rpms / ca-certificates

Clone
Source Code
GIT

Blame fetch.sh

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   6d164aedd7ed6f6d89778dceaecd29f69f94be55
  2.   fetch.sh
Blob History Raw
96465e8 
#!/bin/sh
605570b 
#
605570b 
# This script fetches the latest released certdata.txt and updates the
605570b 
# ca-certificates.spec file
605570b 
#
605570b 
baseurl="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib"
605570b 
force=0
6d164ae 
skip_signed_obj=0
605570b 
release_type="RTM"
6d164ae 
release="3_65"
605570b 
while [ -n "$1" ]; do
605570b 
   case $1 in
605570b 
   "-d")
605570b 
	baseurl="https://hg.mozilla.org/projects/nss/raw-file/default/lib"
605570b 
	;;
605570b 
   -t*)
605570b 
	release_type=`echo $1 | sed -e 's;-t;;'`
605570b 
	if [ "${release_type}" = "" ]; then
605570b 
	   shift
605570b 
	   release_type=$1
605570b 
	fi
605570b 
	baseurl="https://hg.mozilla.org/projects/nss/raw-file/NSS_${release}_${release_type}/lib"
605570b 
	;;
605570b 
   -n*)
605570b 
	release=`echo $1 | sed -e 's;-n;;'`
605570b 
	if [ "${release}" = "" ]; then
605570b 
	   shift
605570b 
	   release=$1
605570b 
	fi
605570b 
	release=`echo ${release} | sed -e 's;\\.;_;g'`
605570b 
	baseurl="https://hg.mozilla.org/projects/nss/raw-file/NSS_${release}_${release_type}/lib"
605570b 
	;;
605570b 
   "-f")
605570b 
	force=1
605570b 
	;;
6d164ae 
   "-s")
6d164ae 
        skip_signed_obj=1
6d164ae 
        ;;
605570b 
    *)
605570b 
	echo "usage: $0 [-r] [-n release] [-f]"
605570b 
	echo "-d           use the development tip rather than the latest release"
605570b 
	echo "-n release   fetch a specific nss release"
605570b 
	echo "-f           skip the verify check"
6d164ae 
	echo "-s           skip fetching signed objects"
605570b 
	exit 1
605570b 
	;;
605570b 
    esac
605570b 
    shift
605570b 
done
605570b
605570b 
# get the current certdata version number
605570b 
# nss version number
605570b 
# user making the change
605570b 
# email of user
605570b 
#
605570b 
# versions from the latest nss code in mozilla
605570b 
echo "Getting CKBI version number"
605570b 
ckbi_version=`wget ${baseurl}/ckfw/builtins/nssckbi.h -O - | grep "NSS_BUILTINS_LIBRARY_VERSION " | awk '{print $NF}' | sed -e "s;\";;g" `
605570b 
if [ "${ckbi_version}" = "" ]; then
605570b 
    echo "Didn't find ckbi version from ${baseurl}"
605570b 
    exit 1;
605570b 
fi
605570b 
echo "Getting NSS version number"
605570b 
nss_version=`wget ${baseurl}/nss/nss.h -O - | grep "NSS_VERSION" | awk '{print $3}' | sed -e "s;\";;g" `
605570b 
if [ "${nss_version}" = "" ]; then
605570b 
    echo "Didn't find nss version from ${baseurl}"
605570b 
    exit 1;
605570b 
fi
605570b 
# date from the current system date on this machine
605570b 
echo "Creating change log"
605570b 
export LANG=C
605570b 
year=`date +%Y`
605570b 
log_date=`date +"%a %b %d %Y"`
605570b 
# user name from the environment, fallback to git, fallback to the current user
605570b 
username=`whoami`
605570b 
name=${NAME}
605570b 
if [ "${name}" = "" ]; then
605570b 
   name=`git config user.name`
605570b 
fi
605570b 
if [ "${name}" = "" ]; then
605570b 
   name=`getent passwd $username`
605570b 
fi
605570b 
email=${EMAIL}
605570b 
if [ "${email}" = "" ]; then
605570b 
   email=`git config user.email`
605570b 
fi
605570b 
if [ "${email}" = "" ]; then
605570b 
   email=$username@`hostname`
605570b 
fi
605570b 
# rawhide >=2, branches 1.x
605570b 
cwd=$(pwd)
17e75b4 
if [ `basename ${cwd}` = rawhide ]; then
605570b 
    release="2"
605570b 
else
605570b 
    release="1.0"
605570b 
fi
605570b 
version=${year}.${ckbi_version}
605570b
605570b 
#make sure the the current version is newer than what is already there
605570b 
current_version=`grep ^Version: ca-certificates.spec | awk '{ print $NF }'`
605570b 
if [ ${current_version} \> ${version} -o ${current_version} = ${version} ]; then
605570b 
   echo "Can't downgrade current version: ${current_version} new version: ${version}"
605570b 
   exit 1;
605570b 
fi
605570b
605570b 
# now get our new certdata.txt
605570b 
echo "Fetching new certdata.txt"
605570b 
wget ${baseurl}/ckfw/builtins/certdata.txt -O certdata.txt
605570b 
if [ $? -ne 0 ]; then
605570b 
   echo fetching certdata.text from ${baseurl} failed!
605570b 
   echo " To restore the old certdata.txt use:"
605570b 
   echo "    git checkout -- certdata.txt"
605570b 
   exit 1;
605570b 
fi
605570b
6d164ae 
if [ ${skip_signed_obj} -eq 0 ]; then
6d164ae 
   ./fetch_objsign.sh
6d164ae 
fi
6d164ae
605570b 
# Verify everything is good with the user
605570b 
echo -e "Upgrading ${current_version} -> ${version}:"
605570b 
echo -e "*${log_date} ${name} <$email> ${version}-${release}\n - Update to CKBI ${ckbi_version} from NSS ${nss_version}"
605570b 
./check_certs.sh
605570b 
echo ""
605570b
605570b 
yn=""
605570b 
if [ ! ${force} ]; then
605570b 
	echo -n "Do you want to continue (Y/N default Y)? "
605570b 
	read yn
605570b 
	echo ""
605570b 
fi
605570b 
if [ "${yn}" != "" -a "${yn}" != "y" -a "${yn}" != "Y" -a "${yn}" != "yes" -a "${yn}" != "YES" ]; then
605570b 
    echo "Skipping ca-certificate.spec upgrade."
605570b 
    echo " NOTE: certdata.txt has been upgraded."
605570b 
    echo " To restore the old certdata.txt use:"
605570b 
    echo "    git checkout -- certdata.txt"
605570b 
    exit 1;
605570b 
fi
605570b
605570b 
echo "Updating .spec file"
605570b 
cat ca-certificates.spec | while IFS= read -r line
605570b 
do
605570b 
    echo $line | grep "^Version: " 1>&2
605570b 
    if [ $? -eq 0 ]; then
605570b 
	echo "Version: ${version}"
605570b 
	echo "New Version: ${version}" 1>&2
605570b 
	continue
605570b 
    fi
605570b 
    echo $line | grep "^Release: " 1>&2
605570b 
    if [ $?  -eq 0 ]; then
605570b 
	echo "Release: ${release}%{?dist}"
605570b 
	echo "New Release: ${release}%{?dist}" 1>&2
605570b 
	continue
605570b 
    fi
605570b 
    echo $line | grep "^%changelog" 1>&2
605570b 
    if [ $?  -eq 0 ]; then
605570b 
	echo "$line"
605570b 
	echo -e "*${log_date} ${name} <$email> ${version}-${release}\n - Update to CKBI ${ckbi_version} from NSS ${nss_version}"
605570b 
	echo -e "*${log_date} ${name} <$email> ${version}-${release}\n - Update to CKBI ${ckbi_version} from NSS ${nss_version}"  1>&2
605570b 
	./check_certs.sh
605570b 
       echo ""
605570b 
	continue
605570b 
    fi
605570b 
    echo "$line"
605570b 
done > /tmp/ca-certificates.spec.$$
605570b 
mv /tmp/ca-certificates.spec.$$ ca-certificates.spec
605570b 
git status
605570b 
exit 0
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.