CACert add script for Alpine

cacert-add.sh

#!/bin/sh

# Cannot be a subdir (at least on Alpine)
cert_dir=/usr/local/share/ca-certificates/

cert_1=http://www.cacert.org/certs/root.crt
hash_1=3ecd6f84706512923d62fcd0340fb85c92f4d7067b66ef20d4ac41d9cabf3ff30173f1af0f3cbd6a8ce4222b9132df559fca8108b6c9ba527f93db9078d85119
cert_2=http://www.cacert.org/certs/class3.crt
hash_2=a141608eb73a065b6aa4595bd23572621e359332bb99f8cb79aafaeb82e076b4f4c697e80fbc80a8c7e456520a7bba21a637e1523229340989905c3072b1cda5
nb=2

work_dir=$(mktemp -d)
cd $work_dir
success=0
for i in `seq $nb`; do
  cert=$(eval echo \$cert_$i)
  wget -q $cert
  name=$(basename $cert)
  prefix=$(echo $cert | cut -d'/' -f3)
  calc_hash=$(openssl x509 -in $name -outform der | sha3sum | cut -d' ' -f1)
  hash=$(eval echo \$hash_$i)
  if [ "$calc_hash" == "$hash" ]; then
    success=$(($success+1))
    mv $name $cert_dir$prefix'-'$name
    echo "$cert : seems valid (sha3 match)"
  else
    echo "$cert : wrong chechsum !"
    rm -f $name
  fi
done

if [ "$success" -gt 0 ]; then
  echo "Updating certificate store"
  update-ca-certificates
  exit 0
else
  echo "Error occured, please check"
  exit 1
fi