refactor

scripts/apt-clean.sh

@@ -23,24 +23,28 @@ find /var/cache/debconf/ ! -type d -wholename '/var/cache/debconf/*-old' -delete
 
 __t=$(mktemp) ; : "${__t:?}"
 debconf_trim_i18n() {
-    mawk 'BEGIN { m = 0 }
-    $0 == "" { print }
-    /^[^[:space:]]/ {
-        if ($1 ~ "\.[Uu][Tt][Ff]-?8:") { m = 1; next; }
-        m = 0; print $0;
-    }
-    /^[[:space:]]/ {
-        if (m == 1) next;
-        print $0;
-    }' < "$1" > "${__t}"
-    cat < "${__t}" > "$1"
+	mawk 'BEGIN { m = 0; }
+	$0 == "" { print; }
+	/^[^[:space:]]/ {
+	    if ($1 ~ "\.[Uu][Tt][Ff]-?8:") {
+	        m = 1;
+	        next;
+	    }
+	    m = 0;
+	    print $0;
+	}
+	/^[[:space:]]/ {
+	    if (m == 1) next;
+	    print $0;
+	}' < "$1" > "${__t}"
+	cat < "${__t}" > "$1"
 }
 
 debconf_trim_i18n /var/cache/debconf/templates.dat
 while read -r tmpl ; do
-    [ -n "${tmpl}" ] || continue
-    [ -s "${tmpl}" ] || continue
-    debconf_trim_i18n "${tmpl}"
+	[ -n "${tmpl}" ] || continue
+	[ -s "${tmpl}" ] || continue
+	debconf_trim_i18n "${tmpl}"
 done <<EOF
 $(find "${DPKG_ADMINDIR}/info/" -type f -name '*.templates' | sort -V)
 EOF

scripts/apt-install.sh

@@ -22,8 +22,9 @@ _apt_update() {
 }
 
 _dpkg_avail_hack() {
+	: "${DPKG_ADMINDIR:=/var/lib/dpkg}"
 	VERSION_CODENAME=$(. /etc/os-release ; printf '%s' "${VERSION_CODENAME}") || :
-	f="${DPKG_ADMINDIR:-/var/lib/dpkg}/available"
+	f="${DPKG_ADMINDIR}/available"
 	# if ${VERSION_CODENAME} is empty then we're on Debian sid or so :)
 	case "${VERSION_CODENAME}" in
 	stretch | buster | bionic | focal )
@@ -31,7 +32,7 @@ _dpkg_avail_hack() {
 		if [ -s "$f" ] ; then
 			return
 		fi
-		/usr/lib/dpkg/methods/apt/update "${DPKG_ADMINDIR:-/var/lib/dpkg}" apt apt
+		/usr/lib/dpkg/methods/apt/update "${DPKG_ADMINDIR}" apt apt
 	;;
 	* )
 		touch "$f"

scripts/openssl-cert-auto-pem.sh

@@ -13,38 +13,88 @@ me=${0##*/}
 
 w=$(mktemp -d) || exit 1
 w_cleanup() {
-	[ -z "$w" ] || ls -lA "$w/"
+	[ -z "$w" ] || ls -lA "$w/" >&2
 	[ -z "$w" ] || rm -rf "$w"
 	unset w
 	exit "${1:-0}"
 }
 
+bundle_offsets() {
+	mawk 'BEGIN { OFS = ","; i_begin = 0; }
+	$0 == "-----BEGIN CERTIFICATE-----" {
+	    i_begin = NR;
+	}
+	$0 == "-----END CERTIFICATE-----" {
+	    if (i_begin > 0) {
+	        print i_begin, NR;
+	        i_begin = 0;
+	    }
+	}' "$1"
+}
+
+bundle_fingerprints() {
+	local x f
+	while read -r x ; do
+		[ -n "$x" ] || continue
+
+		f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint -sha256)
+		[ -n "$f" ] || f=$(sed -ne "${x}p" "$1" | openssl x509 -noout -fingerprint)
+		[ -n "$f" ] || continue
+
+		printf '%s\n' "$f" | tr '[:upper:]' '[:lower:]'
+	done < "$2"
+}
+
 openssl storeutl -certs "$1" > "$w/cert.pem" || w_cleanup 1
 [ -s "$w/cert.pem" ] || w_cleanup 1
 tr -s '\r\n' '\n' < "$w/cert.pem" > "$w/cert.txt"
 [ -s "$w/cert.txt" ] || w_cleanup 1
+rm -f "$w/cert.pem"
 
-awk '
-BEGIN {
-    OFS = ","
-    m_begin="-----BEGIN CERTIFICATE-----"
-    m_end="-----END CERTIFICATE-----"
-    i_begin = 0
-}
-$0 == m_begin { i_begin = NR ; }
-$0 == m_end {
-    if (i_begin > 0) {
-        print i_begin,NR
-        i_begin = 0
-    }
-}
-' "$w/cert.txt" > "$w/cert.offsets"
-[ -s "$w/cert.offsets" ] || w_cleanup 1
+bundle_offsets "$w/cert.txt" > "$w/cert.off"
+[ -s "$w/cert.off" ] || w_cleanup 1
 
-while read -r a ; do
-	[ -n "$a" ] || continue
+bundle_fingerprints "$w/cert.txt" "$w/cert.off" > "$w/cert.fp.all"
+[ -s "$w/cert.fp.all" ] || w_cleanup 1
 
-	sed -ne "${a}p" "$w/cert.txt"
-done < "$w/cert.offsets"
+sort -uV < "$w/cert.fp.all" > "$w/cert.fp"
+while read -r fp ; do
+	[ -n "${fp}" ] || continue
+
+	n=$(grep -m1 -Fxn -e "${fp}" "$w/cert.fp.all" | cut -d : -f 1)
+	[ -n "$n" ] || continue
+
+	off=$(sed -ne "${n}p" "$w/cert.off")
+	[ -n "${off}" ] || continue
+
+	sed -ne "${off}p" "$w/cert.txt"
+done < "$w/cert.fp" > "$w/cert.pem"
+[ -s "$w/cert.pem" ] || w_cleanup 1
+rm -f "$w/cert.txt" "$w/cert.off" "$w/cert.fp.all"
+
+if [ -n "$2" ] ; then
+	while : ; do
+		if [ -e "$2" ] ; then
+			[ -f "$2" ] || break
+		fi
+		cat > "$2"
+	break ; done
+else
+	cat
+fi < "$w/cert.pem"
+
+while [ -n "$3" ] ; do
+	if [ -e "$3" ] ; then
+		[ -f "$3" ] || break
+	fi
+	cat "$w/cert.fp" > "$3"
+break ; done
+
+while [ -n "$4" ] ; do
+	if [ -e "$4" ] ; then
+		[ -f "$4" ] || break
+	fi
+	bundle_offsets "$w/cert.pem" > "$4"
+break ; done
 
 rm -rf "$w" ; unset w

scripts/openssl-cert-fingerprint.sh

@@ -1,52 +0,0 @@
-#!/bin/sh
-set -f
-
-[ $# -gt 0 ] || exit 0
-me=${0##*/}
-
-[ -n "$1" ] || exit 1
-[ -f "$1" ] || {
-	env printf '%s: not a file or does not exist: %q\n' "${me}" "$1" >&2
-	exit 1
-}
-[ -s "$1" ] || exit 0
-
-w=$(mktemp -d) || exit 1
-w_cleanup() {
-	[ -z "$w" ] || ls -lA "$w/"
-	[ -z "$w" ] || rm -rf "$w"
-	unset w
-	exit "${1:-0}"
-}
-
-openssl-cert-auto-pem.sh "$1" > "$w/cert.pem" || w_cleanup 1
-[ -s "$w/cert.pem" ] || w_cleanup 1
-
-awk '
-BEGIN {
-    OFS = ","
-    m_begin="-----BEGIN CERTIFICATE-----"
-    m_end="-----END CERTIFICATE-----"
-    i_begin = 0
-}
-$0 == m_begin { i_begin = NR ; }
-$0 == m_end {
-    if (i_begin > 0) {
-        print i_begin,NR
-        i_begin = 0
-    }
-}
-' "$w/cert.pem" > "$w/cert.off"
-[ -s "$w/cert.off" ] || w_cleanup 1
-
-while read -r a ; do
-	[ -n "$a" ] || continue
-
-	{
-		sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint -sha256 \
-		|| \
-		sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint
-	} | tr '[:upper:]' '[:lower:]'
-done < "$w/cert.off"
-
-w_cleanup 0

scripts/python-rm-cache.sh

@@ -1,7 +1,9 @@
 #!/bin/sh
 set -f
 for i ; do
-    find "$i/" -name __pycache__ -exec rm -rf {} +
-    find "$i/" ! -type d -name '*.py[co]' -exec rm -f {} +
+	[ -n "$i" ] || continue
+	[ -d "$i" ] || continue
+	find "$i/" -name __pycache__ -exec rm -rf {} +
+	find "$i/" ! -type d -name '*.py[co]' -exec rm -f {} +
 done
 exit 0