Fix cacert-${d}.pem.sha256 files to actually refer to the correct file

[gevaerts]

I put a retroactive fix snippet to a separate commit. I don't have the necessary files locally, so not actually tested...

[jay]

what is wrong with the old code that copies the hash file?

[gevaerts]

The sha256 file contains the filename, and if that filename doesn't match you can't use sha256sum --check, so actually using the sha256 file is harder than necessary

[jay]

ah right i forgot about that. the rebuild should be a one-time thing so it may be easier for @bagder to just run it once

[vszakats]

I'd be happier with a solution that doesn't require regenerating the hash. One option is to replace cp with sed.

diff --git a/ca/update.sh b/ca/update.sh
index 9d030b03..3497a745 100755
--- a/ca/update.sh
+++ b/ca/update.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 
+# fixup filenames in .sha256 files retroactively
+for f in cacert-*.pem.sha256; do
+  if grep -q -F 'cacert.pem' "${f}"; then
+    sed -i.bak "s/cacert.pem/${f}/" "${f}"
+  fi
+done
+
 # get the cert and create ca-bundle.crt
 perl ../cvssource/scripts/mk-ca-bundle.pl
 
@@ -9,7 +16,7 @@ if test $? -gt "0"; then
   d="$(date +%Y-%m-%d)"
   cp cacert.pem "cacert-${d}.pem"
   sha256sum cacert.pem > cacert.pem.sha256
-  cp cacert.pem.sha256 "cacert-${d}.pem.sha256"
+  sed "s/cacert.pem/cacert-${d}.pem/" < cacert.pem.sha256 > "cacert-${d}.pem.sha256"
   gzip -c cacert.pem > cacert.pem.gz
   xz -c cacert.pem > cacert.pem.xz
   perl ./listpem.pl > pemlist.gen

[gevaerts]

That's a good point. I'll update my tree later today

[vszakats]

I've opened #269 with the above snippet earlier.

[gevaerts]

I've updated this to use sed as suggested.