#!/bin/sh

# ignore input (changed certs)
cat > /dev/null

cacertdir=/usr/share/ca-certificates
keystorebase=/etc/adsm/dsmcert

rm -f "$keystorebase".*
echo 'Generating certstore for tivoli-tsm. This might take a while...' >&2
/usr/lib/tivoli/gsk8capicmd_64 -keydb -create -db "$keystorebase".kdb
[ -e /etc/ca-certificates.conf ] || exit 0
for crt in `egrep -v '^(#|!)' /etc/ca-certificates.conf` ; do
	[ -e "$cacertdir"/"$crt" ] || continue
	/usr/lib/tivoli/gsk8capicmd_64 -cert -add -db "$keystorebase".kdb -file "$cacertdir"/"$crt" -label "$crt" -trust enable > /dev/null 2>&1
done

