From 2c25890f204b1e5c0ae76d9a621256f4846086ca Mon Sep 17 00:00:00 2001
From: Michal 'vorner' Vaner <michal.vaner@nic.cz>
Date: Thu, 19 Jun 2014 13:21:00 +0200
Subject: [PATCH] Don't have lock dir in get-api-curl

And don't fail the script if it doesn't download. This way we can keep
using the old one at least until it times out.
---
 cacerts/get-api-crl | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/cacerts/get-api-crl b/cacerts/get-api-crl
index 6f1cd9c..3d6c7b6 100755
--- a/cacerts/get-api-crl
+++ b/cacerts/get-api-crl
@@ -1,26 +1,23 @@
 #!/bin/sh
 
-set -ex
+DIR="/tmp/crldown.$$"
 
 # The time of 4 hours should be enough for the CRL not to time out. Hopefuly.
 if [ -f /tmp/crl.pem ] && [ "$((`date +%s`-4*3600))" -lt "$((`date -r /tmp/crl.pem +%s`))" ] ; then
 	exit
 fi
 
-if [ -d /tmp/crldown ] && [ "$((`date +%s`-3600))" -gt "$((`date -r /tmp/crldown +%s`))" ] ; then
-	# If there's a really old stray lock, get rid of it.
-	rm -rf /tmp/crldown
-fi
-
-mkdir /tmp/crldown
-trap 'rm -rf /tmp/crldown' EXIT ABRT QUIT TERM INT
-cd /tmp/crldown
+mkdir "$DIR"
+trap 'rm -rf "$DIR"' EXIT ABRT QUIT TERM INT
+cd "$DIR"
 
-echo | openssl s_client -connect api.turris.cz:443 -showcerts | awk -v c=-1 '/-----BEGIN CERTIFICATE-----/{inc=1;c++} inc {print > (c ".pem")}'
+echo | openssl s_client -connect api.turris.cz:443 -showcerts 2>/dev/null | awk -v c=-1 '/-----BEGIN CERTIFICATE-----/{inc=1;c++} inc {print > (c ".pem")}'
 
-for i in *.pem ; do
-	# This is a hack a bit, we expect the hostname to be crl\. something. Our CA satisfies this now and if it breaks, we would find out.
-	openssl x509 -in "$i" -noout -text | grep -o 'http://crl\..*' | xargs curl -s -S | openssl crl -inform der -out tmp.pem
-	cat tmp.pem >>out.pem
-done
-mv out.pem /tmp/crl.pem
+if [ -e 0.pem ] ; then
+	for i in *.pem ; do
+		# This is a hack a bit, we expect the hostname to be crl\. something. Our CA satisfies this now and if it breaks, we would find out.
+		openssl x509 -in "$i" -noout -text | grep -o 'http://crl\..*' | xargs curl -s -S | openssl crl -inform der -out tmp.pem
+		cat tmp.pem >>out.pem
+	done
+	mv out.pem /tmp/crl.pem
+fi
-- 
GitLab