diff options
-rwxr-xr-x | scripts/certs/cert-check | 39 | ||||
-rwxr-xr-x | scripts/certs/cert-import | 33 |
2 files changed, 49 insertions, 23 deletions
diff --git a/scripts/certs/cert-check b/scripts/certs/cert-check index 09b1a0f..88a6fb2 100755 --- a/scripts/certs/cert-check +++ b/scripts/certs/cert-check @@ -14,14 +14,12 @@ # file descriptor sharing is suitable (stdin can be read only once, # generally, there is a race between the two?) # - wget vs. certificates? switch to curl? - -set -u -set +e +# - remove unneeded subshells? ( '()' -> '{}' ) CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt HOMEBUNDLE=~/.pki/tls/certs/ca-bundle.crt -#WGET="wget -nv --ca-certificate <(cat "${CA_BUNDLE}" "${HOMEBUNDLE}")" -WGET="wget -nv" +#WGET="wget -nv -U '' --ca-certificate <(cat "${CA_BUNDLE}" "${HOMEBUNDLE}")" +WGET="wget -nv -U ''" guess_inform() { case "{1##*.}" in @@ -74,8 +72,8 @@ cert_pick_url() { local port=${host#*:} [ "${port}" = "${machine}" ] && port=443 ( echo ">>> recursion" >&2 - main "${machine}" "${port}" \ - || main -nocrl "${machine}" "${port}" + cert_pick_check "${machine}" "${port}" \ + || cert_pick_check -nocrl "${machine}" "${port}" echo "<<< recursion" >&2 ) >&2 \ && ${WGET} --no-check-certificate "$1" -O- fi) | openssl x509 -inform "${inform}" @@ -131,16 +129,29 @@ colorize() { || cat ) | awk 'FNR == 1 { last=$1; while (getline) { print last; last=$0; } exit last}' } -pseudo_return() { - return $1 -} - -main() { +cert_pick_check() { local crl=1 [ "$1" = "-nocrl" ] && shift && crl=0 cert_pick "$@" | cert_check $crl } +setup() { + set -u + RESTOREUMASK=$(umask -p) + umask 077 +} + +teardown() { + ${RESTOREUMASK} + unset RESTOREUMASK + return $1 +} + [[ "${BASH_SOURCE[0]}" != "${0}" ]] || \ - ( [ $# -lt 1 ] && echo "usage: $0 [-nocrl] file-or-url-or-server [server-port=443]" \ - || ( main "$@"; echo $? ) |& colorize 1 && set +u || ( ret=$?; set +u; pseudo_return $ret )) + [ $# -lt 1 ] \ + && echo "usage: $0" \ + "[-nocrl] file-or-url-or-server [server-port=443]" \ + || ( setup + ( cert_pick_check "$@"; echo $? ) \ + |& colorize 1 + teardown $? ) diff --git a/scripts/certs/cert-import b/scripts/certs/cert-import index ecf8b76..7e23d32 100755 --- a/scripts/certs/cert-import +++ b/scripts/certs/cert-import @@ -4,10 +4,7 @@ # # jpokorny@redhat.com # -# TODO: fix exit code - -set -u -set +e +# TODO: fix exit code, remove unneeded subshells? ( '()' -> '{}' ) source cert-check @@ -40,18 +37,20 @@ cert_import_firefox() { } cert_import() { - local homebundle=0 firefox=0 mutt=0 crl=1 + local homebundle=0 firefox=0 mutt=0 crl=1 spec=0 while true; do case $1 in homebundle) homebundle=1;; firefox) firefox=1;; mutt) mutt=1;; all) homebundle=1; firefox=1; mutt=1;; - --) ;; - *) break;; + --|*) break;; esac + spec=1 shift done + [ $spec -eq 0 ] \ + && echo "run me without arguments to get usage help" && return [ "$1" = "-nocrl" ] && shift && crl=0 ( (cert_pick "$@" | cert_check $crl) \ @@ -62,8 +61,24 @@ cert_import() { ) |& colorize 1 } +setup() { + set -u + RESTOREUMASK=$(umask -p) + umask 077 +} + +teardown() { + ${RESTOREUMASK} + unset RESTOREUMASK + return $1 +} + [[ "${BASH_SOURCE[0]}" != "${0}" ]] || \ [ $# -lt 1 ] \ - && echo "usage: $0 (homebundle|mutt|firefox|all)* [-nocrl] file-or-server [port=443]" \ - || ( cert_import "$@" && set +u || ( ret=$?; set +u; pseudo_return $ret )) + && echo "usage: $0" \ + "(homebundle|mutt|firefox|all)*" \ + "[-nocrl] file-or-server [port=443]" \ + || ( setup + cert_import "$@" + teardown $? ) |