From fbb2510dba02df048fd117bc75fa3a527bb97eac Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Thu, 27 Nov 2014 14:29:59 +0100 Subject: work around Debian Bug #771170: git appears to no longer accept intermediate or end-entity certs for server verification --- ssh-co-dotfiles | 133 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 66 insertions(+), 67 deletions(-) diff --git a/ssh-co-dotfiles b/ssh-co-dotfiles index 1f25160..5e89ed6 100755 --- a/ssh-co-dotfiles +++ b/ssh-co-dotfiles @@ -14,85 +14,84 @@ h="$1" echo ssh "$h" 'if ! [ -e .dotfiles ] || ( [ -e .dotfiles/.svn ] && mv .dotfiles .dotfiles-svn ); then rm -rf .dotfiles.new && - cat > .www.palfrader.org.crt << EOF && + cat > .git2.palfrader.org.crt << EOF && -----BEGIN CERTIFICATE----- -MIIFejCCBGKgAwIBAgIQToSxUkJRuXHq6GShiZ6UmTANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTQwNjIzMDAwMDAwWhcNMTYwNjIzMjM1OTU5WjBcMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEaMBgGA1UEAxMRd3d3LnBhbGZyYWRlci5vcmcwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQC8oPtzgAShwDQxpqeuA/mdiBd4mwA+vCsvrQD058zO7ttQ -O+XKsUZ6Bv6BSitMLJiGrn45fcwkn1meXDgYf65EyFw6LJXT7EFs6axtqkvpV4fl -VI7oWwG720l2fThHO/Z7iMNuorPxJcM39zzt5GtEHKMq1dP+YWn6OF0mi7cbGu95 -0PT2ueuO1hF0TAWCK5LuRf3vwKqbhBL0EMwcMqpG7h5WxcxdX3tRIlwG8OoDGw/u -1v4WCyU1KY4qGmtWvuW5+jzHR5gkIgYJzhBcwpQPqzGrHm7c8cjBV5S6b8XvyGMQ -0SrEe6ex8kip/Wuh8aAg5iXK3+EJIadAGvGoBxZcO6hiQNoUDRjw8qbq813sPpks -kosGvQsxbi+0Rqp3Xw67JaKAXZdnbDY9Gj3XqMrISXeKvFTUKsSx1B6qu71asI8T -bLDYN1O/n9L7c8jH/XpF9uhbKkv2oP6ld05LAInNhTyaJuPwEeZRpIB6yOnYU3b7 -URv3j6+4QbGEq27IMg0CAwEAAaOCAbMwggGvMB8GA1UdIwQYMBaAFLOQp9jJr07N -YTyffK1df0H9aTDqMB0GA1UdDgQWBBSIvCKT3k4/gqibe5ZL4mI7ILI3vTAOBgNV -HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIB -FhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4 -MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNT -TENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0 -LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUH -MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wKwYDVR0RBCQwIoIRd3d3LnBh -bGZyYWRlci5vcmeCDXBhbGZyYWRlci5vcmcwDQYJKoZIhvcNAQELBQADggEBADyo -L/7Y2yOjAjEknZfHv56xPKmHztkeP4N1X1fwW63sq8ZfPtXTyF7qZHzUjN3Bg+xB -0n6+ojl9H013QUnGc9lPcwDkGCt63bcm+WoHn7dllmvkEifHckZHk4QQup4Ni5Jw -HE05gWdJDIxVT3VnnD9UtLN+WpzksPnNZ81HfRQJp34yGkNTd52n5lo8zmygg/96 -kXY3rh7gASx9qm2F7fc92igqDW8CbGY4sn0kOVxb4CzpiNfMUcYOC7JZRcZQynlP -8YzlHdn+y5s1ykBpEHujhGK306SB2Z1k444mLwIk3/RLGuLMOBEeh7DE3RHE/qJK -T/fNb04E4tA6QTx905A= +MIIFDTCCAvWgAwIBAgIJAIsni+g4o/7PMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMMEmdpdDIucGFsZnJhZGVyLm9yZzAeFw0xNDExMjcxMzE5MzJaFw0yNDExMjQx +MzE5MzJaMB0xGzAZBgNVBAMMEmdpdDIucGFsZnJhZGVyLm9yZzCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAOVU+Ui2WRW6G5iJuuNX8iwH/Gu/avD+sh6M +m5JCW2HQg+05MbFVYbl7qm8ztc54Gw2UX4ohCqIJxuqxJD0zREA7obINvLhaGzp6 +aE4c+M0ho5QMJLdeMsgVR1esMy8bixGm4gZ4xR62aIU8tnyW8dBSuSXVjVi+a4qe +UJE+n/oSuxOty4I/sdH+t4WRD7dBg0qFowVhvTuBP8sQGyvUuTXuooPKydjDXdCX +2h2jxfMJnZ/Tu/MPttqh790BYDEjRSri3ZwtnksX8rH8t/fAguKk32M3uyZA88GH +19JNHa2T+ifKNoFtI0o6Q6+b/3c9iJ5vY7Sj9VwKqhUgx49z4XB4+y1lRvvHNGrn +skO/WpYd0f+0zS+LG/SEcbI7zZoTm5z8gdYHXAYJEw1MhBiP3x3Eclz4WGXparlf +u1q+tVIty461g5NYrVgTpRx6bnMPRcU6llq2bqf8aFRpdLF+Ca6MIlVqs5q51Vj4 +NHX5idzKAywG9wLHSuyN8Si2UqDBvBZBXmc2tPpYm+VPrWLWKCXnUfSP1EgCHkLF ++EkoR4tdbYlam0Pt4vd5psLWm4OePF+BeDKM5FIfdl+vfbo+JQY7FLXxABahDBVi +QWyp5oGCbA/5BJz8Hw7M4+wJHg/ENduu2PO8Ug2umeoiTYKuJGNw2VhMayqUpty2 +EGWoK6WhAgMBAAGjUDBOMB0GA1UdDgQWBBSpwugNzLpR5fwG2pBDfDjqwqMC7jAf +BgNVHSMEGDAWgBSpwugNzLpR5fwG2pBDfDjqwqMC7jAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4ICAQCwz7kpFE9hwrp17Za5j1ndcpiwShlQZ0sj28NTQp6w +KOPhDnB4sQYdKwm8pc//tMOiKn0UDDQzEkWCOdWytezkbYOQ3BoRuYOovWZox2Qx +PFvnjEs0QRt09XFRCpZDyKZY8nq2CRogNLzSfezeJxy7N0KH2pdKOq9XnB7uWta6 +Yn0iSLWsAF7EM00xHavAdsHEN5Y6F01o18U7+c3nf5mf4ZXKqMHrLksvFIxqNr1s +bmpt3xkYqvY9f2PmcVCEO1l/SDXrDfFuB7MOs7K63NVMunnePvFWweyOi3yS9f2t +AsDzp63fNXOYzM7CbQBo2SDuTIUXFNeIEk7csf1KY2lw91McGG+WG79GgKq63pow +iP8pN1PkzovkaJL+xcjEHnEc3PDJAz3zp3sImK13Mu/aCSOeWio6G899rs8qfwFT +Kc/VzHcX2b2BahM4qu6sTA71P2R1Ek/Sv/XP4UiWCqh+2jd7NHqbmp9QERIJnN0n +4PS3EeGIRrRxZnewG/HslSSk12yZ1r9AUlpM8PZbPd9cUYR65X1V0cHyOfskxGhX +GNkMrry7av7b5DH4cCyKICLADrcp8avKRqOz3sl1ZluqpRjxSngK4M50v5ArVJJk +sXmB2EZXwPrgijgIFWpRTarioptI9NxNF4RtpAjH1dI1VtP9kybvYKSP+z3cniFL +4Q== -----END CERTIFICATE----- EOF - git -c http.sslCAinfo="$HOME"/.www.palfrader.org.crt clone https://www.palfrader.org/git/conf/dotfiles.git .dotfiles.new && - rm -f .www.palfrader.org.crt && + git -c http.sslCAinfo="$HOME"/.git2.palfrader.org.crt -c http.sslCAPath="$HOME"/.nonexistent clone https://git2.palfrader.org/git/conf/dotfiles.git .dotfiles.new && + rm -f .git2.palfrader.org.crt && mv .dotfiles.new .dotfiles && cd .dotfiles && - git config --local --add http.sslCAinfo "$HOME"/.dotfiles/.certs/www.palfrader.org.crt && + git config --local --add http.sslCAinfo "$HOME"/.dotfiles/.certs/git2.palfrader.org.crt && + git config --local --add http.sslCAPath "$HOME"/.nonexistent && ./Link-Them && echo "All done"; elif [ -e .dotfiles/.git ]; then - cat > .www.palfrader.org.crt << EOF && + cat > .git2.palfrader.org.crt << EOF && -----BEGIN CERTIFICATE----- -MIIFejCCBGKgAwIBAgIQToSxUkJRuXHq6GShiZ6UmTANBgkqhkiG9w0BAQsFADBf -MQswCQYDVQQGEwJGUjEOMAwGA1UECBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4w -DAYDVQQKEwVHYW5kaTEgMB4GA1UEAxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIw -HhcNMTQwNjIzMDAwMDAwWhcNMTYwNjIzMjM1OTU5WjBcMSEwHwYDVQQLExhEb21h -aW4gQ29udHJvbCBWYWxpZGF0ZWQxGzAZBgNVBAsTEkdhbmRpIFN0YW5kYXJkIFNT -TDEaMBgGA1UEAxMRd3d3LnBhbGZyYWRlci5vcmcwggGiMA0GCSqGSIb3DQEBAQUA -A4IBjwAwggGKAoIBgQC8oPtzgAShwDQxpqeuA/mdiBd4mwA+vCsvrQD058zO7ttQ -O+XKsUZ6Bv6BSitMLJiGrn45fcwkn1meXDgYf65EyFw6LJXT7EFs6axtqkvpV4fl -VI7oWwG720l2fThHO/Z7iMNuorPxJcM39zzt5GtEHKMq1dP+YWn6OF0mi7cbGu95 -0PT2ueuO1hF0TAWCK5LuRf3vwKqbhBL0EMwcMqpG7h5WxcxdX3tRIlwG8OoDGw/u -1v4WCyU1KY4qGmtWvuW5+jzHR5gkIgYJzhBcwpQPqzGrHm7c8cjBV5S6b8XvyGMQ -0SrEe6ex8kip/Wuh8aAg5iXK3+EJIadAGvGoBxZcO6hiQNoUDRjw8qbq813sPpks -kosGvQsxbi+0Rqp3Xw67JaKAXZdnbDY9Gj3XqMrISXeKvFTUKsSx1B6qu71asI8T -bLDYN1O/n9L7c8jH/XpF9uhbKkv2oP6ld05LAInNhTyaJuPwEeZRpIB6yOnYU3b7 -URv3j6+4QbGEq27IMg0CAwEAAaOCAbMwggGvMB8GA1UdIwQYMBaAFLOQp9jJr07N -YTyffK1df0H9aTDqMB0GA1UdDgQWBBSIvCKT3k4/gqibe5ZL4mI7ILI3vTAOBgNV -HQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI -KwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICGjAnMCUGCCsGAQUFBwIB -FhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECATBBBgNVHR8EOjA4 -MDagNKAyhjBodHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNT -TENBMi5jcmwwcwYIKwYBBQUHAQEEZzBlMDwGCCsGAQUFBzAChjBodHRwOi8vY3J0 -LnVzZXJ0cnVzdC5jb20vR2FuZGlTdGFuZGFyZFNTTENBMi5jcnQwJQYIKwYBBQUH -MAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wKwYDVR0RBCQwIoIRd3d3LnBh -bGZyYWRlci5vcmeCDXBhbGZyYWRlci5vcmcwDQYJKoZIhvcNAQELBQADggEBADyo -L/7Y2yOjAjEknZfHv56xPKmHztkeP4N1X1fwW63sq8ZfPtXTyF7qZHzUjN3Bg+xB -0n6+ojl9H013QUnGc9lPcwDkGCt63bcm+WoHn7dllmvkEifHckZHk4QQup4Ni5Jw -HE05gWdJDIxVT3VnnD9UtLN+WpzksPnNZ81HfRQJp34yGkNTd52n5lo8zmygg/96 -kXY3rh7gASx9qm2F7fc92igqDW8CbGY4sn0kOVxb4CzpiNfMUcYOC7JZRcZQynlP -8YzlHdn+y5s1ykBpEHujhGK306SB2Z1k444mLwIk3/RLGuLMOBEeh7DE3RHE/qJK -T/fNb04E4tA6QTx905A= +MIIFDTCCAvWgAwIBAgIJAIsni+g4o/7PMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNV +BAMMEmdpdDIucGFsZnJhZGVyLm9yZzAeFw0xNDExMjcxMzE5MzJaFw0yNDExMjQx +MzE5MzJaMB0xGzAZBgNVBAMMEmdpdDIucGFsZnJhZGVyLm9yZzCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAOVU+Ui2WRW6G5iJuuNX8iwH/Gu/avD+sh6M +m5JCW2HQg+05MbFVYbl7qm8ztc54Gw2UX4ohCqIJxuqxJD0zREA7obINvLhaGzp6 +aE4c+M0ho5QMJLdeMsgVR1esMy8bixGm4gZ4xR62aIU8tnyW8dBSuSXVjVi+a4qe +UJE+n/oSuxOty4I/sdH+t4WRD7dBg0qFowVhvTuBP8sQGyvUuTXuooPKydjDXdCX +2h2jxfMJnZ/Tu/MPttqh790BYDEjRSri3ZwtnksX8rH8t/fAguKk32M3uyZA88GH +19JNHa2T+ifKNoFtI0o6Q6+b/3c9iJ5vY7Sj9VwKqhUgx49z4XB4+y1lRvvHNGrn +skO/WpYd0f+0zS+LG/SEcbI7zZoTm5z8gdYHXAYJEw1MhBiP3x3Eclz4WGXparlf +u1q+tVIty461g5NYrVgTpRx6bnMPRcU6llq2bqf8aFRpdLF+Ca6MIlVqs5q51Vj4 +NHX5idzKAywG9wLHSuyN8Si2UqDBvBZBXmc2tPpYm+VPrWLWKCXnUfSP1EgCHkLF ++EkoR4tdbYlam0Pt4vd5psLWm4OePF+BeDKM5FIfdl+vfbo+JQY7FLXxABahDBVi +QWyp5oGCbA/5BJz8Hw7M4+wJHg/ENduu2PO8Ug2umeoiTYKuJGNw2VhMayqUpty2 +EGWoK6WhAgMBAAGjUDBOMB0GA1UdDgQWBBSpwugNzLpR5fwG2pBDfDjqwqMC7jAf +BgNVHSMEGDAWgBSpwugNzLpR5fwG2pBDfDjqwqMC7jAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBCwUAA4ICAQCwz7kpFE9hwrp17Za5j1ndcpiwShlQZ0sj28NTQp6w +KOPhDnB4sQYdKwm8pc//tMOiKn0UDDQzEkWCOdWytezkbYOQ3BoRuYOovWZox2Qx +PFvnjEs0QRt09XFRCpZDyKZY8nq2CRogNLzSfezeJxy7N0KH2pdKOq9XnB7uWta6 +Yn0iSLWsAF7EM00xHavAdsHEN5Y6F01o18U7+c3nf5mf4ZXKqMHrLksvFIxqNr1s +bmpt3xkYqvY9f2PmcVCEO1l/SDXrDfFuB7MOs7K63NVMunnePvFWweyOi3yS9f2t +AsDzp63fNXOYzM7CbQBo2SDuTIUXFNeIEk7csf1KY2lw91McGG+WG79GgKq63pow +iP8pN1PkzovkaJL+xcjEHnEc3PDJAz3zp3sImK13Mu/aCSOeWio6G899rs8qfwFT +Kc/VzHcX2b2BahM4qu6sTA71P2R1Ek/Sv/XP4UiWCqh+2jd7NHqbmp9QERIJnN0n +4PS3EeGIRrRxZnewG/HslSSk12yZ1r9AUlpM8PZbPd9cUYR65X1V0cHyOfskxGhX +GNkMrry7av7b5DH4cCyKICLADrcp8avKRqOz3sl1ZluqpRjxSngK4M50v5ArVJJk +sXmB2EZXwPrgijgIFWpRTarioptI9NxNF4RtpAjH1dI1VtP9kybvYKSP+z3cniFL +4Q== -----END CERTIFICATE----- EOF cd .dotfiles && - git -c http.sslCAinfo="$HOME"/.www.palfrader.org.crt pull && - rm -f .www.palfrader.org.crt && + git -c http.sslCAinfo="$HOME"/.git2.palfrader.org.crt -c http.sslCAPath="$HOME"/.nonexistent pull && + git config --local --add http.sslCAinfo "$HOME"/.dotfiles/.certs/git2.palfrader.org.crt && + git config --local --add http.sslCAPath "$HOME"/.nonexistent && + rm -f .git2.palfrader.org.crt && echo "Pulled with current cert."; fi ' -- cgit v1.2.3