1 |
#! /usr/bin/perl -w |
2 |
# |
3 |
use strict; |
4 |
use Getopt::Long qw(:config no_ignore_case bundling); |
5 |
|
6 |
my $sccsid = '@(#)$Id$'; |
7 |
|
8 |
my $targetdir; |
9 |
my $show_help; |
10 |
my $show_version; |
11 |
my $verbose; |
12 |
my $dryrun; |
13 |
|
14 |
sub help() { |
15 |
(my $name = $0) =~ s/.*\///; |
16 |
print <<EOHELP; |
17 |
The $name utility will eradicate [0-9a-f]{8}.r\\d+ files from |
18 |
the directory given to the "-l" option if no matching [0-9a-f]{8}.\\d+ |
19 |
file can be found in the same, which in most cases will wipe stale |
20 |
historic CRLs from an X509_CERT_DIR like directory. |
21 |
Use at your own risk. It may be wiping files that you would have |
22 |
liked to keep, or it may kill your pet. |
23 |
|
24 |
Options: |
25 |
-l | --cadir <path> |
26 |
directory to cleanse of old CRL-ish files |
27 |
-v[v...] | --verbose |
28 |
become more verbose and talkative |
29 |
-n | --dryrun |
30 |
do not actually unlink any files |
31 |
-V | --version |
32 |
show a version number |
33 |
-h | --help |
34 |
this help text |
35 |
|
36 |
Examples: |
37 |
$name -l /etc/grid-security/certificates |
38 |
|
39 |
Diagnostics: |
40 |
". not found": consult an expert. |
41 |
|
42 |
EOHELP |
43 |
return 1; |
44 |
} |
45 |
|
46 |
sub showversion() { |
47 |
(my $name = $0) =~ s/.*\///; |
48 |
print "$name version @VERSION@\n"; |
49 |
return 1; |
50 |
} |
51 |
|
52 |
&GetOptions( |
53 |
"l|cadir=s" => \$targetdir, |
54 |
"n|dryrun" => \$dryrun, |
55 |
"h|help" => \$show_help, |
56 |
"v|verbose+" => \$verbose, |
57 |
"V|version" => \$show_version |
58 |
) or &help and exit(1); |
59 |
|
60 |
$show_help and &help() and exit (0); |
61 |
$show_version and &showversion() and exit (0); |
62 |
$verbose = 0 unless defined $verbose; |
63 |
$dryrun = 0 unless defined $dryrun; |
64 |
|
65 |
die "Error: target directory undefined, please supply -l argument!\n" |
66 |
unless $targetdir; |
67 |
die "Error: target directory $targetdir does not exist\n" |
68 |
unless -e $targetdir; |
69 |
die "Error: target directory $targetdir is not a directory\n" |
70 |
unless -d $targetdir; |
71 |
|
72 |
# read the directory and find all CA like .\d and CRL like files, |
73 |
# recoding the hashes of the info files in an array, and then in a |
74 |
# second pass weeding out those CRL ".r*" files that do not have |
75 |
# a corresponding info or crl_url file |
76 |
# the remainer is a candidate for deletion |
77 |
my $dh; |
78 |
my @crlfiles; |
79 |
my %infohashes; |
80 |
opendir($dh,$targetdir) or die "Cannot open $targetdir: $!\n"; |
81 |
while ( my $fn = readdir $dh ) { |
82 |
$fn =~ /^([0-9a-f]{8})\.(\d+)$/ and do { |
83 |
$infohashes{$1}=1; |
84 |
($verbose > 2) and print "Hash $1 belongs to an active CA\n"; |
85 |
}; |
86 |
$fn =~ /^([0-9a-f]{8})\.r(\d+)$/ and do { |
87 |
push @crlfiles,$fn; |
88 |
($verbose > 2) and print "File $fn is classified as a CRL file\n"; |
89 |
}; |
90 |
} |
91 |
|
92 |
my @candidates = grep { |
93 |
/^([0-9a-f]{8})\.r([0-9]+)$/; |
94 |
! exists $infohashes{$1}; |
95 |
} @crlfiles; |
96 |
|
97 |
$verbose > 0 and do { |
98 |
if ( $#candidates >= 0 ) { |
99 |
print "The following CRL like files are about to be deleted". |
100 |
($dryrun?" ... NOT!":".")."\n"; |
101 |
foreach my $fn ( @candidates ) { print " $fn\n"; } |
102 |
} else { |
103 |
print "No orphaned CRL like files found in $targetdir\n"; |
104 |
} |
105 |
}; |
106 |
|
107 |
if ( ! $dryrun ) { |
108 |
foreach my $fn ( @candidates ) { |
109 |
unlink("$targetdir/$fn") or warn "Cannot remove $targetdir/$fn: $!\n"; |
110 |
} |
111 |
} |
112 |
|
113 |
1; |