing lines in the configuration files with exclamation = marks (!). >> +sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt >> +do >> + remove "$CERTSDIR/$crt" >> +done >> + >> +sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt >> +do >> + if ! test -f "$CERTSDIR/$crt" >> + then >> + echo "W: $CERTSDIR/$crt not found, but listed in $CERTSCONF." = >&2 >> + continue >> + fi >> + add "$CERTSDIR/$crt" >> +done >> + >> +# Now process certificate authorities installed by the local system >> +# administrator. >> +if [ -d "$LOCALCERTSDIR" ] >> +then >> + find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read crt >> + do >> + add "$crt" >> + done >> +fi >> + >> +rm -f "$CERTBUNDLE" >> + >> +ADDED_CNT=3D$(wc -l < "$ADDED") >> +REMOVED_CNT=3D$(wc -l < "$REMOVED") >> + >> +if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] >> +then >> + # only run if set of files has changed >> + if [ "$verbose" =3D 0 ] >> + then >> + c_rehash . > /dev/null >> + else >> + c_rehash . >> + fi >> +fi >> + >> +chmod 0644 "$TEMPBUNDLE" >> +mv -f "$TEMPBUNDLE" "$CERTBUNDLE" >> + >> +echo "$ADDED_CNT added, $REMOVED_CNT removed; done." >> + >> +HOOKSDIR=3D/etc/ca-certificates/update.d >> +echo -n "Running hooks in $HOOKSDIR...." >> +VERBOSE_ARG=3D >> +[ "$verbose" =3D 0 ] || VERBOSE_ARG=3D--verbose >> +eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook >> +do >> + ( cat $ADDED >> + cat $REMOVED ) | $hook || echo E: $hook exited with code $?. >> +done >> +echo "done." >> + >> +# vim:set et sw=3D2: >> + >> --=20 >> 2.3.7 >>=20 >>=20 >>=20 >> --- >> Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org >> Help: alpine-aports+help@lists.alpinelinux.org >> --- >>=20 --Apple-Mail=_6AD71730-0E5A-423B-9B78-7B4532E511E6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Is really necessary to have performance in this = script? 

To a = script that should have little use, I believe the dependency of other = packages to be unnecessary.

--
Ramon Soares
ramon@codecraft63.com

CodeCraft
http://www.codecraft63.com.br/

+55 (71) 9162-1704
+55 = (71) 3387-3814


On May 3, 2015, at 11:02 AM, timo.teras@gmail.com = wrote:

Nak.

We had shell script earlier = but it was slow. I wrote lua script to fix performance.

Either add features you need to the lua version. Or if you = dont like lua dependency (which really is small) the alternative is C = rewrite.

See git log and issue tracker for = details.

On Sun May 3 14:21:36 2015 = GMT+0300, Ramon Soares wrote:
---
main/ca-certificates/APKBUILD =             &n= bsp; |  10 +-
= main/ca-certificates/update-ca-certificates | 250 = ++++++++++++++++++----------
2 files changed, 168 = insertions(+), 92 deletions(-)

diff --git = a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 2db2af0..8f344f1 100644
--- = a/main/ca-certificates/APKBUILD
+++ = b/main/ca-certificates/APKBUILD
@@ -7,12 +7,12 @@ = _nmu=3D"+nmu${pkgver#*_p}"
[ "$_nmu" =3D "+nmu${pkgver}" = ] && _nmu=3D""
_ver=3D${pkgver}

-pkgrel=3D1
+pkgrel=3D2
= pkgdesc=3D"Common CA certificates PEM files"
url=3D"http://packages.debian.org/sid/ca-certificates"
arch=3D"noarch"
license=3D"MPL 2.0 GPL2+"
-depends=3D"run-parts openssl lua5.2 lua5.2-posix"
+depends=3D"run-parts openssl"
= makedepends=3D"python"
subpackages=3D"$pkgname-doc"
options=3D"!fhs"
@@ -62,8 +62,8 @@ EOF
}

= md5sums=3D"f619282081c8bfc65ea64c37fa5285ed =  ca-certificates_20141019.tar.xz
-bb24a9e2caf6150053a981e617a209a9 =  update-ca-certificates"
+5d3218ff481e9236fc217080e325c2ca =  update-ca-certificates"
= sha256sums=3D"684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1e= b73a  ca-certificates_20141019.tar.xz
-4f109a22d74ef36f691933716a83c015b8475ed4e47d21bd0d7f8baef4de04= 6b  update-ca-certificates"
+aa7d262788b36ff786ff94055b3f5d23d588a35e59aecd767fb31f9c75985f= a8  update-ca-certificates"
= sha512sums=3D"5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670= b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b =  ca-certificates_20141019.tar.xz
-dadf046999f226cef0b14bd9014e59f04fa05a984339ff84940a2beb0f33f7= 0bc921233d22291a294f9366c67989f5d337febd1832574c2e28317c14de84ff00 =  update-ca-certificates"
+5104acd36b623a6cf65f13a1ce542d57fa9aeec351d46bc535c220007c876b= 1d1790a85d3c51da9b723778e8a3dac18f1d90833268a2e4bf2f29a831a64a903b =  update-ca-certificates"
diff --git = a/main/ca-certificates/update-ca-certificates = b/main/ca-certificates/update-ca-certificates
index = 53f45df..5375950 100755
--- = a/main/ca-certificates/update-ca-certificates
+++ = b/main/ca-certificates/update-ca-certificates
@@ -1,87 = +1,163 @@
-#!/usr/bin/lua5.2
-
-local CERTSDIR=3D'/usr/share/ca-certificates/'
-local LOCALCERTSDIR=3D'/usr/local/share/ca-certificates/'
-local ETCCERTSDIR=3D'/etc/ssl/certs/'
-local = CERTBUNDLE=3D'ca-certificates.crt'
-local = CERTSCONF=3D'/etc/ca-certificates.conf'
-
-local posix =3D require 'posix'
-function = string.begins(str, prefix) return str:sub(1,#prefix)=3D=3Dprefix end
-
-local function add(fn, out, links)
- = -- Map fn to file in etc
- local pem = =3D "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, = ]','_'):gsub('[()]','=3D')..".pem"
- = links[pem] =3D fn
- -- Read the certificate for the = bundle
- local f =3D io.open(fn, "rb")
- = if f ~=3D nil then
- local content =3D = f:read("*all")
- f:close()
- = out:write(content)
- if content:sub(-1) ~=3D '\n' then = out:write('\n') end
- end
-end
-
-local calinks =3D {}
-local = cacerts =3D {}
-
-local fd, tmpfile =3D = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX')
-if not fd = then
- print("Failed to open temporary = file for ca bundle")
- return 1
-end
-posix.close(fd)
-posix.chmod(tmpfile, = "rw-r--r--")
-local bundle =3D io.open(tmpfile, "wb")
-
--- Handle global CA certs from config = file
-for l in io.lines(CERTSCONF) do
- local = firstchar =3D l:sub(1,1)
- if firstchar ~=3D "#" and = firstchar ~=3D "!" then
- add(CERTSDIR..l, bundle, = calinks)
- end
-end
-
--- Handle local CA certificates
-local certlist =3D posix.glob(LOCALCERTSDIR..'*.crt')
-if certlist ~=3D nil then
- = table.sort(certlist)
- for f in pairs(certlist) do
- = = local fn =3D LOCALCERTSDIR..f
- if = posix.stat(fn, 'type') =3D=3D 'regular' then
- add(fn, = bundle, calinks)
- end
- end
-end
-
--- Update etc cert dir = for additions and deletions
-local f, target
-for f in posix.files(ETCCERTSDIR) do
- local fn = =3D ETCCERTSDIR..f
- if posix.stat(fn, 'type') =3D=3D = 'link' then
- local curtgt =3D = posix.readlink(fn)
- local target =3D calinks[f]
- = = if target =3D=3D nil then
- -- = Symlink exists but is not wanted
- -- Delete = it if it points to 'our' directory
- if = curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then
- = = = = os.remove(fn)
- end
- elseif = curtgt ~=3D target then
- -- Symlink exists but points = wrong
- posix.link(target, = ETCCERTSDIR..f, true)
- else
- -- = Symlink exists and is ok
- calinks[f] =3D nil
- = = end
- end
-end
-for f, target in pairs(calinks) do
- = posix.link(target, ETCCERTSDIR..f, true)
-end
-
--- Update hashes and the bundle
-bundle:close()
-os.rename(tmpfile, = ETCCERTSDIR..CERTBUNDLE)
-os.execute("c_rehash = "..ETCCERTSDIR.." > /dev/null")
+#!/bin/sh -e
+#
+# update-ca-certificates
+#
+# Copyright (c) 2003 Fumitoshi UKAI <ukai@debian.or.jp>
+# Copyright (c) 2009 Philipp Kern <pkern@debian.org>
+#
+# This program is free software; you can = redistribute it and/or modify
+# it under the terms of the = GNU General Public License as published by
+# the Free = Software Foundation; either version 2 of the License, or
+# = (at your option) any later version.
+#
+# = This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied = warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR = PURPOSE.  See the
+# GNU General Public License for = more details.
+#
+# You should have received = a copy of the GNU General Public License
+# along with = this program; if not, write to the Free Software
+# = Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02111-1301,
+# USA.
+#
+
+verbose=3D0
+fresh=3D0
+while [ = $# -gt 0 ];
+do
+  case $1 in
+  --verbose|-v)
+   = verbose=3D1;;
+  --fresh|-f)
+ = fresh=3D1;;
+  --help|-h|*)
+ echo "$0: = [--verbose] [--fresh]"
+ exit;;
+ =  esac
+  shift
+done
+
+CERTSCONF=3D/etc/ca-certificates.conf
+CERTSDIR=3D/usr/share/ca-certificates
+LOCALCERTSDIR=3D/usr/local/share/ca-certificates
+CERTBUNDLE=3Dca-certificates.crt
+ETCCERTSDIR=3D/etc/ssl/certs
+
+cleanup() {
+  rm -f "$TEMPBUNDLE"
+  rm -f "$ADDED"
+  rm -f = "$REMOVED"
+}
+trap cleanup 0
+
+# Helper files.  (Some of them are not = simple arrays because we spawn
+# subshells later on.)
+TEMPBUNDLE=3D"$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
+ADDED=3D"$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+REMOVED=3D"$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+
+# Adds a certificate to the list of trusted = ones.  This includes a symlink
+# in /etc/ssl/certs = to the certificate file and its inclusion into the
+# = bundle.
+add() {
+  CERT=3D"$1"
+  PEM=3D"$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e = 's/ /_/g' \
+ =             &n= bsp;           &nbs= p;            =             -e= 's/[()]/=3D/g' \
+ =             &n= bsp;           &nbs= p;            =             -e= 's/,/_/g').pem"
+  if ! test -e "$PEM" || [ = "$(readlink "$PEM")" !=3D "$CERT" ]
+  then
+    ln -sf "$CERT" "$PEM"
+ =    echo +$PEM >> "$ADDED"
+ =  fi
+  cat "$CERT" >> "$TEMPBUNDLE"
+}
+
+remove() {
+ =  CERT=3D"$1"
+  PEM=3D"$ETCCERTSDIR/$(basename = "$CERT" .crt).pem"
+  if test -L "$PEM"
+=  then
+    rm -f "$PEM"
+=    echo -$PEM >> "$REMOVED"
+ =  fi
+}
+
+cd = $ETCCERTSDIR
+if [ "$fresh" =3D 1 ]; then
+ =  echo -n "Clearing symlinks in $ETCCERTSDIR..."
+ =  find . -type l -print | while read symlink
+ =  do
+     case $(readlink = $symlink) in
+     $CERTSDIR*) rm -f = $symlink;;
+     esac
+ =  done
+  find . -type l -print | while read = symlink
+  do
+ =     test -f $symlink || rm -f $symlink
+=  done
+  echo "done."
+fi
+
+echo -n "Updating certificates in = $ETCCERTSDIR... "
+
+# Handle certificates = that should be removed.  This is an explicit act
+# = by prefixing lines in the configuration files with exclamation marks = (!).
+sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while = read crt
+do
+  remove = "$CERTSDIR/$crt"
+done
+
+sed = -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
+do
+  if ! test -f "$CERTSDIR/$crt"
+  then
+    echo "W: = $CERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
+    continue
+  fi
+  add "$CERTSDIR/$crt"
+done
+
+# Now process certificate authorities = installed by the local system
+# administrator.
+if [ -d "$LOCALCERTSDIR" ]
+then
+=  find -L "$LOCALCERTSDIR" -type f -name '*.crt' | while read = crt
+  do
+    add = "$crt"
+  done
+fi
+
+rm -f "$CERTBUNDLE"
+
+ADDED_CNT=3D$(wc -l < "$ADDED")
+REMOVED_CNT=3D$(wc -l < "$REMOVED")
+
+if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
+then
+  # only run if set of files has = changed
+  if [ "$verbose" =3D 0 ]
+ =  then
+    c_rehash . > = /dev/null
+  else
+ =    c_rehash .
+  fi
+fi+
+chmod 0644 "$TEMPBUNDLE"
+mv = -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
+echo = "$ADDED_CNT added, $REMOVED_CNT removed; done."
+
+HOOKSDIR=3D/etc/ca-certificates/update.d
+echo = -n "Running hooks in $HOOKSDIR...."
+VERBOSE_ARG=3D
+[ "$verbose" =3D 0 ] || VERBOSE_ARG=3D--verbose
+eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read = hook
+do
+  ( cat $ADDED
+ =    cat $REMOVED ) | $hook || echo E: $hook exited with = code $?.
+done
+echo "done."
+
+# vim:set et sw=3D2:
+
--
2.3.7



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---


= --Apple-Mail=_6AD71730-0E5A-423B-9B78-7B4532E511E6-- --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---