blob: 13bb264cc491f8558ebae9fa3695dcc3ec56cadb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
#!/bin/sh
### BEGIN INIT INFO
# Provides: fetch-filter-cert
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Should-Start: $network $syslog $named
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Fetch e2guardian SSL public cacert
# Description:
# Retrieve e2guardian proxy's CA certificate and add it to
# the system-wide list of CA certificates.
### END INIT INFO
set -e
. /lib/lsb/init-functions
CERTFILE=/usr/local/share/ca-certificates/debian-edu/filter-ca.crt
FILTERSERVER="filter"
FILTERCACERTURL="http://$FILTERSERVER/filter-ca.crt"
do_start() {
ERROR=false
if ! fping "$FILTERSERVER" 1>/dev/null 2>/dev/null; then
logger -t fetch-filter-cert "Site does not have a content filter server, aborting."
return 0
elif [ ! -f $CERTFILE ]; then
[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching content filter CA certificate."
mkdir -p "$(dirname $CERTFILE)"
curl "$FILTERCACERTURL" > $CERTFILE.new
chmod 644 $CERTFILE.new
if test -s $CERTFILE.new && head -n1 $CERTFILE.new | grep -q -E '^-----BEGIN CERTIFICATE-----$'; then
mv $CERTFILE.new $CERTFILE
[ "$VERBOSE" != no ] && log_action_end_msg 0
logger -t fetch-filter-cert "Fetched content filter CA certificate from $FILTERCACERTURL."
update-ca-certificates 1>/dev/null
else
rm $CERTFILE.new
log_action_end_msg 1
logger -t fetch-filter-cert "Failed to fetch content filter CA certificate from $FILTERCACERTURL."
ERROR=true
fi
fi
if [ -d /opt/ltsp ] ; then
for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
if [ ! -f $ltsp_chroot$CERTFILE ]; then
[ "$VERBOSE" != no ] &&
log_action_begin_msg "Copying content filter CA certificate to ltsp-chroot $ltsp_chroot "
if test -s $CERTFILE; then
mkdir -p $(dirname $ltsp_chroot/$CERTFILE)
cp $CERTFILE $ltsp_chroot$CERTFILE
chmod 644 $ltsp_chroot$CERTFILE
chroot $ltsp_chroot update-ca-certificates 1>/dev/null
[ "$VERBOSE" != no ] && log_action_end_msg 0
else
log_action_end_msg 1
ERROR=true
fi
fi
done
fi
if $ERROR; then
return 1
fi
}
case "$1" in
start)
do_start
;;
stop)
;;
restart|force-reload)
;;
*)
echo "Usage: $0 {start|stop|restart|force-reload}"
exit 2
esac
exit 0
|
