]> git.ipfire.org Git - ipfire-3.x.git/blob - ca-certificates/ca-certificates.nm
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
json-c: Update to version 0.17-20230812
[ipfire-3.x.git] / ca-certificates / ca-certificates.nm
1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
5
6 name = ca-certificates
7 version = 2023.09
8 release = 1
9
10 groups = System/Base
11 url = https://www.mozilla.org/
12 license = Public Domain
13 summary = The Mozilla CA root certificate bundle.
14
15 description
16 This package contains the set of CA certificates chosen by the
17 Mozilla Foundation for use with the Internet PKI.
18 end
19
20 # This package has no tarball.
21 sources =
22
23 build
24 arches = noarch
25
26 requires
27 openssl
28 p11-kit >= 0.25
29 python3
30 end
31
32 DIR_APP = %{DIR_SOURCE}
33
34 build
35 # Create file layout
36 mkdir -pv certs
37 cp certdata.txt blacklist.txt certs
38
39 pushd certs
40 python3 %{DIR_SOURCE}/certdata2pem.py
41 popd
42
43 (cat <<EOF
44 # This is a bundle of X.509 certificates of public Certificate
45 # Authorities. It was generated from the Mozilla root CA list.
46 #
47 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
48 #
49 EOF
50 ) > ca-bundle.crt
51
52 (cat <<EOF
53 # This is a bundle of X.509 certificates of public Certificate
54 # Authorities. It was generated from the Mozilla root CA list.
55 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
56 # format and have trust bits set accordingly.
57 #
58 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
59 #
60 EOF
61 ) > ca-bundle.trust.crt
62
63 mkdir -pv /etc/pki/ca-trust/source
64
65 # Collect all certs for p11-kit
66 for p in certs/*.tmp-p11-kit; do
67 cat "${p}" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
68 done
69
70 trust extract \
71 --overwrite \
72 --comment \
73 --filter=certificates \
74 --format=openssl-bundle \
75 ca-bundle.trust
76 cat ca-bundle.trust >> ca-bundle.trust.crt
77
78 trust extract \
79 --overwrite \
80 --comment \
81 --filter=ca-anchors \
82 --format=pem-bundle \
83 --purpose=server-auth \
84 ca-bundle
85 cat ca-bundle >> ca-bundle.crt
86 end
87
88 install
89 # Create folder layout.
90 mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
91
92 # Install files.
93 install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
94 install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
95
96 ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
97
98 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
99 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
100
101 # /etc/ssl/certs symlink for 3rd-party tools
102 mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
103 ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs
104 end
105 end
106
107 packages
108 package %{name}
109 end
IPFire 3.x development tree