[blfs-book] r9380 - in trunk/BOOK: introduction/welcome postlfs/security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Sat Feb 11 19:59:03 PST 2012


Author: bdubbs
Date: 2012-02-11 20:58:59 -0700 (Sat, 11 Feb 2012)
New Revision: 9380

Modified:
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/cacerts.xml
Log:
Update ca-cert scripts.  
  Account for changed upstream format.
  Ensure date command works for all systems.


Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2012-02-12 01:17:45 UTC (rev 9379)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2012-02-12 03:58:59 UTC (rev 9380)
@@ -45,6 +45,11 @@
       <para>February 12th, 2012</para>
       <itemizedlist>
         <listitem>
+          <para>[bdubbs] - Update ca-cert scripts.  Account for 
+          changed upstream format and ensure date command works
+          for all systems.</para>
+        </listitem>
+        <listitem>
           <para>[ken] - add gjs-1.30.0 from Wayne.</para>
         </listitem>
         <listitem>

Modified: trunk/BOOK/postlfs/security/cacerts.xml
===================================================================
--- trunk/BOOK/postlfs/security/cacerts.xml	2012-02-12 01:17:45 UTC (rev 9379)
+++ trunk/BOOK/postlfs/security/cacerts.xml	2012-02-12 03:58:59 UTC (rev 9380)
@@ -88,6 +88,8 @@
 #
 # Authors: DJ Lucas
 #          Bruce Dubbs
+#
+# Version 20120211
 
 my $certdata = './tempfile.cer';
 
@@ -142,6 +144,8 @@
 #
 # Authors: DJ Lucas
 #          Bruce Dubbs
+#
+# Version 20120211
 
 certdata="certdata.txt"
 
@@ -193,7 +197,7 @@
 for tempfile in ${TEMPDIR}/certs/*.tmp; do
   # Make sure that the cert is trusted...
   grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \
-    grep "CKT_NETSCAPE_TRUST_UNKNOWN" > /dev/null
+    egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null
 
   if test "${?}" = "0"; then
     # Throw a meaningful error and remove the file
@@ -237,7 +241,35 @@
   <screen><userinput>cat > /bin/remove-expired-certs.sh << "EOF"
 #!/bin/bash
 # Begin /bin/remove-expired-certs.sh
+#
+# Version 20120211
 
+# Make sure the date is parsed correctly on all systems
+function mydate()
+{
+  local y=$( echo $1 | cut -d" " -f4 )
+  local M=$( echo $1 | cut -d" " -f1 )
+  local d=$( echo $1 | cut -d" " -f2 )
+  local m
+
+  case $M in
+    Jan) m="01";;
+    Feb) m="02";;
+    Mar) m="03";;
+    Apr) m="04";;
+    May) m="05";;
+    Jun) m="06";;
+    Jul) m="07";;
+    Aug) m="08";;
+    Sep) m="09";;
+    Oct) m="10";;
+    Nov) m="11";;
+    Dec) m="12";;
+  esac
+
+  certdate="${y}${m}${d}"
+}
+
 OPENSSL=/usr/bin/openssl
 DIR=/etc/ssl/certs
 
@@ -251,8 +283,9 @@
 for cert in $certs; do
   notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout )
   date=$( echo ${notafter} |  sed 's/^notAfter=//' )
+  mydate "date"
 
-  if [ $( date -d "${date}" +%Y%m%d ) -lt ${today} ]; then
+  if [ ${certdate} -lt ${today} ]; then
      echo "${cert} is expired! Removing..."
      rm -f "${cert}"
   fi




More information about the blfs-book mailing list