Add gcr, p11kit and certdata packages

[hvlinux.git] / stage5 / misc / certdata / remove-expired-certs.sh

diff --git a/stage5/misc/certdata/remove-expired-certs.sh b/stage5/misc/certdata/remove-expired-certs.sh
new file mode 100755 (executable)
index 0000000..078b9cc
--- /dev/null
+++ b/stage5/misc/certdata/remove-expired-certs.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+# Begin /usr/bin/remove-expired-certs.sh
+#
+# Version 20120211
+
+# Make sure the date is parsed correctly on all systems
+mydate()
+{
+  local y=$( echo $1 | cut -d" " -f4 )
+  local M=$( echo $1 | cut -d" " -f1 )
+  local d=$( echo $1 | cut -d" " -f2 )
+  local m
+
+  if [ ${d} -lt 10 ]; then d="0${d}"; fi
+
+  case $M in
+    Jan) m="01";;
+    Feb) m="02";;
+    Mar) m="03";;
+    Apr) m="04";;
+    May) m="05";;
+    Jun) m="06";;
+    Jul) m="07";;
+    Aug) m="08";;
+    Sep) m="09";;
+    Oct) m="10";;
+    Nov) m="11";;
+    Dec) m="12";;
+  esac
+
+  certdate="${y}${m}${d}"
+}
+
+OPENSSL=/usr/bin/openssl
+DIR=/etc/ssl/certs
+
+if [ $# -gt 0 ]; then
+  DIR="$1"
+fi
+
+certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" )
+today=$( date +%Y%m%d )
+
+for cert in $certs; do
+  notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout )
+  date=$( echo ${notafter} |  sed 's/^notAfter=//' )
+  mydate "$date"
+
+  if [ ${certdate} -lt ${today} ]; then
+     echo "${cert} expired on ${certdate}! Removing..."
+     rm -f "${cert}"
+  fi
+done