|
|
|
|
@ -22,7 +22,7 @@ S="${WORKDIR}"
|
|
|
|
|
CA=usr/local/share/ca-certificates
|
|
|
|
|
ESPD_TR_R=${P}_root.crt
|
|
|
|
|
|
|
|
|
|
ESPD_TR_R_NAME="CA Root Social Objects - PJSC Rostelecom"
|
|
|
|
|
ESPD_TR_R_NAME="CA Root Social Objects - PJSC \"Rostelecom\""
|
|
|
|
|
|
|
|
|
|
## Ассоциативный массив {имя сертификата:файл}
|
|
|
|
|
declare -A massiv
|
|
|
|
|
@ -45,55 +45,58 @@ pkg_postinst() {
|
|
|
|
|
# However it's too overzealous when the user has custom certs in place.
|
|
|
|
|
# --fresh is to clean up dangling symlinks
|
|
|
|
|
/usr/sbin/update-ca-certificates
|
|
|
|
|
elog Установка корневого сертификата в /etc/ssl/certs/ выполнено
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Установка для браузеров
|
|
|
|
|
# Создаём базу nssdb для системы
|
|
|
|
|
mkdir -p /etc/pki/nssdb || die
|
|
|
|
|
|
|
|
|
|
# Установка для браузеров
|
|
|
|
|
|
|
|
|
|
# Создаём базу nssdb для системы
|
|
|
|
|
mkdir -p /etc/pki/nssdb || die
|
|
|
|
|
|
|
|
|
|
nssdir=$(find /home/ -name "cert9.db")
|
|
|
|
|
nssdir+=$'\n/etc/pki/nssdb/cert9.db'
|
|
|
|
|
nssdir=$(find /home/ -name "cert9.db")
|
|
|
|
|
nssdir+=$'\n/etc/pki/nssdb/cert9.db'
|
|
|
|
|
|
|
|
|
|
for certDB in ${nssdir}
|
|
|
|
|
do
|
|
|
|
|
certdir=$(dirname ${certDB});
|
|
|
|
|
for certDB in ${nssdir}
|
|
|
|
|
do
|
|
|
|
|
certdir=$(dirname ${certDB});
|
|
|
|
|
|
|
|
|
|
for k in "${!massiv[@]}"; do
|
|
|
|
|
certutil -A -n "${k}" -t "CTu,Cu,Cu" -i /${CA}/${massiv[$k]} -d sql:${certdir};
|
|
|
|
|
for k in "${!massiv[@]}"; do
|
|
|
|
|
certutil -A -n "${k}" -t "CTu,Cu,Cu" -i /${CA}/${massiv[$k]} -d sql:${certdir};
|
|
|
|
|
elog Установка корневого сертификата в ${certdir} выполнено
|
|
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [[ -n "$(find -L /etc/ssl/certs/ -type l)" ]] ; then
|
|
|
|
|
ewarn "Removing the following broken symlinks:"
|
|
|
|
|
ewarn "Удалите следующие неработающие символические ссылки с помощью команды:"
|
|
|
|
|
ewarn "$(find -L /etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pkg_prerm() {
|
|
|
|
|
# Удаляем сертификаты
|
|
|
|
|
rm -f /usr/local/share/ca-certificates/${P}_{root}.crt
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pkg_postrm() {
|
|
|
|
|
if [[ -d "/usr/local/share/ca-certificates" ]] ; then
|
|
|
|
|
# If the user has local certs, we need to rebuild again
|
|
|
|
|
# to include their stuff in the db.
|
|
|
|
|
# However it's too overzealous when the user has custom certs in place.
|
|
|
|
|
# --fresh is to clean up dangling symlinks
|
|
|
|
|
/usr/sbin/update-ca-certificates --fresh
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Удаляем сертификаты из nss
|
|
|
|
|
nssdir=$(find /home/ -name "cert9.db")
|
|
|
|
|
nssdir+=$'\n/etc/pki/nssdb/cert9.db'
|
|
|
|
|
|
|
|
|
|
for certDB in ${nssdir}
|
|
|
|
|
do
|
|
|
|
|
certdir=$(dirname ${certDB});
|
|
|
|
|
certdir=$(dirname ${certDB});
|
|
|
|
|
|
|
|
|
|
for k in "${!massiv[@]}"; do
|
|
|
|
|
certutil -D -n /${CA}"${k}" -d sql:${certdir};
|
|
|
|
|
elog Удаление корневого сертификата из ${certdir} выполнено
|
|
|
|
|
done
|
|
|
|
|
done
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pkg_postrm() {
|
|
|
|
|
if [[ -d "/usr/local/share/ca-certificates" ]] ; then
|
|
|
|
|
# If the user has local certs, we need to rebuild again
|
|
|
|
|
# to include their stuff in the db.
|
|
|
|
|
# However it's too overzealous when the user has custom certs in place.
|
|
|
|
|
# --fresh is to clean up dangling symlinks
|
|
|
|
|
/usr/sbin/update-ca-certificates --fresh
|
|
|
|
|
elog Удаление корневого сертификата из /etc/ssl/certs/ выполнено
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Удаляем файлы сертификатов
|
|
|
|
|
rm -f /usr/local/share/ca-certificates/${P}_{root}.crt
|
|
|
|
|
}
|
serg-sg
1 year ago