| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657 |
- #!/bin/bash
- # скрипт автодобавления сертификатов минцифры в Debian
- # author V.Koshuba - 2023(c)
- #
- # script path
- path_script="$(dirname $(readlink --canonicalize-existing "$0"))";
- # хост хранения сертификатов - откуда скачиваем
- url_gov="https://gu-st.ru/content/lending/";
- # сертификаты
- cert_gov=( "russian_trusted_sub_ca_pem.crt"
- "russian_trusted_root_ca_pem.crt"
- );
- # certs pool
- path_ssl="/etc/ssl/certs";
- function addCerts(){
- for ((ix = 0; ix != ${#cert_gov[@]}; ix++)); do
- if wget -c -t 1 --inet4-only -c -O $path_script/${cert_gov[$ix]} $url_gov/${cert_gov[$ix]}; then
- echo "сертификат скачан успешно!";
- else
- echo "ошибка - сертификат не скачан!..";
- exit
- fi
- if [ "$( echo -e ${cert_gov[$ix]}|wc -m)" != "0" ]; then
- cert_name=$(echo -e ${cert_gov[$ix]}|sed 's/\_pem.crt//g');
- sudo openssl x509 -in $path_script/${cert_gov[$ix]} -out $path_ssl/$cert_name.pem -outform PEM;
- cd $path_ssl;
- sudo ln -sf $cert_name.pem $(sudo openssl x509 -in $cert_name.pem -noout -hash).0
- sudo chmod 600 $path_ssl/$cert_name.pem;
- sudo chown root:root $path_ssl/$cert_name.pem;
- cd $path_script;
- fi
- # для пользователя
- eval cert8_db="(" $(find $HOME -type f -name cert8.db -printf '%p\n') ")";
- eval cert9_db="(" $(find $HOME -type f -name cert9.db -printf '%p\n') ")";
- #
- if [ "$(echo -e ${#cert8_db[@]})" != "0" ]; then
- for ((i_dm = 0; i_dm != ${#cert8_db[@]}; i_dm++)); do
- certdir=$(dirname ${cert8_db[$i_dm]});
- sudo certutil -A -n "$cert_name" -t "TCu,Cu,Tu" -i $path_script/${cert_gov[$ix]} -d dbm:$certdir;
- done
- fi
- if [ "$(echo -e ${#cert9_db[@]})" != "0" ]; then
- for ((i_dm = 0; i_dm != ${#cert9_db[@]}; i_dm++)); do
- certdir=$(dirname ${cert9_db[$i_dm]});
- sudo certutil -A -n "$cert_name" -t "TCu,Cu,Tu" -i $path_script/${cert_gov[$ix]} -d sql:$certdir
- done
- fi
- done
- sudo update-ca-certificates;
- sudo update-ca-certificates --fresh;
- #
- }
- addCerts;
|
