Tree - rpms/ca-certificates - CentOS Git server

Blob History Raw

		3c42f9	`#!/bin/sh`
		3c42f9
		3c42f9	`#set -vx`
		3c42f9
		3c42f9	`# At this time, while this script is trivial, we ignore any parameters given.`
		3c42f9	`# However, for backwards compatibility reasons, future versions of this script must`
		3c42f9	`# support the syntax "update-ca-trust extract" trigger the generation of output`
		3c42f9	`# files in $DEST.`
		3c42f9
		3c42f9	`DEST=/etc/pki/ca-trust/extracted`
		3c42f9
		3c42f9	`# Prevent p11-kit from reading user configuration files.`
		3c42f9	`export P11_KIT_NO_USER_CONFIG=1`
		3c42f9
		3c42f9	`# OpenSSL PEM bundle that includes trust flags`
		3c42f9	`# (BEGIN TRUSTED CERTIFICATE)`
		3c42f9	`/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt`
		3c42f9	`/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem`
		3c42f9	`/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem`
		3c42f9	`/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem`
		3c42f9	`/usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts`
		3c42f9	`/usr/bin/p11-kit extract --format=edk2-cacerts --filter=ca-anchors --overwrite --purpose=server-auth $DEST/edk2/cacerts.bin`