]>
Commit | Line | Data |
---|---|---|
057303f8 SS |
1 | ############################################################################### |
2 | # IPFire.org - An Open Source Firewall Solution # | |
3 | # Copyright (C) - IPFire Development Team <info@ipfire.org> # | |
4 | ############################################################################### | |
5 | ||
6 | name = ca-certificates | |
8f7157c0 | 7 | version = 2022.12 |
786082f3 | 8 | release = 3 |
057303f8 SS |
9 | |
10 | groups = System/Base | |
aec5cbe7 | 11 | url = https://www.mozilla.org/ |
057303f8 SS |
12 | license = Public Domain |
13 | summary = The Mozilla CA root certificate bundle. | |
14 | ||
15 | description | |
16 | This package contains the set of CA certificates chosen by the | |
17 | Mozilla Foundation for use with the Internet PKI. | |
18 | end | |
19 | ||
20 | # This package has no tarball. | |
21 | sources = | |
22 | ||
23 | build | |
5cd803df MT |
24 | arches = noarch |
25 | ||
057303f8 SS |
26 | requires |
27 | openssl | |
786082f3 | 28 | p11-kit >= 0.25 |
fb152933 | 29 | python3 |
057303f8 SS |
30 | end |
31 | ||
32 | DIR_APP = %{DIR_SOURCE} | |
33 | ||
34 | build | |
fb152933 | 35 | # Create file layout |
057303f8 SS |
36 | mkdir -pv certs |
37 | cp certdata.txt blacklist.txt certs | |
057303f8 | 38 | |
fb152933 MT |
39 | pushd certs |
40 | python3 %{DIR_SOURCE}/certdata2pem.py | |
41 | popd | |
057303f8 | 42 | |
057303f8 SS |
43 | (cat <<EOF |
44 | # This is a bundle of X.509 certificates of public Certificate | |
45 | # Authorities. It was generated from the Mozilla root CA list. | |
46 | # | |
47 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
48 | # | |
057303f8 | 49 | EOF |
fb152933 | 50 | ) > ca-bundle.crt |
057303f8 SS |
51 | |
52 | (cat <<EOF | |
53 | # This is a bundle of X.509 certificates of public Certificate | |
54 | # Authorities. It was generated from the Mozilla root CA list. | |
55 | # These certificates are in the OpenSSL "TRUSTED CERTIFICATE" | |
56 | # format and have trust bits set accordingly. | |
57 | # | |
58 | # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt | |
59 | # | |
057303f8 | 60 | EOF |
fb152933 MT |
61 | ) > ca-bundle.trust.crt |
62 | ||
786082f3 MT |
63 | mkdir -pv /etc/pki/ca-trust/source |
64 | ||
fb152933 MT |
65 | # Collect all certs for p11-kit |
66 | for p in certs/*.tmp-p11-kit; do | |
786082f3 | 67 | cat "${p}" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit |
057303f8 SS |
68 | done |
69 | ||
fb152933 MT |
70 | trust extract \ |
71 | --overwrite \ | |
72 | --comment \ | |
73 | --filter=certificates \ | |
74 | --format=openssl-bundle \ | |
75 | ca-bundle.trust | |
76 | cat ca-bundle.trust >> ca-bundle.trust.crt | |
77 | ||
78 | trust extract \ | |
79 | --overwrite \ | |
80 | --comment \ | |
81 | --filter=ca-anchors \ | |
82 | --format=pem-bundle \ | |
83 | --purpose=server-auth \ | |
84 | ca-bundle | |
85 | cat ca-bundle >> ca-bundle.crt | |
057303f8 SS |
86 | end |
87 | ||
88 | install | |
89 | # Create folder layout. | |
90 | mkdir -p %{BUILDROOT}/etc/pki/tls/certs/ | |
91 | ||
92 | # Install files. | |
93 | install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt | |
94 | install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt | |
95 | ||
96 | ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem | |
97 | ||
98 | touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt | |
99 | touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt | |
100 | ||
101 | # /etc/ssl/certs symlink for 3rd-party tools | |
102 | mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl | |
103 | ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs | |
104 | end | |
105 | end | |
106 | ||
107 | packages | |
108 | package %{name} | |
109 | end |