aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssl
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2013-12-26 15:05:31 +0200
committerTimo Teräs <timo.teras@iki.fi>2013-12-26 15:05:31 +0200
commit4c2d1cffb9071ed6d7e2f8dc7eee61eff81e3901 (patch)
tree47e9a4f5501da000703677566240c823253b9ec7 /main/openssl
parent4be76d3f934603fb8cdb961db16188a84238544a (diff)
downloadaports-4c2d1cffb9071ed6d7e2f8dc7eee61eff81e3901.tar.bz2
aports-4c2d1cffb9071ed6d7e2f8dc7eee61eff81e3901.tar.xz
main/openssl: speed improvements for c_rehash.sh
Diffstat (limited to 'main/openssl')
-rw-r--r--main/openssl/APKBUILD8
-rw-r--r--main/openssl/c_rehash.sh105
2 files changed, 30 insertions, 83 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 598fab488b..ca5e5fe649 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1e
-pkgrel=5
+pkgrel=6
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -130,7 +130,7 @@ d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch
2681796363085d01db8a81c249cd2d7b openssl-use-termios.patch
8a251d30c977ffe8bfbf9d9b7eae1a8e openssl-disable-rdrand-default.patch
efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
-b1068a6dd30ec8adf63b4fd0057491a0 c_rehash.sh"
+d0b39772b0d8bcde609b57dcf4433be8 c_rehash.sh"
sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz
fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
@@ -143,7 +143,7 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e
05266a671143cf17367dee8d409ad6d0857201392c99731d7ebb8f8cdcdc32f7 openssl-use-termios.patch
c215b03f9328b8dfb81e3fa90bdf0332d6b649688944ff79fe60be62131ccb60 openssl-disable-rdrand-default.patch
1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch
-4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 c_rehash.sh"
+c99cf6efd66c7515a2a627b4bcf9b08f237401a5e514f12ed300b33c466450ff c_rehash.sh"
sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz
880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
@@ -156,4 +156,4 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d
22261ad902ad4826db889fa0e6196b57d6cb389c1707f5827ba48a4630097e590979257f16f4a36fe611199fa33ba32d5f412c8b93beb84001865c2501b288da openssl-use-termios.patch
2af7a40d023e4a09c14712661056a45c572416d5bbee8d90caf5d9d44854ffa86b1d3a0bebf78156ec5da2e71ae91724c007c3d0a8de5f025b3947fd0add287d openssl-disable-rdrand-default.patch
f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch
-55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da c_rehash.sh"
+ad4dde3ad0abee7645b1ab3111242f045cc381e4381a19dd0c624059697cb0f6486f8463da6dfb22f11d9b2882a1872fef8a1fd1709b0981847d0a6d2c8741a3 c_rehash.sh"
diff --git a/main/openssl/c_rehash.sh b/main/openssl/c_rehash.sh
index 75a774945c..9840132d22 100644
--- a/main/openssl/c_rehash.sh
+++ b/main/openssl/c_rehash.sh
@@ -14,55 +14,6 @@
# default certificate location
DIR=/etc/openssl
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-
-
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-# 1. the filename to be scanned
-# returns:
-# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
- local IS_TYPE=0
-
- # make IFS a newline so we can process grep output line by line
- local OLDIFS=${IFS}
- IFS=$( printf "\n" )
-
- # XXX: could be more efficient to have two 'grep -m' but is -m portable?
- for LINE in $( grep '^-----BEGIN .*-----' ${1} )
- do
- if echo ${LINE} \
- | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- break
- fi
- elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
- then
- IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-
- if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- break
- fi
- fi
- done
-
- # restore IFS
- IFS=${OLDIFS}
-
- return ${IS_TYPE}
-}
-
-
#
# use openssl to fingerprint a file
# arguments:
@@ -75,7 +26,7 @@ check_file()
#
fingerprint()
{
- ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+ ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed -e 's/^.*=//' -e 's/://g'
}
@@ -89,7 +40,6 @@ fingerprint()
#
link_hash()
{
- local FINGERPRINT=$( fingerprint ${1} ${2} )
local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
local SUFFIX=0
local LINKFILE=''
@@ -102,17 +52,22 @@ link_hash()
LINKFILE=${HASH}.${TAG}${SUFFIX}
- while [ -f ${LINKFILE} ]
- do
+ if [ -f ${LINKFILE} ]
+ then
+ local FINGERPRINT=$( fingerprint ${1} ${2} )
+
+ while [ -f ${LINKFILE} ]
+ do
if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
- then
- echo "WARNING: Skipping duplicate file ${1}" >&2
- return 1
- fi
+ then
+ echo "WARNING: Skipping duplicate file ${1}" >&2
+ return 1
+ fi
- SUFFIX=$(( ${SUFFIX} + 1 ))
- LINKFILE=${HASH}.${TAG}${SUFFIX}
- done
+ SUFFIX=$(( ${SUFFIX} + 1 ))
+ LINKFILE=${HASH}.${TAG}${SUFFIX}
+ done
+ fi
echo "${1} => ${LINKFILE}"
@@ -131,31 +86,23 @@ hash_dir()
cd ${1}
- ls -1 * 2>/dev/null | while read FILE
+ ls -1 * 2>/dev/null | grep -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' | while read FILE
do
- if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
- && [ -h "${FILE}" ]
- then
- rm ${FILE}
- fi
+ [ -h "${FILE}" ] && rm "${FILE}"
done
ls -1 *.pem 2>/dev/null | while read FILE
do
- check_file ${FILE}
- local FILE_TYPE=${?}
- local TYPE_STR=''
-
- if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
- then
- TYPE_STR='x509'
- elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
- then
- TYPE_STR='crl'
- else
- echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
+ local TYPE_STR=
+
+ if grep -q '^-----BEGIN X509 CRL-----' ${FILE}; then
+ TYPE_STR="crl"
+ elif grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' ${FILE}; then
+ TYPE_STR="x509"
+ else
+ echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
continue
- fi
+ fi
link_hash ${FILE} ${TYPE_STR}
done