/usr/sbin/clean-crl is in fetch-crl 3.0.11-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 | #! /usr/bin/perl -w
#
use strict;
use Getopt::Long qw(:config no_ignore_case bundling);
my $sccsid = '@(#)$Id: clean-crl.cin 2649 2013-07-02 18:55:45Z davidg $';
my $targetdir;
my $show_help;
my $show_version;
my $verbose;
my $dryrun;
sub help() {
(my $name = $0) =~ s/.*\///;
print <<EOHELP;
The $name utility will eradicate [0-9a-f]{8}.r\\d+ files from
the directory given to the "-l" option if no matching [0-9a-f]{8}.\\d+
file can be found in the same, which in most cases will wipe stale
historic CRLs from an X509_CERT_DIR like directory.
Use at your own risk. It may be wiping files that you would have
liked to keep, or it may kill your pet.
Options:
-l | --cadir <path>
directory to cleanse of old CRL-ish files
-v[v...] | --verbose
become more verbose and talkative
-n | --dryrun
do not actually unlink any files
-V | --version
show a version number
-h | --help
this help text
Examples:
$name -l /etc/grid-security/certificates
Diagnostics:
". not found": consult an expert.
EOHELP
return 1;
}
sub showversion() {
(my $name = $0) =~ s/.*\///;
print "$name version 3.0.11\n";
return 1;
}
&GetOptions(
"l|cadir=s" => \$targetdir,
"n|dryrun" => \$dryrun,
"h|help" => \$show_help,
"v|verbose+" => \$verbose,
"V|version" => \$show_version
) or &help and exit(1);
$show_help and &help() and exit (0);
$show_version and &showversion() and exit (0);
$verbose = 0 unless defined $verbose;
$dryrun = 0 unless defined $dryrun;
die "Error: target directory undefined, please supply -l argument!\n"
unless $targetdir;
die "Error: target directory $targetdir does not exist\n"
unless -e $targetdir;
die "Error: target directory $targetdir is not a directory\n"
unless -d $targetdir;
# read the directory and find all CA like .\d and CRL like files,
# recoding the hashes of the info files in an array, and then in a
# second pass weeding out those CRL ".r*" files that do not have
# a corresponding info or crl_url file
# the remainer is a candidate for deletion
my $dh;
my @crlfiles;
my %infohashes;
opendir($dh,$targetdir) or die "Cannot open $targetdir: $!\n";
while ( my $fn = readdir $dh ) {
$fn =~ /^([0-9a-f]{8})\.(\d+)$/ and do {
$infohashes{$1}=1;
($verbose > 2) and print "Hash $1 belongs to an active CA\n";
};
$fn =~ /^([0-9a-f]{8})\.r(\d+)$/ and do {
push @crlfiles,$fn;
($verbose > 2) and print "File $fn is classified as a CRL file\n";
};
}
my @candidates = grep {
/^([0-9a-f]{8})\.r([0-9]+)$/;
! exists $infohashes{$1};
} @crlfiles;
$verbose > 0 and do {
if ( $#candidates >= 0 ) {
print "The following CRL like files are about to be deleted".
($dryrun?" ... NOT!":".")."\n";
foreach my $fn ( @candidates ) { print " $fn\n"; }
} else {
print "No orphaned CRL like files found in $targetdir\n";
}
};
if ( ! $dryrun ) {
foreach my $fn ( @candidates ) {
unlink("$targetdir/$fn") or warn "Cannot remove $targetdir/$fn: $!\n";
}
}
1;
|