Re: [Ciotoflow] [FYI][SCRIPT] update_autistici_ca.sh

Delete this message

Reply to this message
Autor: Natale Vinto
Data:  
Dla: Flussi di ciotia.
Temat: Re: [Ciotoflow] [FYI][SCRIPT] update_autistici_ca.sh
Grande script soviet zi, ma lo posso riciclare per cacert ;) grazie!
Il giorno 20/ago/2013 17:13, "Rocco Folino" <lordzen@???> ha
scritto:

> Salve ciotoni,
>
> ho scritto un piccolo script comodo per aggiornare il certificato di
> autistici.
>
> -zen
>
> PS: lanciatelo con sudo o inserite il vostro utente nel gruppo staff (per
> debian)
>
> ====================
>
> #!/bin/bash
>
> CA_TMP_PATH=/tmp/ca
> CA_TMP_FILE=$CA_TMP_PATH/autistici.crt
>
> CA_SYS_FILE=/usr/local/share/ca-certificates/autistici-ca.crt
>
> [ -d "/usr/local/share/ca-certificates" ] || {
>     echo "ERR: please install ca-certificates"
>     exit 1
> }

>
> # For Google Chrome
> [ -z "$(which certutil)" ] && {
>     echo "ERR: please install libnss3-tool"
>     exit 1
> }

>
> echo -n "Downloading certificate: "
>
> [ -d $CA_TMP_PATH ] || mkdir $CA_TMP_PATH
> wget -q -O $CA_TMP_FILE http://www.autistici.org/static/certs/ca.crt || {
>     echo "FAIL"
>     rm -rf $CA_TMP_PATH
>     exit 1
> }

>
> echo "OK"
>
> echo -n "Verifying certificate: "
>
> CERT_FINGER=$(openssl x509 -in $CA_TMP_FILE -fingerprint -sha256 -noout |
> cut -d= -f2 | tr -d :)
> DNS_FINGER=$(dig +short +dnssec tlsa _443._tcp.autistici.org @8.8.8.8 |
> awk '/^0/ {print $4 $5}')
>
> [ "$CERT_FINGER" == "$DNS_FINGER" ] || {
>     echo "FAIL"
>     rm -rf $CA_TMP_PATH
>     exit 1
> }

>
> echo "OK"
>
> echo -n "Installing certificate: "
>
> cp $CA_TMP_FILE $CA_SYS_FILE
> certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "autistici/inventati CA" -i
> $CA_TMP_FILE
>
> echo "OK"
>
> rm -rf $CA_TMP_PATH
> _______________________________________________
> Ciotoflow mailing list
> Ciotoflow@???
> https://www.autistici.org/mailman/listinfo/ciotoflow
>