The cirros image was rebuilt against the 3.13.0-83 kernel, drivers e1000e, igbvf...

[packages/trusty/cirros-testvm.git] / cirros-testvm / src-cirros / bin / mkcabundle

diff --git a/cirros-testvm/src-cirros/bin/mkcabundle b/cirros-testvm/src-cirros/bin/mkcabundle
new file mode 100755 (executable)
index 0000000..f2cf037
--- /dev/null
+++ b/cirros-testvm/src-cirros/bin/mkcabundle
@@ -0,0 +1,41 @@
+#!/usr/bin/perl -w
+#
+# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
+# Run as ./mkcabundle.pl > ca-bundle.crt
+#
+
+my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
+my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
+
+open(IN, "cvs -d $cvsroot co -p $certdata|")
+    || die "could not check out certdata.txt";
+
+my $incert = 0;
+
+print<<EOH;
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities.  It was generated from the Mozilla root CA list.
+#
+# Source: $certdata
+#
+EOH
+
+while (<IN>) {
+    if (/^CKA_VALUE MULTILINE_OCTAL/) {
+        $incert = 1;
+        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
+            || die "could not pipe to openssl x509";
+    } elsif (/^END/ && $incert) {
+        close(OUT);
+        $incert = 0;
+        print "\n\n";
+    } elsif ($incert) {
+        my @bs = split(/\\/);
+        foreach my $b (@bs) {
+            chomp $b;
+            printf(OUT "%c", oct($b)) unless $b eq '';
+        }
+    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
+        print "# Generated from certdata.txt RCS revision $1\n#\n";
+    }
+}