1#!/bin/sh 2# Usage: add-openssl-roots.sh <roots dir> <baseline file> 3 4# Strip all openssl entries 5sed -i -e '/openssl/d' "$2" 6sed -i -e 's/both/nss/' "$2" 7 8# Re-add them as needed 9fingerprints=$(for x in "$1"/*.pem; do \ 10 openssl x509 -in "$x" -noout -fingerprint | cut -f2 -d=; \ 11 done) 12for x in $fingerprints; do 13 if grep -q "nss $x" "$2"; then 14 sed -i -e "s/nss $x/both $x/" "$2" 15 fi 16 if grep -qE "(both|openssl) $x" "$2"; then 17 continue 18 fi 19 echo "openssl $x" >> "$2" 20done 21 22# Re-sort the file 23mv "$2" "$2.tmp" 24sort "$2.tmp" > "$2" 25rm "$2.tmp" 26