From bfc327833c6498b57bb434b92f7766d35b39ce8f Mon Sep 17 00:00:00 2001
From: kytv <kytv@mail.i2p>
Date: Sat, 30 Mar 2013 14:24:59 +0000
Subject: [PATCH] checkcerts.sh: add some support for non-Linux systems
Date computations as performed in this script require the use of GNU date,
which is only available by default on Linux systems. With this check-in we
explicitly check for the existence of GNU date before continuing with the date
calculations.
Previous versions of this script relied on 'certtool' to print the expiration
dates but certtool isn't available by default on non-Linux systems either. The
previous check-in added support for using OpenSSL, retaining the old behavior
on non-Linux systems.
(Also a re-arrangement of the date warning logic)
---
tests/scripts/checkcerts.sh | 70 +++++++++++++++++++++++++------------
1 file changed, 47 insertions(+), 23 deletions(-)
diff --git a/tests/scripts/checkcerts.sh b/tests/scripts/checkcerts.sh
index 5c3d737e46..72aa9c53bd 100755
--- a/tests/scripts/checkcerts.sh
+++ b/tests/scripts/checkcerts.sh
@@ -4,6 +4,9 @@
# Returns nonzero on failure. Fails if cert cannot be read or is older than
# $SOON (default 30).
#
+# Hard dependency: OpenSSL OR gnutls
+# Recommended: GNU date
+#
# zzz 2011-08
# kytv 2013-03
# public domain
@@ -22,51 +25,72 @@ elif [ $(which certtool) ]; then : ;else
exit 1
fi
-CHECKCERT() {
+# This "grouping hack" is here to prevent errors from being displayed with the
+# original Bourne shell (Linux shells don't need the {}s
+if { date --help;} >/dev/null 2>&1 ; then
+ HAVE_GNUDATE=1
+fi
+
+checkcert() {
if [ $OPENSSL ]; then
DATA=$(openssl x509 -enddate -noout -in $1| cut -d'=' -f2-)
else
DATA=$(certtool -i < "$1" | sed -e '/Not\sAfter/!d' -e 's/^.*:\s\(.*\)/\1/')
fi
# While this isn't strictly needed it'll ensure that the output is consistent,
- # regardles of the tool used.
- date -u -d "$(echo $DATA)" '+%F %H:%M'
+ # regardles of the tool used. Dates/times are formatting according to OpenSSL's output
+ # since this available by default on most systems.
+ if [ -n "$HAVE_GNUDATE" ]; then
+ LANG=C date -u -d "$(echo $DATA)" '+%b %d %H:%M:%S %Y GMT'
+ else
+ echo $DATA
+ fi
}
-
-cd `dirname $0`/../../installer/resources/certificates
-
-NOW=$(date -u '+%s')
-
-for i in *.crt
-do
- echo "Checking $i ..."
- EXPIRES=`CHECKCERT $i`
- if [ -z "$EXPIRES" ]; then
- echo "********* FAILED CHECK FOR $i *************"
- FAIL=1
- else
+compute_dates() {
+ # Date computations currently depend on GNU date(1).
+ # If run on a non-Linux system just print the expiration date.
+ # TODO Cross-platform date calculation support
+ if [ -n "$HAVE_GNUDATE" ]; then
SECS=$(date -u -d "$EXPIRES" '+%s')
DAYS="$(expr \( $SECS - $NOW \) / 86400)"
if [ $DAYS -ge $SOON ]; then
echo "Expires in $DAYS days ($EXPIRES)"
- elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
- echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
- FAIL=1
- elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then
- echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
elif [ $DAYS -eq 1 ]; then
DAYS=$(echo $DAYS | sed 's/^-//')
- echo "****** Check for $I failed, expires in $DAYS day ($EXPIRES) ******"
+ echo "****** Check for $I failed, expires tomorrow ($EXPIRES) ******"
FAIL=1
elif [ $DAYS -eq 0 ]; then
echo "****** Check for $i failed, expires today ($EXPIRES) ******"
FAIL=1
- elif [ $DAYS -le 0 ]; then
+ elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
+ echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
+ FAIL=1
+ elif [ $DAYS -lt $WARN ] && [ $DAYS -gt $SOON ]; then
+ echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
+ elif [ $DAYS -lt 0 ]; then
DAYS=$(echo $DAYS | sed 's/^-//')
echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******"
FAIL=1
fi
+ else
+ echo $EXPIRES
+ fi
+}
+
+cd `dirname $0`/../../installer/resources/certificates
+
+NOW=$(date -u '+%s')
+
+for i in *.crt
+do
+ echo "Checking $i ..."
+ EXPIRES=`checkcert $i`
+ if [ -z "$EXPIRES" ]; then
+ echo "********* FAILED CHECK FOR $i *************"
+ FAIL=1
+ else
+ compute_dates
fi
done
--
GitLab