main/openssl: replace c_rehash perl script with shell script

from http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/openssl/openssl-c_rehash.sh fixes #2266 (cherry picked from commit 3fc0e1d57b15a8c6c652f215450c810a3c43601b) Conflicts: main/openssl/APKBUILD
author: Natanael Copa <ncopa@alpinelinux.org> 2013-10-02 14:40:32 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-10-03 13:41:01 +0000
commit: e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2 (patch)
tree: d1686a37797b005ad6288de57cc0903f46e43bee
parent: 4b76335f8ece39f111b32e4092d5f5c1e134be4a (diff)
download: alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.bz2
alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.xz
alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.zip
2 files changed, 223 insertions, 5 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index f0dfc3f085..008ecf81bb 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=openssl
 pkgver=1.0.1e
-pkgrel=2
+pkgrel=3
 pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
 url="http://openssl.org"
 depends=
@@ -21,7 +21,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
        0004-crypto-engine-autoload-padlock-dynamic-engine.patch
        0005-s_client-ircv3-starttls.patch
        openssl-1.0.1-version-eglibc.patch
-        fix-default-apps-capath.patch"
+        fix-default-apps-capath.patch
+        c_rehash.sh
+        "
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -67,6 +69,9 @@ build() {
 package() {
        cd "$_builddir"
        make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install
+        # replace the perl script with a shell script
+        rm -f "$pkgdir"/usr/bin/c_rehash
+        install -m 755 "$srcdir"/c_rehash.sh "$pkgdir"/usr/bin/c_rehash || return 1
 }
 libcrypto() {
@@ -99,7 +104,8 @@ cef4633142031b59960200e87ce3bb18  0003-engines-e_padlock-implement-sha1-sha224-s
 c32f42451a07267ee5dfb3781fa40c00  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 c5b1042a3acaf3591f3f5620b7086e12  0005-s_client-ircv3-starttls.patch
 d1f3aaad7c36590f21355682983cd14e  openssl-1.0.1-version-eglibc.patch
-efec1bce615256961b1756e575ee1d0a  fix-default-apps-capath.patch"
+efec1bce615256961b1756e575ee1d0a  fix-default-apps-capath.patch
+b1068a6dd30ec8adf63b4fd0057491a0  c_rehash.sh"
 sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3  openssl-1.0.1e.tar.gz
 fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed  fix-manpages.patch
 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8  openssl-bb-basename.patch
@@ -109,7 +115,8 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b  0003-engines-e
 157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46  0005-s_client-ircv3-starttls.patch
 51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93  openssl-1.0.1-version-eglibc.patch
-1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d  fix-default-apps-capath.patch"
+1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d  fix-default-apps-capath.patch
+4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0  c_rehash.sh"
 sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e  openssl-1.0.1e.tar.gz
 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407  fix-manpages.patch
 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5  openssl-bb-basename.patch
@@ -119,4 +126,5 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d
 3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe  0004-crypto-engine-autoload-padlock-dynamic-engine.patch
 70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3  0005-s_client-ircv3-starttls.patch
 6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a  openssl-1.0.1-version-eglibc.patch
-f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658  fix-default-apps-capath.patch"
+f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658  fix-default-apps-capath.patch
+55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da  c_rehash.sh"
diff --git a/main/openssl/c_rehash.sh b/main/openssl/c_rehash.sh
new file mode 100644
index 0000000000..75a774945c
--- /dev/null
+++ b/main/openssl/c_rehash.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+#
+# Ben Secrest <blsecres@gmail.com>
+#
+# sh c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+#
+# based on the c_rehash perl script distributed with openssl
+#
+# LICENSE: See OpenSSL license
+# ^^acceptable?^^
+#
+# default certificate location
+DIR=/etc/openssl
+# for filetype bitfield
+IS_CERT=$(( 1 << 0 ))
+IS_CRL=$(( 1 << 1 ))
+# check to see if a file is a certificate file or a CRL file
+# arguments:
+#       1. the filename to be scanned
+# returns:
+#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
+#
+check_file()
+{
+    local IS_TYPE=0
+    # make IFS a newline so we can process grep output line by line
+    local OLDIFS=${IFS}
+    IFS=$( printf "\n" )
+    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
+    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
+    do
+        if echo ${LINE} \
+            | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
+        then
+            IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
+            if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
+            then
+                break
+            fi
+        elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
+        then
+            IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
+            if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
+            then
+                break
+            fi
+        fi
+    done
+    # restore IFS
+    IFS=${OLDIFS}
+    return ${IS_TYPE}
+}
+#
+# use openssl to fingerprint a file
+#    arguments:
+#       1. the filename to fingerprint
+#       2. the method to use (x509, crl)
+#    returns:
+#       none
+#    assumptions:
+#       user will capture output from last stage of pipeline
+#
+fingerprint()
+{
+    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
+}
+#
+# link_hash - create links to certificate files
+#    arguments:
+#       1. the filename to create a link for
+#       2. the type of certificate being linked (x509, crl)
+#    returns:
+#       0 on success, 1 otherwise
+#
+link_hash()
+{
+    local FINGERPRINT=$( fingerprint ${1} ${2} )
+    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
+    local SUFFIX=0
+    local LINKFILE=''
+    local TAG=''
+    if [ ${2} = "crl" ]
+    then
+        TAG='r'
+    fi
+    LINKFILE=${HASH}.${TAG}${SUFFIX}
+    while [ -f ${LINKFILE} ]
+    do
+        if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
+        then
+            echo "WARNING: Skipping duplicate file ${1}" >&2
+            return 1
+        fi      
+        SUFFIX=$(( ${SUFFIX} + 1 ))
+        LINKFILE=${HASH}.${TAG}${SUFFIX}
+    done
+    echo "${1} => ${LINKFILE}"
+    # assume any system with a POSIX shell will either support symlinks or
+    # do something to handle this gracefully
+    ln -s ${1} ${LINKFILE}
+    return 0
+}
+# hash_dir create hash links in a given directory
+hash_dir()
+{
+    echo "Doing ${1}"
+    cd ${1}
+    ls -1 * 2>/dev/null | while read FILE
+    do
+        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
+                && [ -h "${FILE}" ]
+        then
+            rm ${FILE}
+        fi
+    done
+    ls -1 *.pem 2>/dev/null | while read FILE
+    do
+        check_file ${FILE}
+        local FILE_TYPE=${?}
+        local TYPE_STR=''
+        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
+        then
+            TYPE_STR='x509'
+        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
+        then
+            TYPE_STR='crl'
+        else
+            echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
+            continue
+        fi
+        link_hash ${FILE} ${TYPE_STR}
+    done
+}
+# choose the name of an ssl application
+if [ -n "${OPENSSL}" ]
+then
+    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
+else
+    SSL_CMD=/usr/bin/openssl
+    OPENSSL=${SSL_CMD}
+    export OPENSSL
+fi
+# fix paths
+PATH=${PATH}:${DIR}/bin
+export PATH
+# confirm existance/executability of ssl command
+if ! [ -x ${SSL_CMD} ]
+then
+    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
+    exit 0
+fi
+# determine which directories to process
+old_IFS=$IFS
+if [ ${#} -gt 0 ]
+then
+    IFS=':'
+    DIRLIST=${*}
+elif [ -n "${SSL_CERT_DIR}" ]
+then
+    DIRLIST=$SSL_CERT_DIR
+else
+    DIRLIST=${DIR}/certs
+fi
+IFS=':'
+# process directories
+for CERT_DIR in ${DIRLIST}
+do
+    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
+    then
+        IFS=$old_IFS
+        hash_dir ${CERT_DIR}
+        IFS=':'
+    fi
+done
author	Natanael Copa <ncopa@alpinelinux.org>	2013-10-02 14:40:32 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-10-03 13:41:01 +0000
commit	e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2 (patch)
tree	d1686a37797b005ad6288de57cc0903f46e43bee
parent	4b76335f8ece39f111b32e4092d5f5c1e134be4a (diff)
download	alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.bz2 alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.tar.xz alpine_aports-e274a00ec7822f0d3bba2ab6a6f8f9d0b891b6c2.zip

diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index f0dfc3f085..008ecf81bb 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Timo Teras <timo.teras@iki.fi>	1	# Maintainer: Timo Teras <timo.teras@iki.fi>
2	pkgname=openssl	2	pkgname=openssl
3	pkgver=1.0.1e	3	pkgver=1.0.1e
4	pkgrel=2	4	pkgrel=3
5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"	5	pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
6	url="http://openssl.org"	6	url="http://openssl.org"
7	depends=	7	depends=
@@ -21,7 +21,9 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch	21	0004-crypto-engine-autoload-padlock-dynamic-engine.patch
22	0005-s_client-ircv3-starttls.patch	22	0005-s_client-ircv3-starttls.patch
23	openssl-1.0.1-version-eglibc.patch	23	openssl-1.0.1-version-eglibc.patch
24	fix-default-apps-capath.patch"	24	fix-default-apps-capath.patch
		25	c_rehash.sh
		26	"
25		27
26	_builddir="$srcdir"/$pkgname-$pkgver	28	_builddir="$srcdir"/$pkgname-$pkgver
27		29
@@ -67,6 +69,9 @@ build() {
67	package() {	69	package() {
68	cd "$_builddir"	70	cd "$_builddir"
69	make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install	71	make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install
		72	# replace the perl script with a shell script
		73	rm -f "$pkgdir"/usr/bin/c_rehash
		74	install -m 755 "$srcdir"/c_rehash.sh "$pkgdir"/usr/bin/c_rehash \|\| return 1
70	}	75	}
71		76
72	libcrypto() {	77	libcrypto() {
@@ -99,7 +104,8 @@ cef4633142031b59960200e87ce3bb18 0003-engines-e_padlock-implement-sha1-sha224-s
99	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	104	c32f42451a07267ee5dfb3781fa40c00 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
100	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch	105	c5b1042a3acaf3591f3f5620b7086e12 0005-s_client-ircv3-starttls.patch
101	d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch	106	d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch
102	efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch"	107	efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
		108	b1068a6dd30ec8adf63b4fd0057491a0 c_rehash.sh"
103	sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz	109	sha256sums="f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 openssl-1.0.1e.tar.gz
104	fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch	110	fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
105	82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch	111	82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
@@ -109,7 +115,8 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e
109	157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	115	157ec6d17add25b96956abc7c44259c91eebe8a6c1026cdb976b895bf42ec56f 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
110	44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch	116	44b553d92e33c48f854a8e15b23830375bc400e987505c74956ac196266f0d46 0005-s_client-ircv3-starttls.patch
111	51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch	117	51146851d8454dcb73138f794ced8bd629658b4a0524c466f61b653fff536c93 openssl-1.0.1-version-eglibc.patch
112	1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch"	118	1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch
		119	4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 c_rehash.sh"
113	sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz	120	sha512sums="c76857e439431b2ef6f2aa123997e53f82b9c3c964d4d765d7cc6c0c20b37a21adf578f9b759b2b65ae3925454c432a01b7de0cd320ece7181dc292e00d3244e openssl-1.0.1e.tar.gz
114	880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch	121	880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
115	6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch	122	6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
@@ -119,4 +126,5 @@ b019320869d215014ad46e0b29aa239e31243571c4d45256b3ce6449a67fdc106a381c1cf3abd55d
119	3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch	126	3bedc326ca3e5945bc4ec4dccfe596042ee87aaeaf90b5063110a99cc8e38584838d68289907e4a3fcdb8e04635052ad0759c94e1d7070bb317c2066e2506bbe 0004-crypto-engine-autoload-padlock-dynamic-engine.patch
120	70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch	127	70cd257bbd5a86685dc2508399e67746b60ed5d581eb84fe4d4fc6af214f31b71e2a58ad758d572976a61f67bf64c37a935a9788db160f75bced75397b9bcce3 0005-s_client-ircv3-starttls.patch
121	6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch	128	6db9d9ee62048d27f80e392eda99a46712ee85f1c8fd49f4931be73c880da8b84844a72657f7bceddb7db0026daddd31870d9c5065494f8d359ee8560284fd4a openssl-1.0.1-version-eglibc.patch
122	f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch"	129	f2e737146a473d55b99f27457718ca299a02a0c74009026a30c3d1347c575bc264962b5708995e02ef7d68521b8366ccea7320523efb87b1ab2632d73fec5658 fix-default-apps-capath.patch
		130	55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da c_rehash.sh"


diff --git a/main/openssl/c_rehash.sh b/main/openssl/c_rehash.sh new file mode 100644 index 0000000000..75a774945c --- /dev/null +++ b/main/openssl/c_rehash.sh
@@ -0,0 +1,210 @@
		1	#!/bin/sh
		2	#
		3	# Ben Secrest <blsecres@gmail.com>
		4	#
		5	# sh c_rehash script, scan all files in a directory
		6	# and add symbolic links to their hash values.
		7	#
		8	# based on the c_rehash perl script distributed with openssl
		9	#
		10	# LICENSE: See OpenSSL license
		11	# ^^acceptable?^^
		12	#
		13
		14	# default certificate location
		15	DIR=/etc/openssl
		16
		17	# for filetype bitfield
		18	IS_CERT=$(( 1 << 0 ))
		19	IS_CRL=$(( 1 << 1 ))
		20
		21
		22	# check to see if a file is a certificate file or a CRL file
		23	# arguments:
		24	# 1. the filename to be scanned
		25	# returns:
		26	# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
		27	#
		28	check_file()
		29	{
		30	local IS_TYPE=0
		31
		32	# make IFS a newline so we can process grep output line by line
		33	local OLDIFS=${IFS}
		34	IFS=$( printf "\n" )
		35
		36	# XXX: could be more efficient to have two 'grep -m' but is -m portable?
		37	for LINE in $( grep '^-----BEGIN .*-----' ${1} )
		38	do
		39	if echo ${LINE} \
		40	\| grep -q -E '^-----BEGIN (X509 \|TRUSTED )?CERTIFICATE-----'
		41	then
		42	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CERT} ))
		43
		44	if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
		45	then
		46	break
		47	fi
		48	elif echo ${LINE} \| grep -q '^-----BEGIN X509 CRL-----'
		49	then
		50	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CRL} ))
		51
		52	if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
		53	then
		54	break
		55	fi
		56	fi
		57	done
		58
		59	# restore IFS
		60	IFS=${OLDIFS}
		61
		62	return ${IS_TYPE}
		63	}
		64
		65
		66	#
		67	# use openssl to fingerprint a file
		68	# arguments:
		69	# 1. the filename to fingerprint
		70	# 2. the method to use (x509, crl)
		71	# returns:
		72	# none
		73	# assumptions:
		74	# user will capture output from last stage of pipeline
		75	#
		76	fingerprint()
		77	{
		78	${SSL_CMD} ${2} -fingerprint -noout -in ${1} \| sed 's/^.*=//' \| tr -d ':'
		79	}
		80
		81
		82	#
		83	# link_hash - create links to certificate files
		84	# arguments:
		85	# 1. the filename to create a link for
		86	# 2. the type of certificate being linked (x509, crl)
		87	# returns:
		88	# 0 on success, 1 otherwise
		89	#
		90	link_hash()
		91	{
		92	local FINGERPRINT=$( fingerprint ${1} ${2} )
		93	local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
		94	local SUFFIX=0
		95	local LINKFILE=''
		96	local TAG=''
		97
		98	if [ ${2} = "crl" ]
		99	then
		100	TAG='r'
		101	fi
		102
		103	LINKFILE=${HASH}.${TAG}${SUFFIX}
		104
		105	while [ -f ${LINKFILE} ]
		106	do
		107	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
		108	then
		109	echo "WARNING: Skipping duplicate file ${1}" >&2
		110	return 1
		111	fi
		112
		113	SUFFIX=$(( ${SUFFIX} + 1 ))
		114	LINKFILE=${HASH}.${TAG}${SUFFIX}
		115	done
		116
		117	echo "${1} => ${LINKFILE}"
		118
		119	# assume any system with a POSIX shell will either support symlinks or
		120	# do something to handle this gracefully
		121	ln -s ${1} ${LINKFILE}
		122
		123	return 0
		124	}
		125
		126
		127	# hash_dir create hash links in a given directory
		128	hash_dir()
		129	{
		130	echo "Doing ${1}"
		131
		132	cd ${1}
		133
		134	ls -1 * 2>/dev/null \| while read FILE
		135	do
		136	if echo ${FILE} \| grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
		137	&& [ -h "${FILE}" ]
		138	then
		139	rm ${FILE}
		140	fi
		141	done
		142
		143	ls -1 *.pem 2>/dev/null \| while read FILE
		144	do
		145	check_file ${FILE}
		146	local FILE_TYPE=${?}
		147	local TYPE_STR=''
		148
		149	if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
		150	then
		151	TYPE_STR='x509'
		152	elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
		153	then
		154	TYPE_STR='crl'
		155	else
		156	echo "WARNING: ${FILE} does not contain a certificate or CRL: skipping" >&2
		157	continue
		158	fi
		159
		160	link_hash ${FILE} ${TYPE_STR}
		161	done
		162	}
		163
		164
		165	# choose the name of an ssl application
		166	if [ -n "${OPENSSL}" ]
		167	then
		168	SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
		169	else
		170	SSL_CMD=/usr/bin/openssl
		171	OPENSSL=${SSL_CMD}
		172	export OPENSSL
		173	fi
		174
		175	# fix paths
		176	PATH=${PATH}:${DIR}/bin
		177	export PATH
		178
		179	# confirm existance/executability of ssl command
		180	if ! [ -x ${SSL_CMD} ]
		181	then
		182	echo "${0}: rehashing skipped ('openssl' program not available)" >&2
		183	exit 0
		184	fi
		185
		186	# determine which directories to process
		187	old_IFS=$IFS
		188	if [ ${#} -gt 0 ]
		189	then
		190	IFS=':'
		191	DIRLIST=${*}
		192	elif [ -n "${SSL_CERT_DIR}" ]
		193	then
		194	DIRLIST=$SSL_CERT_DIR
		195	else
		196	DIRLIST=${DIR}/certs
		197	fi
		198
		199	IFS=':'
		200
		201	# process directories
		202	for CERT_DIR in ${DIRLIST}
		203	do
		204	if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
		205	then
		206	IFS=$old_IFS
		207	hash_dir ${CERT_DIR}
		208	IFS=':'
		209	fi
		210	done