]>
Commit | Line | Data |
---|---|---|
057303f8 SS |
1 | ############################################################################### |
2 | # IPFire.org - An Open Source Firewall Solution # | |
3 | # Copyright (C) - IPFire Development Team <info@ipfire.org> # | |
4 | ############################################################################### | |
5 | ||
6 | name = ca-certificates | |
7 | version = 2012.81 | |
8 | release = 1 | |
9 | arch = noarch | |
10 | ||
11 | groups = System/Base | |
12 | url = http://www.mozilla.org | |
13 | license = Public Domain | |
14 | summary = The Mozilla CA root certificate bundle. | |
15 | ||
16 | description | |
17 | This package contains the set of CA certificates chosen by the | |
18 | Mozilla Foundation for use with the Internet PKI. | |
19 | end | |
20 | ||
21 | # This package has no tarball. | |
22 | sources = | |
23 | ||
24 | build | |
25 | requires | |
26 | openssl | |
27 | perl | |
28 | rcs | |
29 | end | |
30 | ||
31 | DIR_APP = %{DIR_SOURCE} | |
32 | ||
33 | build | |
34 | # Create file layout. | |
35 | mkdir -pv certs | |
36 | cp certdata.txt blacklist.txt certs | |
37 | cd certs | |
38 | ||
39 | python %{DIR_SOURCE}/certdata2pem.py | |
40 | ||
41 | cd .. | |
42 | (cat <<EOF | |
43 | # This is a bundle of X.509 certificates of public Certificate | |
44 | # Authorities. It was generated from the Mozilla root CA list. | |
45 | # | |
46 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
47 | # | |
48 | # Generated from: | |
49 | EOF | |
50 | ident -q certdata.txt | sed '1d;s/^/#/'; | |
51 | ||
52 | echo '#' ) > ca-bundle.crt | |
53 | ||
54 | (cat <<EOF | |
55 | # This is a bundle of X.509 certificates of public Certificate | |
56 | # Authorities. It was generated from the Mozilla root CA list. | |
57 | # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" | |
58 | # format and have trust bits set accordingly. | |
59 | # | |
60 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
61 | # | |
62 | # Generated from: | |
63 | EOF | |
64 | ident -q certdata.txt | sed '1d;s/^/#/'; | |
65 | echo '#' ) > ca-bundle.trust.crt | |
66 | ||
67 | for f in certs/*.crt; do | |
68 | [ -z "${f}" ] && continue | |
69 | ||
70 | tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f}) | |
71 | case "${tbits}" in | |
72 | *serverAuth*) | |
73 | openssl x509 -text -in "${f}" >> ca-bundle.crt | |
74 | ;; | |
75 | esac | |
76 | ||
77 | if [ -n "$tbits" ]; then | |
78 | targs="" | |
79 | for t in ${tbits}; do | |
80 | targs="${targs} -addtrust ${t}" | |
81 | done | |
82 | ||
83 | openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt | |
84 | fi | |
85 | done | |
86 | ||
87 | perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt | |
88 | touch -r certdata.txt cacerts | |
89 | end | |
90 | ||
91 | install | |
92 | # Create folder layout. | |
93 | mkdir -p %{BUILDROOT}/etc/pki/tls/certs/ | |
94 | ||
95 | # Install files. | |
96 | install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt | |
97 | install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt | |
98 | ||
99 | ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem | |
100 | ||
101 | touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt | |
102 | touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt | |
103 | ||
104 | # /etc/ssl/certs symlink for 3rd-party tools | |
105 | mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl | |
106 | ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs | |
107 | end | |
108 | end | |
109 | ||
110 | packages | |
111 | package %{name} | |
112 | end |