db-move: moved webkitgtk-6.0 from [testing] to [extra] (x86_64)
[arch-packages.git] / ca-certificates / trunk / update-ca-trust
blob53441b36707096d71527a46dd3eb0cf5a2b72af2
1 #!/bin/bash
3 # At this time, while this script is trivial, we ignore any parameters given.
4 # However, for backwards compatibility reasons, future versions of this script must
5 # support the syntax "update-ca-trust extract" trigger the generation of output
6 # files in $DEST.
8 DEST=/etc/ca-certificates/extracted
10 # Prevent p11-kit from reading user configuration files.
11 export P11_KIT_NO_USER_CONFIG=1
13 extract() {
14 trust extract --overwrite "$@"
17 ## Simple PEM bundles
18 extract --comment --format=pem-bundle --filter=ca-anchors --purpose=server-auth $DEST/tls-ca-bundle.pem
19 extract --comment --format=pem-bundle --filter=ca-anchors --purpose=email $DEST/email-ca-bundle.pem
20 extract --comment --format=pem-bundle --filter=ca-anchors --purpose=code-signing $DEST/objsign-ca-bundle.pem
22 ## OpenSSL PEM bundle that includes trust flags
23 extract --comment --format=openssl-bundle --filter=certificates $DEST/ca-bundle.trust.crt
25 ## TianoCore EDK II bundle
26 extract --format=edk2-cacerts --filter=ca-anchors --purpose=server-auth $DEST/edk2-cacerts.bin
28 ## Java bundle
29 extract --format=java-cacerts --filter=ca-anchors --purpose=server-auth /etc/ssl/certs/java/cacerts
31 ## OpenSSL-style directory with individual PEM files and hash links
32 # The directory-format extractors remove all files in the target directory, but not directories or files therein
33 extract --format=pem-directory-hash --filter=ca-anchors --purpose=server-auth $DEST/cadir
35 # We don't want to have to remove everything from the certs directory but neither
36 # do we want to leave stale certs around, so only place symlinks in the real cadir
37 for f in $DEST/cadir/*; do
38 ln -fsr -t /etc/ssl/certs "$f"
39 done
41 # Now find and remove all broken symlinks
42 find -L /etc/ssl/certs -maxdepth 1 -type l -delete