diff options
Diffstat (limited to 'main/ca-certificates/update-ca-certificates')
| -rwxr-xr-x | main/ca-certificates/update-ca-certificates | 59 |
1 files changed, 31 insertions, 28 deletions
diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates index cbd37779a7..15adf6ee40 100755 --- a/main/ca-certificates/update-ca-certificates +++ b/main/ca-certificates/update-ca-certificates @@ -7,30 +7,39 @@ local CERTBUNDLE='ca-certificates.crt' local CERTSCONF='/etc/ca-certificates.conf' local posix = require 'posix' -local calinks = {} -local cacerts = {} - function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end -local function add(fn) +local function add(fn, out, links) -- Map fn to file in etc local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem" - calinks[pem] = fn + links[pem] = fn -- Read the certificate for the bundle local f = io.open(fn, "rb") if f ~= nil then local content = f:read("*all") f:close() - table.insert(cacerts, content) - if content:sub(-1) ~= '\n' then table.insert(cacerts, '\n') end + out:write(content) + if content:sub(-1) ~= '\n' then out:write('\n') end end end +local calinks = {} +local cacerts = {} + +local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') +if not fd then + print("Failed to open temporary file for ca bundle") + return 1 +end +posix.close(fd) +posix.chmod(tmpfile, 0644) +local bundle = io.open(tmpfile, "wb") + -- Handle global CA certs from config file for l in io.lines(CERTSCONF) do local firstchar = l:sub(1,1) if firstchar ~= "#" and firstchar ~= "!" then - add(CERTSDIR..l) + add(CERTSDIR..l, bundle, calinks) end end @@ -41,7 +50,7 @@ if certlist ~= nil then for f in pairs(certlist) do local fn = LOCALCERTSDIR..f if posix.stat(fn, 'type') == 'regular' then - add(fn) + add(fn, bundle, calinks) end end end @@ -51,19 +60,20 @@ local f, target for f in posix.files(ETCCERTSDIR) do local fn = ETCCERTSDIR..f if posix.stat(fn, 'type') == 'link' then - local target = calinks[f] local curtgt = posix.readlink(fn) - if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then - if target == nil then - -- Symlink exists but is unwanted + local target = calinks[f] + if target == nil then + -- Symlink exists but is not wanted + -- Delete it if it points to 'our' directory + if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then os.remove(fn) - elseif current_target ~= wanted_target then - -- Symlink exists but points wrong - posix.link(target, ETCCERTSDIR..f, true) - else - -- Symlink exists and is ok - calinks[f] = nil end + elseif curtgt ~= target then + -- Symlink exists but points wrong + posix.link(target, ETCCERTSDIR..f, true) + else + -- Symlink exists and is ok + calinks[f] = nil end end end @@ -72,13 +82,6 @@ for f, target in pairs(calinks) do end -- Update hashes and the bundle +bundle:close() +os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null") -local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') -if fd >= 0 then - posix.close(fd) - posix.chmod(tmpfile, "a+r") - local file = io.open(tmpfile, "wb") - file:write(table.concat(cacerts)) - file:close() - os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) -end |