1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
12 url = https://www.mozilla.org/
13 license = Public Domain
14 summary = The Mozilla CA root certificate bundle.
17 This package contains the set of CA certificates chosen by the
18 Mozilla Foundation for use with the Internet PKI.
21 # This package has no tarball.
31 DIR_APP = %{DIR_SOURCE}
36 cp certdata.txt blacklist.txt certs
39 python %{DIR_SOURCE}/certdata2pem.py
43 # This is a bundle of X.509 certificates of public Certificate
44 # Authorities. It was generated from the Mozilla root CA list.
46 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
50 ident -q certdata.txt | sed '1d;s/^/#/';
52 echo '#' ) > ca-bundle.crt
55 # This is a bundle of X.509 certificates of public Certificate
56 # Authorities. It was generated from the Mozilla root CA list.
57 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
58 # format and have trust bits set accordingly.
60 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
64 ident -q certdata.txt | sed '1d;s/^/#/';
65 echo '#' ) > ca-bundle.trust.crt
67 for f in certs/*.crt; do
68 [ -z "${f}" ] && continue
70 tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
73 openssl x509 -text -in "${f}" >> ca-bundle.crt
77 if [ -n "$tbits" ]; then
80 targs="${targs} -addtrust ${t}"
83 openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
87 perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt
88 touch -r certdata.txt cacerts
92 # Create folder layout.
93 mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
96 install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
97 install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
99 ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
101 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
102 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
104 # /etc/ssl/certs symlink for 3rd-party tools
105 mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
106 ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs