| --- a/usr/sbin/update-ca-certificates |
| +++ b/usr/sbin/update-ca-certificates |
| @@ -23,6 +23,8 @@ |
| |
| verbose=0 |
| fresh=0 |
| +ROOT="" |
| +RELPATH="" |
| while [ $# -gt 0 ]; |
| do |
| case $1 in |
| @@ -30,6 +31,11 @@ |
| verbose=1;; |
| --fresh|-f) |
| fresh=1;; |
| + --root|-r) |
| + ROOT=$(readlink -f "$2") |
| + # needed as c_rehash wants to read the files directly |
| + RELPATH="../../.." |
| + shift;; |
| --help|-h|*) |
| - echo "$0: [--verbose] [--fresh]" |
| + echo "$0: [--verbose] [--fresh] [--root <dir>]" |
| exit;; |
| @@ -37,11 +41,11 @@ |
| shift |
| done |
| |
| -CERTSCONF=/etc/ca-certificates.conf |
| -CERTSDIR=/usr/share/ca-certificates |
| -LOCALCERTSDIR=/usr/local/share/ca-certificates |
| +CERTSCONF="$ROOT/etc/ca-certificates.conf" |
| +CERTSDIR="$ROOT/usr/share/ca-certificates" |
| +LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates" |
| CERTBUNDLE=ca-certificates.crt |
| -ETCCERTSDIR=/etc/ssl/certs |
| +ETCCERTSDIR="$ROOT/etc/ssl/certs" |
| |
| cleanup() { |
| rm -f "$TEMPBUNDLE" |
| @@ -66,7 +70,7 @@ |
| -e 's/,/_/g').pem" |
| if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] |
| then |
| - ln -sf "$CERT" "$PEM" |
| + ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM" |
| echo +$PEM >> "$ADDED" |
| fi |
| cat "$CERT" >> "$TEMPBUNDLE" |
| @@ -78,22 +82,22 @@ |
| if test -L "$PEM" |
| then |
| rm -f "$PEM" |
| - echo -$PEM >> "$REMOVED" |
| + echo "-$PEM" >> "$REMOVED" |
| fi |
| } |
| |
| -cd $ETCCERTSDIR |
| +cd "$ETCCERTSDIR" |
| if [ "$fresh" = 1 ]; then |
| echo -n "Clearing symlinks in $ETCCERTSDIR..." |
| find . -type l -print | while read symlink |
| do |
| - case $(readlink $symlink) in |
| - $CERTSDIR*) rm -f $symlink;; |
| + case $(readlink "$symlink") in |
| + "$CERTSDIR"*) rm -f "$symlink";; |
| esac |
| done |
| find . -type l -print | while read symlink |
| do |
| - test -f $symlink || rm -f $symlink |
| + test -f "$symlink" || rm -f "$symlink" |
| done |
| echo "done." |
| fi |
| @@ -102,12 +106,12 @@ |
| |
| # Handle certificates that should be removed. This is an explicit act |
| # by prefixing lines in the configuration files with exclamation marks (!). |
| -sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt |
| +sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt |
| do |
| remove "$CERTSDIR/$crt" |
| done |
| |
| -sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt |
| +sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt |
| do |
| if ! test -f "$CERTSDIR/$crt" |
| then |
| @@ -146,14 +150,14 @@ |
| |
| echo "$ADDED_CNT added, $REMOVED_CNT removed; done." |
| |
| -HOOKSDIR=/etc/ca-certificates/update.d |
| +HOOKSDIR="$ROOT/etc/ca-certificates/update.d" |
| echo -n "Running hooks in $HOOKSDIR...." |
| VERBOSE_ARG= |
| [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose |
| -eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook |
| +eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook |
| do |
| ( cat $ADDED |
| - cat $REMOVED ) | $hook || echo E: $hook exited with code $?. |
| + cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?. |
| done |
| echo "done." |
| |