diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2018-03-21 18:53:25 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2018-03-21 18:53:25 +0000 |
| commit | e4c517212bec6c46ecb080e27a549e070e0c668a (patch) | |
| tree | 6555dedfacd5ba185cc5e30b80670cf5c36eba06 /distrib | |
| parent | aea69eb24d9eaede85732d8b24a9e9cc169930c7 (diff) | |
Add a script to trim pretty-printed decodes of X509 certs, for use in
shrinking ramdisk cert.pem files. ok deraadt
Diffstat (limited to 'distrib')
| -rw-r--r-- | distrib/miniroot/trimcerts.awk | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/distrib/miniroot/trimcerts.awk b/distrib/miniroot/trimcerts.awk new file mode 100644 index 00000000000..8042d1b8615 --- /dev/null +++ b/distrib/miniroot/trimcerts.awk @@ -0,0 +1,35 @@ +# $OpenBSD: trimcerts.awk,v 1.1 2018/03/21 18:53:24 sthen Exp $ + +# +# read in a formatted list of X509 certificates with long decodes, +# output only short comments plus the certificates themselves +# + +BEGIN { + if (ARGC != 3) { + print "usage: awk -f trimcert.awk cert.pem outputfile"; + bad=1; + exit 1; + } + ARGC=2; + incert=0; +} + +{ + if ($0 ~ /^-----BEGIN CERTIFICATE-----/) { + incert=1; + } + if ($0 ~ /^#/ || incert) { + print $0 > ARGV[2]; + } + if ($0 ~ /^-----END CERTIFICATE-----/) { + incert=0; + } +} + +END { + if (!bad) { + system("chmod 444 " ARGV[2]); + system("chown root:bin " ARGV[2]); + } +} |