git: b06aed1e7810 - stable/12 - caroot: add a primitive script to re-stamp certs

The branch stable/12 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=b06aed1e781051a55e11a04408ea14a95e079e34

commit b06aed1e781051a55e11a04408ea14a95e079e34
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2023-09-09 05:34:31 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2023-09-09 05:34:31 +0000

    caroot: add a primitive script to re-stamp certs
    
    The tooling in main isn't stamping output with $FreeBSD$ strings going
    forward, so we need to remember to do that in this branch with each
    update.  Add a stupid simple script that we can just run every time we
    MFC an update without having to put much thought into it.
    
    Direct commit to stable/12 because we don't need this in stable/13 or
    stable/14.
---
 secure/caroot/stamp-certs.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/secure/caroot/stamp-certs.sh b/secure/caroot/stamp-certs.sh
new file mode 100755
index 000000000000..8e702cd56668
--- /dev/null
+++ b/secure/caroot/stamp-certs.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+scriptdir=$(dirname $(realpath "$0"))
+
+files=$(grep -Lr '$FreeBSD' "$scriptdir"/*/*.pem)
+
+if [ -z "$files" ]; then
+	1>&2 echo "No certs to stamp."
+	exit 0
+fi
+
+for f in $files; do
+	echo "Stamping $f"
+	sed -i.bak -e $'/Extracted from/a\\\n##  with $FreeBSD$' "$f" && \
+	    rm "$f.bak"
+done
+
+1>&2 echo "Done."