make.sh (1480B)
- GET="wget -c --no-check-certificate"
- OPGP="gpg --auto-key-retrieve --verify"
- SRC_URI="https://hackint.org/crt/rootca.crt
- https://sks-keyservers.net/sks-keyservers.netCA.pem
- https://sks-keyservers.net/sks-keyservers.netCA.pem.asc
- https://www.immerda.ch/assets/certs/immer-ca.crt
- https://www.immerda.ch/assets/certs/immer-ca.crt.asc"
- VERIFICATIONS="openpgp-direct" # openpgp-fingerprint
- openpgp-direct() {
- for i in *.asc; do $OPGP ${i} || exit; done
- }
- openpgp-fingerprint() {
- echo 'Not yet done, anyway cacert.org uses broken crypto for this verification'
- exit
- }
- clean() {
- set -x
- rm -fr src/* ca-certificates.pem
- }
- install() {
- echo 'I don’t know how to install… there is no standard on that'
- echo " * OpenSSL/LibreSSL: put ca-certificates.pem or src/*.pem in /usr/local/share/ca-certificates and do update-ca-certificates"
- echo " * GnuPG: “hkp-cacert $(pwd)/src/sks-keyservers.netCA.pem” in ${GNUPGHOME:-$HOME/.gnupg}/dirmngr.conf"
- echo " * Mono (import): mozroots --import ca-certificates.pem"
- echo " * Mono (replace): mozroots --sync --file ca-certificates.pem"
- echo "For more see https://wiki.gentoo.org/wiki/Certificates"
- }
- main() {
- set -x
- mkdir src; cd src
- for i in $SRC_URI; do $GET ${i}; done
- wget -O rootca.crt.asc https://hackint.org/crt/sigs/combined.asc
- for i in $VERIFICATIONS; do ${i}; done
- cd ..
- cat src/*.crt src/*.pem > ca-certificates.pem
- }
- case "$1" in
- clean*)
- clean
- ;;
- install*)
- install
- ;;
- all*|*)
- main
- ;;
- esac