b01320
#!/bin/sh
b01320
b01320
#set -vx
b01320
b01320
LCFILE=/etc/pki/ca-trust/ca-legacy.conf
b01320
LLINK=/etc/pki/ca-trust/source/ca-bundle.legacy.crt
b01320
LDEFAULT=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
b01320
LDISABLE=/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
b01320
b01320
# An absent value, or any unexpected value, is treated as "default".
b01320
is_disabled()
b01320
{
b01320
    grep -i "^legacy *= *disable *$" $LCFILE >/dev/null 2>&1
b01320
}
b01320
b01320
do_check()
b01320
{
b01320
    is_disabled
b01320
    if [ $? -eq 0 ]; then
b01320
        echo "Legacy CAs are set to DISABLED in file $LCFILE (affects install/upgrade)"
b01320
        LEXPECT=$LDISABLE
b01320
    else
b01320
        echo "Legacy CAs are set to DEFAULT in file $LCFILE (affects install/upgrade)"
b01320
        LEXPECT=$LDEFAULT
b01320
    fi
b01320
    echo "Status of symbolic link $LLINK:"
b01320
    readlink -v $LLINK
b01320
}
b01320
b01320
do_install()
b01320
{
b01320
    is_disabled
b01320
    if [ $? -eq 0 ]; then
b01320
        # found, legacy is disabled
eb48f3
        sln $LDISABLE $LLINK
b01320
    else
b01320
        # expression not found, legacy is set to default
eb48f3
        sln $LDEFAULT $LLINK
b01320
    fi
b01320
}
b01320
b01320
do_default()
b01320
{
b01320
    sed -i 's/^legacy *=.*$/legacy=default/' $LCFILE
b01320
    do_install
b01320
    /usr/bin/update-ca-trust
b01320
}
b01320
b01320
do_disable()
b01320
{
b01320
    sed -i 's/^legacy *=.*$/legacy=disable/' $LCFILE
b01320
    do_install
b01320
    /usr/bin/update-ca-trust
b01320
}
b01320
b01320
do_help()
b01320
{
b01320
    echo "usage: $0 [check | default | disable | install]"
b01320
}
b01320
b01320
if [[ $# -eq 0 ]]; then
b01320
  # no parameters
b01320
  do_help
b01320
  exit $?
b01320
fi
b01320
b01320
if [[ "$1" = "install" ]]; then
b01320
  do_install
b01320
  exit $?
b01320
fi
b01320
b01320
if [[ "$1" = "default" ]]; then
b01320
  do_default
b01320
  exit $?
b01320
fi
b01320
if [[ "$1" = "disable" ]]; then
b01320
  do_disable
b01320
  exit $?
b01320
fi
b01320
b01320
if [[ "$1" = "check" ]]; then
b01320
  do_check
b01320
  exit $?
b01320
fi
b01320
b01320
echo "$0: Unsupported command $1"
b01320
do_help