Jayman2000 · October 31, 2024 00:55
diff --git a/COPYING.txt b/COPYING.txt
 Creative Commons Legal Code

 CC0 1.0 Universal

    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
    LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
    ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
    INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
    REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
    PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
    THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
    HEREUNDER.

 Statement of Purpose

 The laws of most jurisdictions throughout the world automatically confer
 exclusive Copyright and Related Rights (defined below) upon the creator
 and subsequent owner(s) (each and all, an "owner") of an original work of
 authorship and/or a database (each, a "Work").

 Certain owners wish to permanently relinquish those rights to a Work for
 the purpose of contributing to a commons of creative, cultural and
 scientific works ("Commons") that the public can reliably and without fear
 of later claims of infringement build upon, modify, incorporate in other
 works, reuse and redistribute as freely as possible in any form whatsoever
 and for any purposes, including without limitation commercial purposes.
 These owners may contribute to the Commons to promote the ideal of a free
 culture and the further production of creative, cultural and scientific
 works, or to gain reputation or greater distribution for their Work in
 part through the use and efforts of others.

 For these and/or other purposes and motivations, and without any
 expectation of additional consideration or compensation, the person
 associating CC0 with a Work (the "Affirmer"), to the extent that he or she
 is an owner of Copyright and Related Rights in the Work, voluntarily
 elects to apply CC0 to the Work and publicly distribute the Work under its
 terms, with knowledge of his or her Copyright and Related Rights in the
 Work and the meaning and intended legal effect of CC0 on those rights.

 1. Copyright and Related Rights. A Work made available under CC0 may be
 protected by copyright and related or neighboring rights ("Copyright and
 Related Rights"). Copyright and Related Rights include, but are not
 limited to, the following:

  i. the right to reproduce, adapt, distribute, perform, display,
     communicate, and translate a Work;
 ii. moral rights retained by the original author(s) and/or performer(s);
 iii. publicity and privacy rights pertaining to a person's image or
     likeness depicted in a Work;
 iv. rights protecting against unfair competition in regards to a Work,
     subject to the limitations in paragraph 4(a), below;
  v. rights protecting the extraction, dissemination, use and reuse of data
     in a Work;
 vi. database rights (such as those arising under Directive 96/9/EC of the
     European Parliament and of the Council of 11 March 1996 on the legal
     protection of databases, and under any national implementation
     thereof, including any amended or successor version of such
     directive); and
 vii. other similar, equivalent or corresponding rights throughout the
     world based on applicable law or treaty, and any national
     implementations thereof.

 2. Waiver. To the greatest extent permitted by, but not in contravention
 of, applicable law, Affirmer hereby overtly, fully, permanently,
 irrevocably and unconditionally waives, abandons, and surrenders all of
 Affirmer's Copyright and Related Rights and associated claims and causes
 of action, whether now known or unknown (including existing as well as
 future claims and causes of action), in the Work (i) in all territories
 worldwide, (ii) for the maximum duration provided by applicable law or
 treaty (including future time extensions), (iii) in any current or future
 medium and for any number of copies, and (iv) for any purpose whatsoever,
 including without limitation commercial, advertising or promotional
 purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
 member of the public at large and to the detriment of Affirmer's heirs and
 successors, fully intending that such Waiver shall not be subject to
 revocation, rescission, cancellation, termination, or any other legal or
 equitable action to disrupt the quiet enjoyment of the Work by the public
 as contemplated by Affirmer's express Statement of Purpose.

 3. Public License Fallback. Should any part of the Waiver for any reason
 be judged legally invalid or ineffective under applicable law, then the
 Waiver shall be preserved to the maximum extent permitted taking into
 account Affirmer's express Statement of Purpose. In addition, to the
 extent the Waiver is so judged Affirmer hereby grants to each affected
 person a royalty-free, non transferable, non sublicensable, non exclusive,
 irrevocable and unconditional license to exercise Affirmer's Copyright and
 Related Rights in the Work (i) in all territories worldwide, (ii) for the
 maximum duration provided by applicable law or treaty (including future
 time extensions), (iii) in any current or future medium and for any number
 of copies, and (iv) for any purpose whatsoever, including without
 limitation commercial, advertising or promotional purposes (the
 "License"). The License shall be deemed effective as of the date CC0 was
 applied by Affirmer to the Work. Should any part of the License for any
 reason be judged legally invalid or ineffective under applicable law, such
 partial invalidity or ineffectiveness shall not invalidate the remainder
 of the License, and in such case Affirmer hereby affirms that he or she
 will not (i) exercise any of his or her remaining Copyright and Related
 Rights in the Work or (ii) assert any associated claims and causes of
 action with respect to the Work, in either case contrary to Affirmer's
 express Statement of Purpose.

 4. Limitations and Disclaimers.

 a. No trademark or patent rights held by Affirmer are waived, abandoned,
    surrendered, licensed or otherwise affected by this document.
 b. Affirmer offers the Work as-is and makes no representations or
    warranties of any kind concerning the Work, express, implied,
    statutory or otherwise, including without limitation warranties of
    title, merchantability, fitness for a particular purpose, non
    infringement, or the absence of latent or other defects, accuracy, or
    the present or absence of errors, whether or not discoverable, all to
    the greatest extent permissible under applicable law.
 c. Affirmer disclaims responsibility for clearing rights of other persons
    that may apply to the Work or any use thereof, including without
    limitation any person's Copyright and Related Rights in the Work.
    Further, Affirmer disclaims responsibility for obtaining any necessary
    consents, permissions or other rights required for any use of the
    Work.
 d. Affirmer understands and acknowledges that Creative Commons is not a
    party to this document and has no duty or obligation with respect to
    this CC0 or use of the Work.
diff --git a/flake.lock b/flake.lock
 {
  "nodes": {
    "nixpkgs": {
      "locked": {
        "lastModified": 1730137625,
        "narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "64b80bfb316b57cdb8919a9110ef63393d74382a",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
diff --git a/flake.nix b/flake.nix
 # 🅭🄍1.0 This file is dedicated to the public domain using the CC0 1.0 Universal
 # Public Domain Dedication: <https://creativecommons.org/publicdomain/zero/1.0/>.
 #
 # If you use the Nix package manager, then you can start a shell with all of
 # the dependencies that you need to run verify.sh by running this command:
 #
 #  nix --extra-experimental-features 'nix-command flakes' develop
 #
 # If you don’t use the Nix package manager, then you can safely ignore this
 # file.
 {
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
  outputs = { self, nixpkgs }: let
    system = "x86_64-linux";
    pkgs = nixpkgs.legacyPackages."${system}";
  in {
    devShells."${system}".default = pkgs.mkShell {
      name = "shell-for-running-verify.sh";
      packages = with pkgs; [
        perl
        perlPackages.libwwwperl
        libfaketime
        openssl
      ];
    };
  };
 }
diff --git a/verify.sh b/verify.sh
 #!/usr/bin/env bash
 # 🅭🄍1.0 This file is dedicated to the public domain using the CC0 1.0 Universal
 # Public Domain Dedication: <https://creativecommons.org/publicdomain/zero/1.0/>.
 set -o errexit -o nounset -o pipefail
 # See <man:sysexits.h(3head)>.
 readonly ex_usage=64
 readonly ex_dataerr=65
 export GIT_PAGER=''


 function clean_up {
 	cd /
 	git -C "$curl_repo" worktree remove --force "$curl_worktree" || true  # It’s OK if this command fails.
 	git -C "$ca_bundle_repo" worktree remove --force "$ca_bundle_worktree" || true  # It’s OK if this command fails.
 	rm --recursive "$temporary_directory"
 }


 function remove_leading_and_trailing_spaces {
 	printf '%s' "$*" | sed 's/^[[:blank:]]*//;s/[[:blank:]]*$//'
 }

 function extract_timestamp_helper {
 	grep \
 		--only-matching \
 		--color \
 		--perl-regexp \
 		--regexp="$*" \
 		ca-bundle.crt | tr '\n' ' '
 }

 function extract_timestamp {
 	local result="$(extract_timestamp_helper '(?<=## Certificate data from Mozilla as of: ).*' || extract_timestamp_helper '(?<=## Certificate data from Mozilla downloaded on: ).*')"
 	printf '%s' "$result"
 	if printf '%s' "$result" | grep --quiet GMT
 	then
 		echo
 	else
 		echo 'UTC'
 	fi
 }

 function run_mk_ca_bundle {
 	local certdata_url="$1"
 	local timestamp="$2"

 	# mk-ca-bundle.pl was located in <curl-repo>/lib until this commit:
 	# 8e22fc68e (scripts: move three scripts from lib/ to scripts/,
 	# 2022-03-23)
 	if [ -e "$curl_worktree/lib/mk-ca-bundle.pl" ]
 	then
 		local mk_ca_bundle="$curl_worktree/lib/mk-ca-bundle.pl"
 	else
 		local mk_ca_bundle="$curl_worktree/scripts/mk-ca-bundle.pl"
 	fi

 	sleep 5s  # Rate limiting.
 	curl --output certdata.txt "$certdata_url"
 	touch --date="$timestamp" certdata.txt
 	set -x
 	# Newer versions of mk-ca-bundle won’t include certificates in
 	# ca-bundle.crt if the certificates are expired. That’s why we have to
 	# use faketime here. Otherwise, we won’t exactly reproduce the old
 	# ca-bundle.crt file.
 	#
 	# Also, /usr/bin/perl doesn’t exist on my system, so I can’t run older
 	# versions of mk-ca-bundle.pl directly. Instead, I have to run
 	# ‘perl "$mk_ca_bundle"’.
 	faketime "$timestamp" perl "$mk_ca_bundle" -n
 	set +x
 }



 if [ "$#" -ne 2 ]
 then
 	echo "USAGE: ${0@Q} <path-to-curl-repo> <path-to-ca-bundle-repo>" >&2
 	exit "$ex_usage"
 fi

 curl_repo="$(readlink --canonicalize "$1")"
 readonly curl_repo
 ca_bundle_repo="$(readlink --canonicalize "$2")"
 readonly ca_bundle_repo

 temporary_directory="$(mktemp --directory --suffix=-for-verify.sh)"
 trap clean_up EXIT
 readonly temporary_directory

 readonly curl_worktree="$temporary_directory/curl"
 git -C "$curl_repo" worktree add --detach "$curl_worktree"
 readonly ca_bundle_worktree="$temporary_directory/ca-bundle"
 git -C "$ca_bundle_repo" worktree add --detach "$ca_bundle_worktree"

 readonly ca_bundle_commit_that_added_certdata=d718bef3c0c256d66466f496f11f7e1b5c88bd03
 # First, make sure that there isn’t a typo in
 # ca_bundle_commit_that_added_certdata’s hash.
 git -C "$ca_bundle_repo" merge-base --is-ancestor "$ca_bundle_commit_that_added_certdata" master

 # Second, make sure that every commit that comes before
 # $ca_bundle_commit_that_added_certdata is mentioned in the README.
 git -C "$ca_bundle_repo" log --format=format:'%H%n' "$ca_bundle_commit_that_added_certdata^" | while read -r hash
 do
 	if ! grep --fixed-strings "$hash" "$ca_bundle_repo/README.md" > /dev/null
 	then
 		echo "README.md didn’t mention this commit: $hash" >&2
 		exit "$ex_dataerr"
 	fi
 done

 # Third, make sure that the link really does lead to the corresponding source:
 cd "$ca_bundle_worktree"
 grep --color --ignore-case --perl-regexp '^\| [0-9a-f]+ \| .* \|$' "$ca_bundle_repo/README.md" | while read -r line
 do
 	ca_bundle_commit="$(printf '%s' "$line" | cut --delimiter='|' --fields=2)"
 	ca_bundle_commit="$(remove_leading_and_trailing_spaces "$ca_bundle_commit")"
 	new_certdata_url="$(printf '%s' "$line" | cut --delimiter='|' --fields=3)"
 	new_certdata_url="$(remove_leading_and_trailing_spaces "$new_certdata_url")"
 	if [ "$new_certdata_url" != 'Same as the previous commit' ]
 	then
 		certdata_url="$new_certdata_url"
 	fi

 	echo
 	echo
 	echo "Testing ca-bundle commit $ca_bundle_commit…"

 	git switch --quiet --detach "$ca_bundle_commit"
 	if [ "$certdata_url" = N/A ]
 	then
 		if [ -e ca-bundle.crt ]
 		then
 			echo "ERROR: The certdata URL should only be set to N/A if ca-bundle.crt doesn’t exist." >&2
 			exit "$ex_dataerr"
 		fi
 	else
 		ca_bundle_timestamp="$(extract_timestamp)"
 		# Different versions of mk-ca-bundle produce different results.
 		# In order to reproduce an old ca-bundle.crt file exactly, we
 		# need to use the latest version of mk-ca-bundle that existed
 		# when the old ca-bundle.crt file was created.
 		curl_commit_with_correct_version_of_mk_ca_bundle="$(git \
 			-C "$curl_repo" \
 			log \
 				--before="$ca_bundle_timestamp" \
 				--format=format:'%H' master \
 				--max-count=1
 		)"
 		git -C "$curl_worktree" switch --quiet --detach "$curl_commit_with_correct_version_of_mk_ca_bundle"
 		run_mk_ca_bundle "$certdata_url" "$ca_bundle_timestamp"
 		git clean --quiet --force -dx .
 		git diff --exit-code
 		git restore --quiet .
 	fi
 	echo The commit passed the test.
 done
 echo All commits passed the test!
	Creative Commons Legal Code

	CC0 1.0 Universal

	CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
	LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
	ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
	INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
	REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
	PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
	THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
	HEREUNDER.

	Statement of Purpose

	The laws of most jurisdictions throughout the world automatically confer
	exclusive Copyright and Related Rights (defined below) upon the creator
	and subsequent owner(s) (each and all, an "owner") of an original work of
	authorship and/or a database (each, a "Work").

	Certain owners wish to permanently relinquish those rights to a Work for
	the purpose of contributing to a commons of creative, cultural and
	scientific works ("Commons") that the public can reliably and without fear
	of later claims of infringement build upon, modify, incorporate in other
	works, reuse and redistribute as freely as possible in any form whatsoever
	and for any purposes, including without limitation commercial purposes.
	These owners may contribute to the Commons to promote the ideal of a free
	culture and the further production of creative, cultural and scientific
	works, or to gain reputation or greater distribution for their Work in
	part through the use and efforts of others.

	For these and/or other purposes and motivations, and without any
	expectation of additional consideration or compensation, the person
	associating CC0 with a Work (the "Affirmer"), to the extent that he or she
	is an owner of Copyright and Related Rights in the Work, voluntarily
	elects to apply CC0 to the Work and publicly distribute the Work under its
	terms, with knowledge of his or her Copyright and Related Rights in the
	Work and the meaning and intended legal effect of CC0 on those rights.

	1. Copyright and Related Rights. A Work made available under CC0 may be
	protected by copyright and related or neighboring rights ("Copyright and
	Related Rights"). Copyright and Related Rights include, but are not
	limited to, the following:

	i. the right to reproduce, adapt, distribute, perform, display,
	communicate, and translate a Work;
	ii. moral rights retained by the original author(s) and/or performer(s);
	iii. publicity and privacy rights pertaining to a person's image or
	likeness depicted in a Work;
	iv. rights protecting against unfair competition in regards to a Work,
	subject to the limitations in paragraph 4(a), below;
	v. rights protecting the extraction, dissemination, use and reuse of data
	in a Work;
	vi. database rights (such as those arising under Directive 96/9/EC of the
	European Parliament and of the Council of 11 March 1996 on the legal
	protection of databases, and under any national implementation
	thereof, including any amended or successor version of such
	directive); and
	vii. other similar, equivalent or corresponding rights throughout the
	world based on applicable law or treaty, and any national
	implementations thereof.

	2. Waiver. To the greatest extent permitted by, but not in contravention
	of, applicable law, Affirmer hereby overtly, fully, permanently,
	irrevocably and unconditionally waives, abandons, and surrenders all of
	Affirmer's Copyright and Related Rights and associated claims and causes
	of action, whether now known or unknown (including existing as well as
	future claims and causes of action), in the Work (i) in all territories
	worldwide, (ii) for the maximum duration provided by applicable law or
	treaty (including future time extensions), (iii) in any current or future
	medium and for any number of copies, and (iv) for any purpose whatsoever,
	including without limitation commercial, advertising or promotional
	purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each
	member of the public at large and to the detriment of Affirmer's heirs and
	successors, fully intending that such Waiver shall not be subject to
	revocation, rescission, cancellation, termination, or any other legal or
	equitable action to disrupt the quiet enjoyment of the Work by the public
	as contemplated by Affirmer's express Statement of Purpose.

	3. Public License Fallback. Should any part of the Waiver for any reason
	be judged legally invalid or ineffective under applicable law, then the
	Waiver shall be preserved to the maximum extent permitted taking into
	account Affirmer's express Statement of Purpose. In addition, to the
	extent the Waiver is so judged Affirmer hereby grants to each affected
	person a royalty-free, non transferable, non sublicensable, non exclusive,
	irrevocable and unconditional license to exercise Affirmer's Copyright and
	Related Rights in the Work (i) in all territories worldwide, (ii) for the
	maximum duration provided by applicable law or treaty (including future
	time extensions), (iii) in any current or future medium and for any number
	of copies, and (iv) for any purpose whatsoever, including without
	limitation commercial, advertising or promotional purposes (the
	"License"). The License shall be deemed effective as of the date CC0 was
	applied by Affirmer to the Work. Should any part of the License for any
	reason be judged legally invalid or ineffective under applicable law, such
	partial invalidity or ineffectiveness shall not invalidate the remainder
	of the License, and in such case Affirmer hereby affirms that he or she
	will not (i) exercise any of his or her remaining Copyright and Related
	Rights in the Work or (ii) assert any associated claims and causes of
	action with respect to the Work, in either case contrary to Affirmer's
	express Statement of Purpose.

	4. Limitations and Disclaimers.

	a. No trademark or patent rights held by Affirmer are waived, abandoned,
	surrendered, licensed or otherwise affected by this document.
	b. Affirmer offers the Work as-is and makes no representations or
	warranties of any kind concerning the Work, express, implied,
	statutory or otherwise, including without limitation warranties of
	title, merchantability, fitness for a particular purpose, non
	infringement, or the absence of latent or other defects, accuracy, or
	the present or absence of errors, whether or not discoverable, all to
	the greatest extent permissible under applicable law.
	c. Affirmer disclaims responsibility for clearing rights of other persons
	that may apply to the Work or any use thereof, including without
	limitation any person's Copyright and Related Rights in the Work.
	Further, Affirmer disclaims responsibility for obtaining any necessary
	consents, permissions or other rights required for any use of the
	Work.
	d. Affirmer understands and acknowledges that Creative Commons is not a
	party to this document and has no duty or obligation with respect to
	this CC0 or use of the Work.
	{
	"nodes": {
	"nixpkgs": {
	"locked": {
	"lastModified": 1730137625,
	"narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=",
	"owner": "NixOS",
	"repo": "nixpkgs",
	"rev": "64b80bfb316b57cdb8919a9110ef63393d74382a",
	"type": "github"
	},
	"original": {
	"owner": "NixOS",
	"ref": "nixos-24.05",
	"repo": "nixpkgs",
	"type": "github"
	}
	},
	"root": {
	"inputs": {
	"nixpkgs": "nixpkgs"
	}
	}
	},
	"root": "root",
	"version": 7
	}
	# 🅭🄍1.0 This file is dedicated to the public domain using the CC0 1.0 Universal
	# Public Domain Dedication: <https://creativecommons.org/publicdomain/zero/1.0/>.
	#
	# If you use the Nix package manager, then you can start a shell with all of
	# the dependencies that you need to run verify.sh by running this command:
	#
	# nix --extra-experimental-features 'nix-command flakes' develop
	#
	# If you don’t use the Nix package manager, then you can safely ignore this
	# file.
	{
	inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
	outputs = { self, nixpkgs }: let
	system = "x86_64-linux";
	pkgs = nixpkgs.legacyPackages."${system}";
	in {
	devShells."${system}".default = pkgs.mkShell {
	name = "shell-for-running-verify.sh";
	packages = with pkgs; [
	perl
	perlPackages.libwwwperl
	libfaketime
	openssl
	];
	};
	};
	}
	#!/usr/bin/env bash
	# 🅭🄍1.0 This file is dedicated to the public domain using the CC0 1.0 Universal
	# Public Domain Dedication: <https://creativecommons.org/publicdomain/zero/1.0/>.
	set -o errexit -o nounset -o pipefail
	# See <man:sysexits.h(3head)>.
	readonly ex_usage=64
	readonly ex_dataerr=65
	export GIT_PAGER=''


	function clean_up {
	cd /
	git -C "$curl_repo" worktree remove --force "$curl_worktree" \|\| true # It’s OK if this command fails.
	git -C "$ca_bundle_repo" worktree remove --force "$ca_bundle_worktree" \|\| true # It’s OK if this command fails.
	rm --recursive "$temporary_directory"
	}


	function remove_leading_and_trailing_spaces {
	printf '%s' "$" \| sed 's/^[[:blank:]]//;s/[[:blank:]]*$//'
	}

	function extract_timestamp_helper {
	grep \
	--only-matching \
	--color \
	--perl-regexp \
	--regexp="$*" \
	ca-bundle.crt \| tr '\n' ' '
	}

	function extract_timestamp {
	local result="$(extract_timestamp_helper '(?<=## Certificate data from Mozilla as of: ).' \|\| extract_timestamp_helper '(?<=## Certificate data from Mozilla downloaded on: ).')"
	printf '%s' "$result"
	if printf '%s' "$result" \| grep --quiet GMT
	then
	echo
	else
	echo 'UTC'
	fi
	}

	function run_mk_ca_bundle {
	local certdata_url="$1"
	local timestamp="$2"

	# mk-ca-bundle.pl was located in <curl-repo>/lib until this commit:
	# 8e22fc68e (scripts: move three scripts from lib/ to scripts/,
	# 2022-03-23)
	if [ -e "$curl_worktree/lib/mk-ca-bundle.pl" ]
	then
	local mk_ca_bundle="$curl_worktree/lib/mk-ca-bundle.pl"
	else
	local mk_ca_bundle="$curl_worktree/scripts/mk-ca-bundle.pl"
	fi

	sleep 5s # Rate limiting.
	curl --output certdata.txt "$certdata_url"
	touch --date="$timestamp" certdata.txt
	set -x
	# Newer versions of mk-ca-bundle won’t include certificates in
	# ca-bundle.crt if the certificates are expired. That’s why we have to
	# use faketime here. Otherwise, we won’t exactly reproduce the old
	# ca-bundle.crt file.
	#
	# Also, /usr/bin/perl doesn’t exist on my system, so I can’t run older
	# versions of mk-ca-bundle.pl directly. Instead, I have to run
	# ‘perl "$mk_ca_bundle"’.
	faketime "$timestamp" perl "$mk_ca_bundle" -n
	set +x
	}



	if [ "$#" -ne 2 ]
	then
	echo "USAGE: ${0@Q} <path-to-curl-repo> <path-to-ca-bundle-repo>" >&2
	exit "$ex_usage"
	fi

	curl_repo="$(readlink --canonicalize "$1")"
	readonly curl_repo
	ca_bundle_repo="$(readlink --canonicalize "$2")"
	readonly ca_bundle_repo

	temporary_directory="$(mktemp --directory --suffix=-for-verify.sh)"
	trap clean_up EXIT
	readonly temporary_directory

	readonly curl_worktree="$temporary_directory/curl"
	git -C "$curl_repo" worktree add --detach "$curl_worktree"
	readonly ca_bundle_worktree="$temporary_directory/ca-bundle"
	git -C "$ca_bundle_repo" worktree add --detach "$ca_bundle_worktree"

	readonly ca_bundle_commit_that_added_certdata=d718bef3c0c256d66466f496f11f7e1b5c88bd03
	# First, make sure that there isn’t a typo in
	# ca_bundle_commit_that_added_certdata’s hash.
	git -C "$ca_bundle_repo" merge-base --is-ancestor "$ca_bundle_commit_that_added_certdata" master

	# Second, make sure that every commit that comes before
	# $ca_bundle_commit_that_added_certdata is mentioned in the README.
	git -C "$ca_bundle_repo" log --format=format:'%H%n' "$ca_bundle_commit_that_added_certdata^" \| while read -r hash
	do
	if ! grep --fixed-strings "$hash" "$ca_bundle_repo/README.md" > /dev/null
	then
	echo "README.md didn’t mention this commit: $hash" >&2
	exit "$ex_dataerr"
	fi
	done

	# Third, make sure that the link really does lead to the corresponding source:
	cd "$ca_bundle_worktree"
	grep --color --ignore-case --perl-regexp '^\\| [0-9a-f]+ \\| .* \\|$' "$ca_bundle_repo/README.md" \| while read -r line
	do
	ca_bundle_commit="$(printf '%s' "$line" \| cut --delimiter='\|' --fields=2)"
	ca_bundle_commit="$(remove_leading_and_trailing_spaces "$ca_bundle_commit")"
	new_certdata_url="$(printf '%s' "$line" \| cut --delimiter='\|' --fields=3)"
	new_certdata_url="$(remove_leading_and_trailing_spaces "$new_certdata_url")"
	if [ "$new_certdata_url" != 'Same as the previous commit' ]
	then
	certdata_url="$new_certdata_url"
	fi

	echo
	echo
	echo "Testing ca-bundle commit $ca_bundle_commit…"

	git switch --quiet --detach "$ca_bundle_commit"
	if [ "$certdata_url" = N/A ]
	then
	if [ -e ca-bundle.crt ]
	then
	echo "ERROR: The certdata URL should only be set to N/A if ca-bundle.crt doesn’t exist." >&2
	exit "$ex_dataerr"
	fi
	else
	ca_bundle_timestamp="$(extract_timestamp)"
	# Different versions of mk-ca-bundle produce different results.
	# In order to reproduce an old ca-bundle.crt file exactly, we
	# need to use the latest version of mk-ca-bundle that existed
	# when the old ca-bundle.crt file was created.
	curl_commit_with_correct_version_of_mk_ca_bundle="$(git \
	-C "$curl_repo" \
	log \
	--before="$ca_bundle_timestamp" \
	--format=format:'%H' master \
	--max-count=1
	)"
	git -C "$curl_worktree" switch --quiet --detach "$curl_commit_with_correct_version_of_mk_ca_bundle"
	run_mk_ca_bundle "$certdata_url" "$ca_bundle_timestamp"
	git clean --quiet --force -dx .
	git diff --exit-code
	git restore --quiet .
	fi
	echo The commit passed the test.
	done
	echo All commits passed the test!