Blame SOURCES/update-ca-trust

b4bc2f
#!/bin/sh
b4bc2f
b4bc2f
#set -vx
b4bc2f
b4bc2f
# At this time, while this script is trivial, we ignore any parameters given.
b4bc2f
# However, for backwards compatibility reasons, future versions of this script must 
b4bc2f
# support the syntax "update-ca-trust extract" trigger the generation of output 
b4bc2f
# files in $DEST.
b4bc2f
b4bc2f
DEST=/etc/pki/ca-trust/extracted
b4bc2f
b4bc2f
# OpenSSL PEM bundle that includes trust flags
b4bc2f
# (BEGIN TRUSTED CERTIFICATE)
469a3f
/usr/bin/p11-kit extract --comment --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
469a3f
/usr/bin/p11-kit extract --comment --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
469a3f
/usr/bin/p11-kit extract --comment --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
469a3f
/usr/bin/p11-kit extract --comment --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
b4bc2f
/usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts