]> git.ipfire.org Git - ipfire-3.x.git/blob - ca-certificates/ca-certificates.nm
projects / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Change how we make packages "noarch"
[ipfire-3.x.git] / ca-certificates / ca-certificates.nm
1 ###############################################################################
2 # IPFire.org - An Open Source Firewall Solution #
3 # Copyright (C) - IPFire Development Team <info@ipfire.org> #
4 ###############################################################################
5
6 name = ca-certificates
7 version = 2022.12
8 release = 2
9
10 groups = System/Base
11 url = https://www.mozilla.org/
12 license = Public Domain
13 summary = The Mozilla CA root certificate bundle.
14
15 description
16 This package contains the set of CA certificates chosen by the
17 Mozilla Foundation for use with the Internet PKI.
18 end
19
20 # This package has no tarball.
21 sources =
22
23 build
24 arches = noarch
25
26 requires
27 openssl
28 p11-kit
29 python3
30 end
31
32 DIR_APP = %{DIR_SOURCE}
33
34 build
35 # Create file layout
36 mkdir -pv certs
37 cp certdata.txt blacklist.txt certs
38
39 pushd certs
40 python3 %{DIR_SOURCE}/certdata2pem.py
41 popd
42
43 (cat <<EOF
44 # This is a bundle of X.509 certificates of public Certificate
45 # Authorities. It was generated from the Mozilla root CA list.
46 #
47 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
48 #
49 EOF
50 ) > ca-bundle.crt
51
52 (cat <<EOF
53 # This is a bundle of X.509 certificates of public Certificate
54 # Authorities. It was generated from the Mozilla root CA list.
55 # These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
56 # format and have trust bits set accordingly.
57 #
58 # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
59 #
60 EOF
61 ) > ca-bundle.trust.crt
62
63 # Collect all certs for p11-kit
64 for p in certs/*.tmp-p11-kit; do
65 cat "${p}" >> ca-bundle.trust.p11-kit
66 done
67
68 trust extract \
69 --overwrite \
70 --comment \
71 --filter=certificates \
72 --format=openssl-bundle \
73 ca-bundle.trust
74 cat ca-bundle.trust >> ca-bundle.trust.crt
75
76 trust extract \
77 --overwrite \
78 --comment \
79 --filter=ca-anchors \
80 --format=pem-bundle \
81 --purpose=server-auth \
82 ca-bundle
83 cat ca-bundle >> ca-bundle.crt
84 end
85
86 install
87 # Create folder layout.
88 mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
89
90 # Install files.
91 install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
92 install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
93
94 ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
95
96 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
97 touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
98
99 # /etc/ssl/certs symlink for 3rd-party tools
100 mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
101 ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs
102 end
103 end
104
105 packages
106 package %{name}
107 end
IPFire 3.x development tree