-
Notifications
You must be signed in to change notification settings - Fork 4
/
makecertfile
105 lines (93 loc) · 3.54 KB
/
makecertfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
# This script creates a certificate file, which can be used by "gogcheck"
# (https://github.com/hippie68/gogcheck) to verify GOG installers.
# Be aware the script downloads files from external servers - Mozilla's
# certificate list and additional certificates, specified below - and downloads
# (if necessary) and executes the third party script "mk-ca-bundle.pl" from the
# cURL GitHub repository.
additional_certs='
https://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem
'
# Functions: ##################################################################
# Asks the user the yes-no question $1, returning 1 on "yes" and 0 on "no"
ask() {
local reply
read -rp "$1 (y/n) " reply
if [[ $reply == 'y' ]]; then
return 0
else
return 1
fi
}
# Script starts below: ########################################################
script_name='mk-ca-bundle.pl'
script_url='https://raw.githubusercontent.com/curl/curl/master/scripts/mk-ca-bundle.pl'
script_sha256sums=(
4398394eb7b8e7879fadde3497bcc053a7cf19f53a5f2b79eac43ea2bb1e2192 # 2bc1d77 Jan 3, 2023
7128aba721fa9219acd3212308e4d1ecf2649b5bf1edd0160eff7117fce67325 # 4fab113 Jun 29, 2024
afcd8348c4f9b2c4a1890da6890b3eeaa0d9e2b16fd07bea7340b2e8532b0964 # 32f9130 Aug 9, 2024
b318bdfc84bb5fc71431da61f9663ce01739536bb1b393d46315257b3300e412 # 448df98 Nov 12, 2024
)
script_options=(-fup 'CODE_SIGNING:TRUSTED,MUST_VERIFY_TRUST')
if [[ ! $1 ]]; then
echo "Usage: ${0##*/} OUTPUT_FILENAME"
exit 0
else
output=$1
fi
# Check for required tools
for tool in cURL Perl; do
if ! hash ${tool,,} 2> /dev/null; then
echo "Please install $tool to be able to use this script."
exit 1
fi
done
# Check for the Perl script mk-ca-bundle.pl and download it, if necessary
if [[ -f $script_name ]]; then
echo "Found required script \"$script_name\" in the current directory."
elif hash "$script_name" 2> /dev/null; then
echo "Required script \"$script_name\" is available on this system."
else
echo "Required script \"$script_name\" not found. Downloading now..."
if ! curl --silent "$script_url" > "$script_name"; then
echo "Could not download the required script \"$script_name\"."
echo 'Please download it manually or try again.'
echo "The URL is \"$script_url\".".
exit 1
fi
echo '...done.'
echo 'Note: The downloaded script is located in the current directory, filename'
echo " \"$script_name\". Remove it manually later if you don't need it anymore."
fi
# Download Mozilla's certificate file and extract required certs to PEM format
echo "Now executing the script \"$script_name\":"
if hash "$script_name" 2> /dev/null; then
"$script_name" "${script_options[@]}" "$output" || exit $?
else
if ! hash sha256sum 2> /dev/null; then
ask 'Program "sha256sum" not found. The script'\''s checksum cannot be verified.\nContinue anyway?' || exit 1
else
checksum=$(sha256sum "$script_name")
if [[ ${script_sha256sums[*]} != *${checksum%% *}* ]]; then
ask 'The script has an unexpected checksum. Execute it anyway?' || exit 1
fi
fi
perl "$script_name" "${script_options[@]}" "$output" || exit $?
fi
if [[ ! -f $output ]]; then
echo "Could not find file \"$output\"."
exit 1
fi
echo "Script \"$script_name\" finished."
# Add missing certificates
echo 'Adding missing certificates...'
for cert in $additional_certs; do
echo " - $cert"
{
printf "\n%s\n" "$cert"
for ((i = 0; i < ${#cert}; i++)); do echo -n "="; done
echo
curl --silent "$cert" || exit $?
} >> "$output"
done
echo "Successfully created certfile \"$output\"."