Syscid CA client installer

Signed-off-by: Georg Pfuetzenreuter <georg@lysergic.dev>

1 files changed, 39 insertions, 0 deletions

diff --git a/scripts/sh/deploy_syscid_ca.sh b/scripts/sh/deploy_syscid_ca.sh
new file mode 100755
index 0000000..bc60eca
--- /dev/null
+++ b/scripts/sh/deploy_syscid_ca.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+if [ "$(id -u)" = "0" ]; then
+DISTRIB=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
+echo "Detected $DISTRIB"
+CRT="/tmp/syscid-ca.crt"
+URL="https://web.syscid.com/syscid-ca.crt"
+FP_TRUST="SHA512 Fingerprint=A6:A8:43:7C:B9:1C:DF:07:E5:31:BD:76:11:ED:A6:91:A8:01:AF:21:9E:E7:6E:6B:79:8D:65:72:A3:68:00:9B:A9:1C:69:89:83:18:D7:EE:32:B2:60:C9:2F:54:75:37:46:0A:31:21:C7:F9:DE:07:C3:A3:99:FE:0E:2A:13:B5"
+if [ "${DISTRIB}" = '"openSUSE Leap"' ] || [ "${DISTRIB}" = '"openSUSE Tumbleweed"' ]; then
+	STORE="/etc/pki/trust/anchors/"
+	/usr/bin/curl -kso $CRT $URL
+	FP_CRT=$(/usr/bin/openssl x509 -fingerprint -sha512 -noout -in $CRT)
+	if [ "$FP_CRT" = "$FP_TRUST" ]; then
+		echo "OK, installing..."
+		mv $CRT $STORE
+		/usr/sbin/update-ca-certificates
+		echo "OK"
+	else
+		echo "Fingerpring mismatch. Operation aborted."
+		rm -f $CRT
+	fi
+elif [ "${DISTRIB}" = '"Arch Linux"' ]; then
+	OS="Arch"
+	echo $OS
+	/usr/bin/curl -kso $CRT $URL
+	FP_CRT=$(/usr/bin/openssl x509 -fingerprint -sha512 -noout -in $CRT)
+	if [ "$FP_CRT" = "$FP_TRUST" ]; then
+		echo "OK, installing..."
+		/usr/bin/trust --store $CRT
+		rm $CRT
+		echo "OK"
+	else
+		echo "Fingerpring mismatch. Operation aborted."
+		rm -f $CRT
+else
+	echo "Unsupported operating system."
+fi
+else
+echo "This script must be run with root privileges."
+fi