From 57b53918d1139bff572d84e5e0a71ae4c514d3c2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 13 Aug 2014 23:42:53 +0200 Subject: mk-ca-bundle.pl: switched to using hg.mozilla.org ... as mxr.mozilla.org is due to be retired. The new host doesn't support If-Modified-Since nor ETags, meaning that the script will now defer to download and do a post-transfer checksum check to see if a new output is to be generated. The new output format will hold the SHA1 checksum of the source file for that purpose. We call this version 1.22 Reported-by: Ed Morley Bug: http://curl.haxx.se/bug/view.cgi?id=1409 --- lib/mk-ca-bundle.pl | 71 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 15 deletions(-) diff --git a/lib/mk-ca-bundle.pl b/lib/mk-ca-bundle.pl index 232c36e4f..9c86cc208 100755 --- a/lib/mk-ca-bundle.pl +++ b/lib/mk-ca-bundle.pl @@ -40,17 +40,15 @@ use Text::Wrap; my %urls = ( 'nss' => - 'http://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt?raw=1', + 'http://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt', 'central' => - 'http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1', + 'http://hg.mozilla.org/mozilla-central/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', 'aurora' => - 'http://mxr.mozilla.org/mozilla-aurora/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1', + 'http://hg.mozilla.org/releases/mozilla-aurora/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', 'beta' => - 'http://mxr.mozilla.org/mozilla-beta/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1', + 'http://hg.mozilla.org/releases/mozilla-beta/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', 'release' => - 'http://mxr.mozilla.org/mozilla-release/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1', - 'mozilla' => - 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1' + 'http://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt', ); $opt_d = 'release'; @@ -58,7 +56,7 @@ $opt_d = 'release'; # If the OpenSSL commandline is not in search path you can configure it here! my $openssl = 'openssl'; -my $version = '1.21'; +my $version = '1.22'; $opt_w = 76; # default base64 encoded lines length @@ -209,6 +207,28 @@ sub PARSE_CSV_PARAM($$@) { return @values; } +sub sha1 { + my ($txt)=@_; + my $sha1 = `$openssl dgst -sha1 $txt | cut '-d ' -f2`; + chomp $sha1; + return sha1; +} + +sub oldsha1 { + my ($crt)=@_; + my $sha1=""; + open(C, "<$crt"); + while() { + chomp; + if($_ =~ /^\#\# SHA1: (.*)/) { + $sha1 = $1; + last; + } + } + close(C); + return $sha1; +} + if ( $opt_p !~ m/:/ ) { print "Error: Mozilla trust identifier list must include both purposes and levels\n"; HELP_MESSAGE(); @@ -238,6 +258,10 @@ my $stdout = $crt eq '-'; my $resp; my $fetched; +my $oldsha1= oldsha1($crt); + +print STDERR "SHA1 of old file: $oldsha1\n"; + unless ($opt_n and -e $txt) { print STDERR "Downloading '$txt' ...\n" if (!$opt_q); my $ua = new LWP::UserAgent(agent => "$0/$version"); @@ -257,7 +281,25 @@ unless ($opt_n and -e $txt) { } } -my $currentdate = scalar gmtime($fetched ? $resp->last_modified : (stat($txt))[9]); +my $filedate = $fetched ? $resp->last_modified : (stat($txt))[9]; +my $datesrc = "as of"; +if(!$filedate) { + # mxr.mozilla.org gave us a time, hg.mozilla.org does not! + $filedate = time(); + $datesrc="downloaded on"; +} + +# get the hash from the download file +my $newsha1= sha1($txt); + +if($oldsha1 eq $newsha1) { + print STDERR "Downloaded file identical to previous run\'s source file. Exiting\n"; + exit; +} + +print STDERR "SHA1 of new file: $newsha1\n"; + +my $currentdate = scalar gmtime($filedate); my $format = $opt_t ? "plain text and " : ""; if( $stdout ) { @@ -267,9 +309,9 @@ if( $stdout ) { } print CRT <