This file is indexed.

/usr/sbin/clean-crl is in fetch-crl 3.0.11-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#! /usr/bin/perl -w
#
use strict;
use Getopt::Long qw(:config no_ignore_case bundling);

my $sccsid = '@(#)$Id: clean-crl.cin 2649 2013-07-02 18:55:45Z davidg $';

my $targetdir;
my $show_help;
my $show_version;
my $verbose;
my $dryrun;

sub help() {
  (my $name = $0) =~ s/.*\///;
  print <<EOHELP;
The $name utility will eradicate [0-9a-f]{8}.r\\d+ files from
the directory given to the "-l" option if no matching [0-9a-f]{8}.\\d+
file can be found in the same, which in most cases will wipe stale 
historic CRLs from an X509_CERT_DIR like directory.
Use at your own risk. It may be wiping files that you would have
liked to keep, or it may kill your pet.

Options:
  -l | --cadir <path>
    directory to cleanse of old CRL-ish files
  -v[v...] | --verbose 
    become more verbose and talkative
  -n | --dryrun
    do not actually unlink any files
  -V | --version
    show a version number
  -h | --help
    this help text

Examples:
  $name -l /etc/grid-security/certificates

Diagnostics:
  ". not found": consult an expert.

EOHELP
  return 1;
}

sub showversion() {
  (my $name = $0) =~ s/.*\///;
  print "$name version 3.0.11\n";
  return 1;
}

&GetOptions(
  "l|cadir=s" => \$targetdir,
  "n|dryrun" => \$dryrun,
  "h|help" => \$show_help,
  "v|verbose+" => \$verbose,
  "V|version" => \$show_version
  ) or &help and exit(1);

$show_help and &help() and exit (0);
$show_version and &showversion() and exit (0);
$verbose = 0 unless defined $verbose;
$dryrun = 0 unless defined $dryrun;

die "Error: target directory undefined, please supply -l argument!\n" 
  unless $targetdir;
die "Error: target directory $targetdir does not exist\n"
  unless -e $targetdir;
die "Error: target directory $targetdir is not a directory\n"
  unless -d $targetdir;

# read the directory and find all CA like .\d and CRL like files, 
# recoding the hashes of the info files in an array, and then in a
# second pass weeding out those CRL ".r*" files that do not have
# a corresponding info or crl_url file
# the remainer is a candidate for deletion
my $dh;
my @crlfiles;
my %infohashes;
opendir($dh,$targetdir) or die "Cannot open $targetdir: $!\n";
while ( my $fn = readdir $dh ) {
  $fn =~ /^([0-9a-f]{8})\.(\d+)$/ and do {
    $infohashes{$1}=1;
    ($verbose > 2) and print "Hash $1 belongs to an active CA\n";
  };
  $fn =~ /^([0-9a-f]{8})\.r(\d+)$/ and do {
    push @crlfiles,$fn;
    ($verbose > 2) and print "File $fn is classified as a CRL file\n";
  };
}

my @candidates = grep {
    /^([0-9a-f]{8})\.r([0-9]+)$/;
    ! exists $infohashes{$1};
  } @crlfiles;

$verbose > 0 and do {
  if ( $#candidates >= 0 ) {
    print "The following CRL like files are about to be deleted".
      ($dryrun?" ... NOT!":".")."\n";
    foreach my $fn ( @candidates ) { print "  $fn\n"; }
  } else {
    print "No orphaned CRL like files found in $targetdir\n";
  }
};

if ( ! $dryrun ) {
  foreach my $fn ( @candidates ) { 
    unlink("$targetdir/$fn") or warn "Cannot remove $targetdir/$fn: $!\n";
  }
}

1;