forked from URZ/admin-tools
Use ca-certificates as target path
This commit is contained in:
30
UpdateCRL.sh
30
UpdateCRL.sh
@@ -33,8 +33,8 @@ function ERROR {
|
|||||||
|
|
||||||
###########################################################
|
###########################################################
|
||||||
|
|
||||||
PATHCRL=/etc/CertsAndKeys
|
PATHCRL=/usr/local/share/ca-certificates
|
||||||
CRL=(UniHGW-CRL.pem GEANT-RSA-CRL.pem GEANT-ECC-CRL.pem)
|
CRL=(UniHGW-CRL GEANT-RSA-CRL GEANT-ECC-CRL)
|
||||||
PATHSSL=/etc/ssl/certs
|
PATHSSL=/etc/ssl/certs
|
||||||
LASTRUN=/var/lib/runtime/$(basename "$0" .sh).lastrun
|
LASTRUN=/var/lib/runtime/$(basename "$0" .sh).lastrun
|
||||||
ERR=0
|
ERR=0
|
||||||
@@ -49,52 +49,42 @@ fi
|
|||||||
|
|
||||||
for CRL in "${CRL[@]}"
|
for CRL in "${CRL[@]}"
|
||||||
do
|
do
|
||||||
URLCRL=https://cacher.rz.uni-greifswald.de/$CRL
|
URLCRL=https://cacher.rz.uni-greifswald.de/$CRL.pem
|
||||||
|
|
||||||
# Download CRL
|
# Download CRL
|
||||||
if ! /usr/bin/timeout 5s wget -q -O /tmp/"$CRL" "$URLCRL"; then
|
if ! /usr/bin/timeout 5s wget -q -O "/tmp/$CRL.pem" "$URLCRL"; then
|
||||||
ERROR "Could not download $CRL!"
|
ERROR "Could not download $CRL!"
|
||||||
ERR=1
|
ERR=1
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Verify CRL
|
# Verify CRL
|
||||||
if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in /tmp/"$CRL" -noout > /dev/null 2>&1; then
|
if ! /usr/bin/openssl crl -CApath "$PATHSSL" -in "/tmp/$CRL.pem" -noout > /dev/null 2>&1; then
|
||||||
ERROR "Could not verify $CRL against $PATHSSL!"
|
ERROR "Could not verify $CRL against $PATHSSL!"
|
||||||
ERR=1
|
ERR=1
|
||||||
rm -f /tmp/"$CRL"
|
rm -f "/tmp/$CRL.pem"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check CRL validity
|
# Check CRL validity
|
||||||
CRLDATETIME=$(openssl crl -in /tmp/"$CRL" -nextupdate -noout | sed 's/nextUpdate=//g')
|
CRLDATETIME=$(openssl crl -in "/tmp/$CRL.pem" -nextupdate -noout | sed 's/nextUpdate=//g')
|
||||||
VALIDUNTIL=$(date -d "$CRLDATETIME" +%s)
|
VALIDUNTIL=$(date -d "$CRLDATETIME" +%s)
|
||||||
|
|
||||||
if [[ "$VALIDUNTIL" -lt $(date +%s) ]]; then
|
if [[ "$VALIDUNTIL" -lt $(date +%s) ]]; then
|
||||||
ERROR "$CRL is invalid!"
|
ERROR "$CRL is invalid!"
|
||||||
ERR=1
|
ERR=1
|
||||||
rm -f /tmp/"$CRL"
|
rm -f "/tmp/$CRL.pem"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Move CRL to final destination path
|
# Move CRL to final destination path
|
||||||
if ! mv -f /tmp/"$CRL" "$PATHCRL"/"$CRL"; then
|
if ! mv -f "/tmp/$CRL.pem" "$PATHCRL/$CRL.crt"; then
|
||||||
ERROR "Could not move CRL to $PATHCRL!"
|
ERROR "Could not move CRL to $PATHCRL!"
|
||||||
ERR=1
|
ERR=1
|
||||||
rm -f /tmp/"$CRL"
|
rm -f "/tmp/$CRL.pem"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Link CRL
|
|
||||||
if [[ ! -L "$PATHSSL"/"$CRL" ]]; then
|
|
||||||
if ! ln -s "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL"; then
|
|
||||||
ERROR "Could not create CRL link to $PATHSSL!"
|
|
||||||
ERR=1
|
|
||||||
rm -f "$PATHCRL"/"$CRL" "$PATHSSL"/"$CRL"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
INFO "$CRL successfully updated"
|
INFO "$CRL successfully updated"
|
||||||
|
|
||||||
done
|
done
|
||||||
|
|||||||
Reference in New Issue
Block a user