]> git.ipfire.org Git - ipfire-3.x.git/blob - ca-certificates/ca-certificates.nm
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
json-c: Update to version 0.17-20230812
[ipfire-3.x.git] / ca-certificates / ca-certificates.nm
1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
5
6 name = ca-certificates
7 version = 2019.11
8 release = 1
9 arch = noarch
10
11 groups = System/Base
12 url = https://www.mozilla.org/
13 license = Public Domain
14 summary = The Mozilla CA root certificate bundle.
15
16 description
17 This package contains the set of CA certificates chosen by the
18 Mozilla Foundation for use with the Internet PKI.
19 end
20
21 # This package has no tarball.
22 sources =
23
24 build
25 requires
26 openssl
27 perl
28 rcs
29 end
30
31 DIR_APP = %{DIR_SOURCE}
32
33 build
34 # Create file layout.
35 mkdir -pv certs
36 cp certdata.txt blacklist.txt certs
37 cd certs
38
39 python %{DIR_SOURCE}/certdata2pem.py
40
41 cd ..
42 (cat <<EOF
43 # This is a bundle of X.509 certificates of public Certificate
44 # Authorities. It was generated from the Mozilla root CA list.
45 #
46 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
47 #
48 # Generated from:
49 EOF
50 ident -q certdata.txt | sed '1d;s/^/#/';
51
52 echo '#' ) > ca-bundle.crt
53
54 (cat <<EOF
55 # This is a bundle of X.509 certificates of public Certificate
56 # Authorities. It was generated from the Mozilla root CA list.
57 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
58 # format and have trust bits set accordingly.
59 #
60 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
61 #
62 # Generated from:
63 EOF
64 ident -q certdata.txt | sed '1d;s/^/#/';
65 echo '#' ) > ca-bundle.trust.crt
66
67 for f in certs/*.crt; do
68 [ -z "${f}" ] && continue
69
70 tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
71 case "${tbits}" in
72 *serverAuth*)
73 openssl x509 -text -in "${f}" >> ca-bundle.crt
74 ;;
75 esac
76
77 if [ -n "$tbits" ]; then
78 targs=""
79 for t in ${tbits}; do
80 targs="${targs} -addtrust ${t}"
81 done
82
83 openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
84 fi
85 done
86
87 perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt
88 touch -r certdata.txt cacerts
89 end
90
91 install
92 # Create folder layout.
93 mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
94
95 # Install files.
96 install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
97 install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
98
99 ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
100
101 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
102 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
103
104 # /etc/ssl/certs symlink for 3rd-party tools
105 mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
106 ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs
107 end
108 end
109
110 packages
111 package %{name}
112 end
IPFire 3.x development tree