1 #!/bin/sh 2 # Usage: add-openssl-roots.sh <roots dir> <baseline file> 3 4 # Strip all openssl entries 5 sed -i -e '/openssl/d' "$2" 6 sed -i -e 's/both/nss/' "$2" 7 8 # Re-add them as needed 9 fingerprints=$(for x in "$1"/*.pem; do \ 10 openssl x509 -in "$x" -noout -fingerprint | cut -f2 -d=; \ 11 done) 12 for x in $fingerprints; do 13 if grep -q "nss $x" "$2"; then 14 sed -i -e "s/nss $x/both $x/" "$2" 15 fi 16 if grep -qE "(both|openssl) $x" "$2"; then 17 continue 18 fi 19 echo "openssl $x" >> "$2" 20 done 21 22 # Re-sort the file 23 mv "$2" "$2.tmp" 24 sort "$2.tmp" > "$2" 25 rm "$2.tmp" 26
