Добавление сертификата для проекта ЕСПД Цифровая экономика

1 year ago · 0b4c559941
parent 9019823f3e
commit 0b4c559941
2 changed files with 97 additions and 0 deletions
--- a/app-misc/ca-espdrt-certificates/Manifest
+++ b/app-misc/ca-espdrt-certificates/Manifest
@ -0,0 +1 @@
+DIST ca-espdrt-certificates-2022.11.25_root.cer 1017 BLAKE2B 06a22b5e1038d8df25b719f108ca42cd4db1585659bb398d824f26eb88798274ad3d18594be94e323a6420b65e524db73f5bc217cd0ca27726fe439a88554ca8 SHA512 b56f40cc45f6683c2fa3242bb7c51bb0ce0fd58acd3065c24c4054aab482f1477c295cc8c1437abb4664fa215e3057ec23912c49b5256ba629142cfdd142880b
--- a/app-misc/ca-espdrt-certificates/ca-espdrt-certificates-2022.11.25.ebuild
+++ b/app-misc/ca-espdrt-certificates/ca-espdrt-certificates-2022.11.25.ebuild
@ -0,0 +1,96 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="Установка корневого сертификата для проекта ЕСПД Цифровая экономика"
+HOMEPAGE="https://espd.wifi.rt.ru/settings/cert-install"
+
+SRC_URI="
+https://espd.wifi.rt.ru/docs/ca-root.crt -> ${P}_root.cer
+"
+
+LICENSE=""
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+
+RESTRICT="bindist mirror strip"
+
+S="${WORKDIR}"
+
+CA=usr/local/share/ca-certificates
+ESPD_TR_R=${P}_root.crt
+
+ESPD_TR_R_NAME=" CA Root Social Objects - PJSC \"Rostelecom\""
+
+## Ассоциативный массив {имя сертификата:файл}
+declare -A massiv
+massiv[${ESPD_TR_R_NAME}]=${ESPD_TR_R}
+
+src_prepare() {
+	mkdir -p ${CA} || die
+	default
+}
+
+src_install() {
+	mv * "${D}" || die
+}
+
+pkg_postinst() {
+	if [[ -d "/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+
+# Установка для браузеров
+
+# Создаём базу nssdb для системы
+mkdir -p /etc/pki/nssdb || die
+
+nssdir=$(find /home/ -name "cert9.db")
+nssdir+=$'\n/etc/pki/nssdb/cert9.db'
+
+for certDB in ${nssdir}
+do
+	certdir=$(dirname ${certDB});
+
+	for k in "${!massiv[@]}"; do
+		certutil -A -n "${k}" -t "CTu,Cu,Cu" -i /${CA}/${massiv[$k]} -d sql:${certdir};
+	done
+done
+
+	if [[ -n "$(find -L /etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L /etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}
+
+pkg_prerm() {
+	# Удаляем сертификаты
+	rm -f /usr/local/share/ca-certificates/${P}_{root}.crt
+
+	if [[ -d "/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	nssdir=$(find /home/ -name "cert9.db")
+	nssdir+=$'\n/etc/pki/nssdb/cert9.db'
+
+	for certDB in ${nssdir}
+	do
+	        certdir=$(dirname ${certDB});
+
+		for k in "${!massiv[@]}"; do
+			certutil -D -n /${CA}"${k}" -d sql:${certdir};
+		done
+	done
+}
				`@ -0,0 +1 @@`
				`DIST ca-espdrt-certificates-2022.11.25_root.cer 1017 BLAKE2B 06a22b5e1038d8df25b719f108ca42cd4db1585659bb398d824f26eb88798274ad3d18594be94e323a6420b65e524db73f5bc217cd0ca27726fe439a88554ca8 SHA512 b56f40cc45f6683c2fa3242bb7c51bb0ce0fd58acd3065c24c4054aab482f1477c295cc8c1437abb4664fa215e3057ec23912c49b5256ba629142cfdd142880b`