1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
11 url = https://www.mozilla.org/
12 license = Public Domain
13 summary = The Mozilla CA root certificate bundle.
16 This package contains the set of CA certificates chosen by the
17 Mozilla Foundation for use with the Internet PKI.
20 # This package has no tarball.
32 DIR_APP = %{DIR_SOURCE}
37 cp certdata.txt blacklist.txt certs
40 python3 %{DIR_SOURCE}/certdata2pem.py
44 # This is a bundle of X.509 certificates of public Certificate
45 # Authorities. It was generated from the Mozilla root CA list.
47 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
53 # This is a bundle of X.509 certificates of public Certificate
54 # Authorities. It was generated from the Mozilla root CA list.
55 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
56 # format and have trust bits set accordingly.
58 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
61 ) > ca-bundle.trust.crt
63 # Collect all certs for p11-kit
64 for p in certs/*.tmp-p11-kit; do
65 cat "${p}" >> ca-bundle.trust.p11-kit
71 --filter=certificates \
72 --format=openssl-bundle \
74 cat ca-bundle.trust >> ca-bundle.trust.crt
81 --purpose=server-auth \
83 cat ca-bundle >> ca-bundle.crt
87 # Create folder layout.
88 mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
91 install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
92 install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
94 ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
96 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
97 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
99 # /etc/ssl/certs symlink for 3rd-party tools
100 mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
101 ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs