Certificate Authority Certs

[bdubbs@…]

It appears that the URL that we are using for certs is not being updated. What we have now is:

certhost='http://mxr.mozilla.org'                        &&
certdir='/mozilla/source/security/nss/lib/ckfw/builtins' &&
url="$certhost$certdir/certdata.txt?raw=1" 

It has been suggested that we use the file out of the version control repository, but that changes periodically. We need to do something like:

certhost='https://hg.mozilla.org'
certdir='releases/mozilla-release/file/default/security/nss/lib/ckfw/builtins'

wget $certhost/$certdir/certdata.txt 
mv certdata.txt certdata.html

certtext=$(grep raw-file certdata.html|sed -r 's/.*="(.*)".*/\1/ )
wget $certhost/$certtext

That should get the text format of the file. The only problem is that we need to download a 5M html file just to get one line that points to a 1.5M text file.

[bdubbs@…]

Another idea. We can set up a cron script on the anduin sever to download the text version of certdata.txt once a day and point users to that. What do you think?

[bdubbs@…]

I have created a script so the cert file is available at ​http://anduin.linuxfromscratch.org/sources/other/certdata.txt. It will be updated daily.

Using that file requires a change to the make-ca.sh script due to a minor change in the certdata format. There is no CVS_ID, so I used the date in the change below, but we could probably extract the date of the last update from the line:

<td>Sat Mar 01 03:10:22 2014 -0800 (at Sat Mar 01 03:10:22 2014 -0800)</td></tr>

-REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$')
 
-if [ -z "${REVISION}" ]; then
-  echo "$certfile has no 'Revision' in CVS_ID"
-  exit 1
-fi

-VERSION=$(echo $REVISION | cut -f2 -d" ")
+VERSION=$(date +%Y%m%d)

[bdubbs@…]

The file is now being mirrored on anduin with a line to simulate CVS. No changes to the scripts were required, just the download URL (and a script on anduin to automate fetching the text file.

Fixed at revision 12844.