Re: [blfs-support] remove-expired-certs.sh

Sun, 04 Dec 2011 10:32:43 -0800 

DJ Lucas wrote:
> On 12/04/2011 10:04 AM, Fernando de Oliveira wrote:
>> Hi,
>>
>> Running this script I obtain (LFS 6.5, 6.7, small difference in 6.8):
>>
>> $ remove-expired-certs.sh
>> date: data inválida "Jul 31 12:31:40 2038 GMT"
>> /bin/remove-expired-certs.sh: line 18: [: -lt: esperado operador unário
>> certs/ad6c2ff9.pem is expired! Removing...
>> certs/84009bc3.pem is expired! Removing...
>> date: data inválida "Jul 31 12:29:50 2038 GMT"
>> /bin/remove-expired-certs.sh: line 18: [: -lt: esperado operador unário
>> date: data inválida "Dec 31 14:20:24 2040 GMT"
>> /bin/remove-expired-certs.sh: line 18: [: -lt: esperado operador unário
>> certs/48ef30f1.pem is expired! Removing...
>> date: data inválida "Dec 31 14:10:36 2040 GMT"
>> /bin/remove-expired-certs.sh: line 18: [: -lt: esperado operador unário
>> certs/972672fc.pem is expired! Removing...
>>
>>
>> where a free translation of the messages could be:
>>
>> data inválida = invalid date
>> esperado operador unário = expecting unary operator
>>
>>
>> []s,
>> Fernando
> 
> The error "esperado operador unário" means that the data contained in 
> the first argument to test either has non-numerical characters, or that 
> it is empty. I'm guessing you are running a 32bit kernel and libc and 
> the 2038 date bug is rearing its head. I suppose we need to dump the 
> test output to /dev/null and put the removal into a second if case based 
> on the return value of test to work around this. 2 is the return value 
> needed to test on.

Fernando, if you can modify the script, and post the output, it would 
help verify DJ's observations:

for cert in $certs; do
   notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout )
   date=$( echo ${notafter} |  sed 's/^notAfter=//' )

echo $today #debug
echo $date  #debug

   if [ $( date -d "${date}" +%Y%m%d ) -lt ${today} ]; then
      echo "${cert} is expired! Removing..."
      rm -f "${cert}"
   fi
done


To make a fix, we could do something like:

certdate=$( date -d "${date}" +%Y%m%d 2>/dev/null )
if [ $? != 0 ]; then
   # skip it      with continue
   # or remove it with rm -f "${cert}"
fi

   -- Bruce
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to