| 1 |
#! /usr/bin/perl -w |
| 2 |
# |
| 3 |
use strict; |
| 4 |
use Getopt::Long qw(:config no_ignore_case bundling); |
| 5 |
use POSIX; |
| 6 |
|
| 7 |
my $versionid = "20130702.01"; |
| 8 |
|
| 9 |
my $targetdir; |
| 10 |
my $show_help; |
| 11 |
my $show_version; |
| 12 |
my $verbose; |
| 13 |
my $dryrun; |
| 14 |
|
| 15 |
sub help() { |
| 16 |
(my $name = $0) =~ s/.*\///; |
| 17 |
print <<EOHELP; |
| 18 |
The $name utility will eradicate [0-9a-f]{8}.r\\d+ files from |
| 19 |
the directory given to the "-l" option if no matching [0-9a-f]{8}.\d+ |
| 20 |
file can be found in the same, which in most cases will wipe stale |
| 21 |
historic CRLs from an X509_CERT_DIR like directory. |
| 22 |
Use at your own risk. It may be wiping files that you would have |
| 23 |
liked to keep, or it may kill your pet. |
| 24 |
|
| 25 |
Options: |
| 26 |
-l | --cadir <path> |
| 27 |
directory to cleanse of old CRL-ish files |
| 28 |
-v[v...] | --verbose |
| 29 |
become more verbose and talkative |
| 30 |
-n | --dryrun |
| 31 |
do not actually unlink any files |
| 32 |
-V | --version |
| 33 |
show a version number |
| 34 |
-h | --help |
| 35 |
this help text |
| 36 |
|
| 37 |
Examples: |
| 38 |
$name -l /etc/grid-security/certificates |
| 39 |
|
| 40 |
Diagnostics: |
| 41 |
". not found": consult an expert. |
| 42 |
|
| 43 |
EOHELP |
| 44 |
return 1; |
| 45 |
} |
| 46 |
|
| 47 |
sub showversion() { |
| 48 |
(my $name = $0) =~ s/.*\///; |
| 49 |
print "$name version $versionid\n"; |
| 50 |
return 1; |
| 51 |
} |
| 52 |
|
| 53 |
&GetOptions( |
| 54 |
"l|cadir=s" => \$targetdir, |
| 55 |
"n|dryrun" => \$dryrun, |
| 56 |
"h|help" => \$show_help, |
| 57 |
"v|verbose+" => \$verbose, |
| 58 |
"V|version" => \$show_version |
| 59 |
) or &help and exit(1); |
| 60 |
|
| 61 |
$show_help and &help() and exit (0); |
| 62 |
$show_version and &showversion() and exit (0); |
| 63 |
$verbose = 0 unless defined $verbose; |
| 64 |
$dryrun = 0 unless defined $dryrun; |
| 65 |
|
| 66 |
die "Error: target directory undefined, please supply -l argument!\n" |
| 67 |
unless $targetdir; |
| 68 |
die "Error: target directory $targetdir does not exist\n" |
| 69 |
unless -e $targetdir; |
| 70 |
die "Error: target directory $targetdir is not a directory\n" |
| 71 |
unless -d $targetdir; |
| 72 |
|
| 73 |
# read the directory and find all CA like .\d and CRL like files, |
| 74 |
# recoding the hashes of the info files in an array, and then in a |
| 75 |
# second pass weeding out those CRL ".r*" files that do not have |
| 76 |
# a corresponding info or crl_url file |
| 77 |
# the remainer is a candidate for deletion |
| 78 |
my $dh; |
| 79 |
my @crlfiles; |
| 80 |
my %infohashes; |
| 81 |
opendir($dh,$targetdir) or die "Cannot open $targetdir: $!\n"; |
| 82 |
while ( my $fn = readdir $dh ) { |
| 83 |
$fn =~ /^([0-9a-f]{8})\.(\d+)$/ and do { |
| 84 |
$infohashes{$1}=1; |
| 85 |
($verbose > 2) and print "Hash $1 belongs to an active CA\n"; |
| 86 |
}; |
| 87 |
$fn =~ /^([0-9a-f]{8})\.r(\d+)$/ and do { |
| 88 |
push @crlfiles,$fn; |
| 89 |
($verbose > 2) and print "File $fn is classified as a CRL file\n"; |
| 90 |
}; |
| 91 |
} |
| 92 |
|
| 93 |
my @candidates = grep { |
| 94 |
/^([0-9a-f]{8})\.r([0-9]+)$/; |
| 95 |
! exists $infohashes{$1}; |
| 96 |
} @crlfiles; |
| 97 |
|
| 98 |
$verbose > 0 and do { |
| 99 |
if ( $#candidates >= 0 ) { |
| 100 |
print "The following CRL like files are about to be deleted". |
| 101 |
($dryrun?" ... NOT!":".")."\n"; |
| 102 |
foreach my $fn ( @candidates ) { print " $fn\n"; } |
| 103 |
} else { |
| 104 |
print "No orphaned CRL like files found in $targetdir\n"; |
| 105 |
} |
| 106 |
}; |
| 107 |
|
| 108 |
if ( ! $dryrun ) { |
| 109 |
foreach my $fn ( @candidates ) { |
| 110 |
unlink("$targetdir/$fn") or warn "Cannot remove $targetdir/$fn: $!\n"; |
| 111 |
} |
| 112 |
} |
| 113 |
|
| 114 |
1; |
Parent Directory
| 
Revision Log