Only setup CRL cron job if needed
[cacert-puppet.git] / sitemodules / profiles / templates / base / update-crls.epp
1 <% | Array[String] $services | %>
2 #!/bin/sh
3
4 # THIS FILE IS MANAGED BY PUPPET, MANUAL CHANGES WILL BE OVERWRITTEN AT THE
5 # NEXT PUPPET RUN.
6
7 set -e
8
9 CRL_PATH='/var/local/ssl/crls/'
10 CA_CERT='/etc/ssl/certs/ca-certificates.crt'
11 RSYNC_LOCATION='crl.cacert.org::crl'
12
13 rsync -aqz "$RSYNC_LOCATION" "$CRL_PATH"
14
15 for crl in "$CRL_PATH"*.crl
16 do
17 if openssl crl -noout -inform DER -in "$crl" -CAfile "$CA_CERT" 2>/dev/null
18 then
19 openssl crl -inform DER -in "$crl" -out "$crl".pem
20 else
21 echo "Error: Could not validate the CRL at $crl" >&2
22 fi
23 done
24
25 c_rehash "$CRL_PATH" 2>/dev/null >&2
26 <% $services.each |$service| { -%>
27 service <%= $service %> reload > /dev/null
28 <% } %>
29
30 exit 0