10 changed files with 18014 additions and 0 deletions
@ -0,0 +1,95 @@
|
||||
#!/bin/bash |
||||
# Build script for Slackware |
||||
# Copyright (C) 2011 Damien Goutte-Gattat |
||||
# |
||||
# Redistribution and use of this script, with or without modifications, |
||||
# is permitted provided that the following conditions are met: |
||||
# |
||||
# 1. Redistributions of this script must retain the above copyright |
||||
# notice, this list of conditions and the following disclaimer. |
||||
# |
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS'' AND ANY EXPRESS OR |
||||
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
||||
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
||||
# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, |
||||
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
||||
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
||||
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
||||
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING |
||||
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
||||
# POSSIBILITY OF SUCH DAMAGE. |
||||
# |
||||
# Contact: Damien Goutte-Gattat <dgouttegattat@incenp.org> |
||||
|
||||
# Build infos |
||||
NAMEPKG=${NAMEPKG:-ca-certificates} |
||||
VERSION=${VERSION:-20110325} |
||||
BUILD=${BUILD:-1GGD} |
||||
ARCH=noarch |
||||
EXT=${EXT:-txz} |
||||
|
||||
# Directories |
||||
TMP=${TMP:-/tmp} |
||||
OUT=${OUT:-$TMP/build} |
||||
PKG=${PKG:-$OUT/$NAMEPKG} |
||||
CWD=$(pwd) |
||||
|
||||
set -e # Quit if a command returns non-zero |
||||
|
||||
# Sanity checks |
||||
if [ $UID -eq 0 ]; then |
||||
echo "You should NOT run this script as ROOT!" |
||||
exit 1 |
||||
fi |
||||
if [ ! -d $TMP ]; then |
||||
echo "$TMP does not exists or is not a directory!" |
||||
exit 1 |
||||
fi |
||||
|
||||
# Prepare directories |
||||
mkdir -p $PKG/usr/share/ca-certificates $PKG/usr/sbin $PKG/etc |
||||
|
||||
# Install Mozilla certificates |
||||
( |
||||
cp -r $CWD/certs/mozilla $PKG/usr/share/ca-certificates |
||||
cd $PKG/usr/share/ca-certificates/mozilla |
||||
python certdata2pem.py |
||||
rm -f certdata.txt blacklist.txt certdata2pem.py |
||||
) |
||||
|
||||
# Install CAcert.org certificates |
||||
mkdir $PKG/usr/share/ca-certificates/cacert.org |
||||
cat $CWD/certs/cacert.org/root.crt $CWD/certs/cacert.org/class3.crt \ |
||||
> $PKG/usr/share/ca-certificates/cacert.org/cacert.org.crt |
||||
|
||||
# Install my own certificate |
||||
install -m 644 -D $CWD/certs/incenp.org/dgg-ca.crt \ |
||||
$PKG/usr/share/ca-certificates/incenp.org/dgg-ca.crt |
||||
|
||||
# Install update script |
||||
install -m 755 $CWD/update-certificates.sh $PKG/usr/sbin/update-certs |
||||
|
||||
# Create and install config files |
||||
( |
||||
cd $PKG/usr/share/ca-certificates |
||||
find . -type f | cut -c3- > $PKG/etc/ca-certificates.conf.new |
||||
) |
||||
|
||||
# Copy slack-desc and doinst.sh files |
||||
install -D -m 644 $CWD/slack-desc $PKG/install/slack-desc |
||||
install -m 755 $CWD/doinst.sh $PKG/install/doinst.sh |
||||
|
||||
# Package the tree |
||||
cd $PKG |
||||
mkdir -p $OUT |
||||
PACKAGING=" |
||||
chown root:root . -R |
||||
/sbin/makepkg -l y -c n $OUT/$NAMEPKG-$VERSION-$ARCH-$BUILD.$EXT |
||||
rm -rf $PKG |
||||
" |
||||
if type -p fakeroot ; then |
||||
echo "$PACKAGING" | fakeroot |
||||
else |
||||
su -c "$PACKAGING" |
||||
fi |
||||
@ -0,0 +1,35 @@
|
||||
-----BEGIN CERTIFICATE----- |
||||
MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 |
||||
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB |
||||
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA |
||||
Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS |
||||
BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v |
||||
cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB |
||||
AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 |
||||
4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB |
||||
Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J |
||||
0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ |
||||
FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx |
||||
bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q |
||||
SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb |
||||
6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV |
||||
m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g |
||||
eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG |
||||
kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 |
||||
6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG |
||||
CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc |
||||
aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB |
||||
gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w |
||||
aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 |
||||
tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 |
||||
nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M |
||||
77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV |
||||
Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L |
||||
ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM |
||||
zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU |
||||
rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF |
||||
YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT |
||||
oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu |
||||
FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB |
||||
0m6lG5kngOcLqagA |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,41 @@
|
||||
-----BEGIN CERTIFICATE----- |
||||
MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 |
||||
IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB |
||||
IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA |
||||
Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO |
||||
BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi |
||||
MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ |
||||
ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC |
||||
CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ |
||||
8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 |
||||
zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y |
||||
fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 |
||||
w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc |
||||
G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k |
||||
epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q |
||||
laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ |
||||
QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU |
||||
fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 |
||||
YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w |
||||
ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY |
||||
gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe |
||||
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 |
||||
IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy |
||||
dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw |
||||
czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 |
||||
dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl |
||||
aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC |
||||
AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg |
||||
b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB |
||||
ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc |
||||
nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg |
||||
18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c |
||||
gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl |
||||
Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY |
||||
sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T |
||||
SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF |
||||
CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum |
||||
GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk |
||||
zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW |
||||
omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,36 @@
|
||||
-----BEGIN CERTIFICATE----- |
||||
MIIGWjCCBEKgAwIBAgIJANTVbQd//ACTMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV |
||||
BAYTAkZSMREwDwYDVQQHEwhHcmVub2JsZTELMAkGA1UECxMCQ0ExDzANBgNVBAMT |
||||
BkRHRyBDQTEgMB4GCSqGSIb3DQEJARYRZGdnLWNhQGluY2VucC5vcmcwHhcNMTAx |
||||
MDI4MTE1NjI5WhcNMjAxMDI1MTE1NjI5WjBgMQswCQYDVQQGEwJGUjERMA8GA1UE |
||||
BxMIR3Jlbm9ibGUxCzAJBgNVBAsTAkNBMQ8wDQYDVQQDEwZER0cgQ0ExIDAeBgkq |
||||
hkiG9w0BCQEWEWRnZy1jYUBpbmNlbnAub3JnMIICIjANBgkqhkiG9w0BAQEFAAOC |
||||
Ag8AMIICCgKCAgEA6Z7Ah52RF6Lbtb8TQhnjFFGqIcJmgSx6ahCa8DDRAuY+qO2m |
||||
uhOrwiyBE1kD4iO3G+yvDpzz9IjSKYUFw4Ec65qPKh4uI442O7axQXTvT33eBsB4 |
||||
zsjSK4VD5R0JDNN30MuiwDpEnIZAO4o57Vd7x/6mzf2L1Gk79EYb/dqFjlqGb5dE |
||||
zzgl7iPDSPsS/2vjm6Kp0Zi8Kr6ZCIPzRDERVHcVmBA5xu9/SNKH2iG29wC5OP+b |
||||
YosUeHWjd0ctOvj6IMJvv4ptmP74XgvPYlHNFuhchxrXOgKWkT40zDOLQ/32Xyvh |
||||
ru2OYegpLrwmuUCiFYVc0FCSlvCBvHGTJPo8+jzuch2SX5UZnXU9QtEZMaS4YuNY |
||||
fbQfRs6o6qBFPJ/VlMDfPm6EyhWpg+M/c9lhmAkt8FIqHsXtH5BD+AhHer+VlFso |
||||
eC/weUSLYQmh8Owv6U7hsa+R26OVCcWp62c+q9qmzEA9L7m3JVqhW3WDyda9S9Jz |
||||
8ftA3XDNUNI7hkdhlQwYGM2wz1KsXDdyWEII5WIZ+ejCxemAkCTASKp466Lk+Ml9 |
||||
WYOwTbBaMzKpAHTRNyhweTwXvrZHaFVrTQIwhom2XRp9EVC65aqdvCa0hQnHUtHD |
||||
fQOyHdtb/EC2HEB2ZmX79xN4ITr62WS5HAwH1qgWmNTVM97hbyMerkHfDjcCAwEA |
||||
AaOCARUwggERMB0GA1UdDgQWBBQZzc4f5C/fQKQEeMcujB+jaoH0RDCBkgYDVR0j |
||||
BIGKMIGHgBQZzc4f5C/fQKQEeMcujB+jaoH0RKFkpGIwYDELMAkGA1UEBhMCRlIx |
||||
ETAPBgNVBAcTCEdyZW5vYmxlMQswCQYDVQQLEwJDQTEPMA0GA1UEAxMGREdHIENB |
||||
MSAwHgYJKoZIhvcNAQkBFhFkZ2ctY2FAaW5jZW5wLm9yZ4IJANTVbQd//ACTMA8G |
||||
A1UdEwEB/wQFMAMBAf8wEQYJYIZIAYb4QgEBBAQDAgAHMAkGA1UdEgQCMAAwHAYD |
||||
VR0RBBUwE4ERZGdnLWNhQGluY2VucC5vcmcwDgYDVR0PAQH/BAQDAgEGMA0GCSqG |
||||
SIb3DQEBBQUAA4ICAQByxzy+5tvejkzUgLRxAgNHA37aLgjcpPJCGNnHmAl/BtxB |
||||
Qo0Sa6S5OZynv2eDb7W9Cjny+Es0UabeoxdHPKWi/DY7/xLAkB8Ccw97tFHI9ONT |
||||
gmUvo2u/JulNcTWLU6cHFFoAZ717Z0Ne+EU/X2ZNZH9Jdw3gLYI1iu/INGFmQ/hR |
||||
8DUthJjoGXKAqR/yCqHtrKHPMcmo7t+smYrvLzD8P58+QfyzSerQTOoLTWu+SsaN |
||||
g0hTLiwf+0jS53qF0ledm6L05ksLx1N6e6N/2Bzk+2lbONy7st7q3MZrlI+UKVE2 |
||||
QfDf7waGwro/H80wzFwM7LQ754dDR5YC5Wde57JzBmJpIN0gYrsadzwOwO/lOmCv |
||||
o7Umor1kz8Lp0x2bN3WOFw3eXeoEf69vkXwBR2CtnWmB1X46j6piI22jDPpc4cTD |
||||
FNe8OjAXym4j5z6XQN8KSxVbmt9f8LHsBUv7rrjnvcRvPT36/neuCZgG4nubEGxi |
||||
jSiGf3+tPFWVIrHcNL+kxZLEoXX6+Ga6JJPa6h/nBCjX39yxgNjd/2sf1JIbr5fn |
||||
ryh5rgdJseN0+/vNJRc6Zv2gaGaVImyBwDEaSiyd4BXuFr2P3zO2DU+l02mgeGcU |
||||
JylsFljW2bX9ctGXuUCZOHvI+H6urc3XVam5Anc463N+SdzeOXBhHYBEFzXbUg== |
||||
-----END CERTIFICATE----- |
||||
@ -0,0 +1,5 @@
|
||||
# One blacklist entry per line, corresponding to the label in certdata.txt. |
||||
|
||||
# MD5 Collision Proof of Concept CA |
||||
"MD5 Collisions Forged Rogue CA 25c3" |
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,126 @@
|
||||
#!/usr/bin/python |
||||
# vim:set et sw=4: |
||||
# |
||||
# certdata2pem.py - splits certdata.txt into multiple files |
||||
# |
||||
# Copyright (C) 2009 Philipp Kern <pkern@debian.org> |
||||
# |
||||
# This program is free software; you can redistribute it and/or modify |
||||
# it under the terms of the GNU General Public License as published by |
||||
# the Free Software Foundation; either version 2 of the License, or |
||||
# (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, |
||||
# USA. |
||||
|
||||
import base64 |
||||
import os.path |
||||
import re |
||||
import sys |
||||
import textwrap |
||||
|
||||
objects = [] |
||||
|
||||
# Dirty file parser. |
||||
in_data, in_multiline, in_obj = False, False, False |
||||
field, type, value, obj = None, None, None, dict() |
||||
|
||||
for line in open('certdata.txt', 'r'): |
||||
# Ignore the file header. |
||||
if not in_data: |
||||
if line.startswith('BEGINDATA'): |
||||
in_data = True |
||||
continue |
||||
# Ignore comment lines. |
||||
if line.startswith('#'): |
||||
continue |
||||
# Empty lines are significant if we are inside an object. |
||||
if in_obj and len(line.strip()) == 0: |
||||
objects.append(obj) |
||||
obj = dict() |
||||
in_obj = False |
||||
continue |
||||
if len(line.strip()) == 0: |
||||
continue |
||||
if in_multiline: |
||||
if not line.startswith('END'): |
||||
if type == 'MULTILINE_OCTAL': |
||||
line = line.strip() |
||||
for i in re.finditer(r'\\([0-3][0-7][0-7])', line): |
||||
value += chr(int(i.group(1), 8)) |
||||
else: |
||||
value += line |
||||
continue |
||||
obj[field] = value |
||||
in_multiline = False |
||||
continue |
||||
if line.startswith('CKA_CLASS'): |
||||
in_obj = True |
||||
line_parts = line.strip().split(' ', 2) |
||||
if len(line_parts) > 2: |
||||
field, type = line_parts[0:2] |
||||
value = ' '.join(line_parts[2:]) |
||||
elif len(line_parts) == 2: |
||||
field, type = line_parts |
||||
value = None |
||||
else: |
||||
raise NotImplementedError, 'line_parts < 2 not supported.' |
||||
if type == 'MULTILINE_OCTAL': |
||||
in_multiline = True |
||||
value = "" |
||||
continue |
||||
obj[field] = value |
||||
if len(obj.items()) > 0: |
||||
objects.append(obj) |
||||
|
||||
# Read blacklist. |
||||
blacklist = [] |
||||
if os.path.exists('blacklist.txt'): |
||||
for line in open('blacklist.txt', 'r'): |
||||
line = line.strip() |
||||
if line.startswith('#') or len(line) == 0: |
||||
continue |
||||
item = line.split('#', 1)[0].strip() |
||||
blacklist.append(item) |
||||
|
||||
# Build up trust database. |
||||
trust = dict() |
||||
for obj in objects: |
||||
if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST': |
||||
continue |
||||
if obj['CKA_LABEL'] in blacklist: |
||||
print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] |
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': |
||||
trust[obj['CKA_LABEL']] = True |
||||
elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': |
||||
trust[obj['CKA_LABEL']] = True |
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED': |
||||
print '!'*74 |
||||
print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] |
||||
print '!'*74 |
||||
else: |
||||
print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \ |
||||
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'], |
||||
obj['CKA_TRUST_EMAIL_PROTECTION']) |
||||
|
||||
for obj in objects: |
||||
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE': |
||||
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
||||
continue |
||||
fname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
||||
.replace(' ', '_')\ |
||||
.replace('(', '=')\ |
||||
.replace(')', '=')\ |
||||
.replace(',', '_') + '.crt' |
||||
f = open(fname, 'w') |
||||
f.write("-----BEGIN CERTIFICATE-----\n") |
||||
f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64))) |
||||
f.write("\n-----END CERTIFICATE-----\n") |
||||
|
||||
@ -0,0 +1,13 @@
|
||||
#!/bin/sh |
||||
config() |
||||
{ |
||||
NEW="$1" |
||||
OLD="`dirname $NEW`/`basename $NEW .new`" |
||||
if [ ! -r $OLD ]; then |
||||
mv $NEW $OLD |
||||
elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then |
||||
rm $NEW |
||||
fi |
||||
} |
||||
|
||||
config etc/ca-certificates.conf.new |
||||
@ -0,0 +1,12 @@
|
||||
|-----handy-ruler----------------------------------------------| |
||||
ca-certificates: ca-certificates (common root CA certificates) |
||||
ca-certificates: |
||||
ca-certificates: This package installs a set of commonly recognized root CA |
||||
ca-certificates: certificates. It is of Debian inspiration (yeah, Debian |
||||
ca-certificates: rules). |
||||
ca-certificates: |
||||
ca-certificates: |
||||
ca-certificates: |
||||
ca-certificates: |
||||
ca-certificates: |
||||
ca-certificates: |
||||
@ -0,0 +1,21 @@
|
||||
#!/bin/sh |
||||
|
||||
config_file=/etc/ca-certificates.conf |
||||
ca_dirs=/usr/share/ca-certificates:/usr/local/share/ca-certificates |
||||
target_dir=/etc/ssl/certs |
||||
|
||||
# Delete existing files |
||||
find $target_dir -type l -exec rm {} \; |
||||
rm -f $target_dir/bundle.ca |
||||
|
||||
# Create symlinks to trusted certificates |
||||
cd $target_dir |
||||
grep -v ^# $config_file | while read cert ; do |
||||
for dir in $(echo $ca_dirs | tr ':' ' ') ; do |
||||
[ -f $dir/$cert ] && ln -f -s $dir/$cert "$(basename $cert crt)pem" |
||||
done |
||||
done |
||||
c_rehash . |
||||
|
||||
# Create bundled file |
||||
cat *.pem > bundle.ca |
||||
Loading…
Reference in new issue