json-c: Update to version 0.17-20230812

[ipfire-3.x.git] / ca-certificates / ca-certificates.nm

diff --git a/ca-certificates/ca-certificates.nm b/ca-certificates/ca-certificates.nm
index 2a44912aefbef3f30b8412612fb643ba3923b521..4a879f9d896c7126d5ccf9421e3ef60d2d05e022 100644 (file)
--- a/ca-certificates/ca-certificates.nm
+++ b/ca-certificates/ca-certificates.nm
@@ -4,9 +4,8 @@
 ###############################################################################
 
 name       = ca-certificates
-version    = 2019.05
+version    = 2023.09
 release    = 1
-arch       = noarch
 
 groups     = System/Base
 url        = https://www.mozilla.org/
@@ -22,34 +21,33 @@ end
 sources    =
 
 build
+       arches = noarch
+
        requires
                openssl
-               perl
-               rcs
+               p11-kit >= 0.25
+               python3
        end
 
        DIR_APP = %{DIR_SOURCE}
 
        build
-               # Create file layout.
+               # Create file layout
                mkdir -pv certs
                cp certdata.txt blacklist.txt certs
-               cd certs
 
-               python %{DIR_SOURCE}/certdata2pem.py
+               pushd certs
+               python3 %{DIR_SOURCE}/certdata2pem.py
+               popd
 
-               cd ..
                (cat <<EOF
                # This is a bundle of X.509 certificates of public Certificate
                # Authorities.  It was generated from the Mozilla root CA list.
                # 
                # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
                #
-               # Generated from:
                EOF
-               ident -q certdata.txt | sed '1d;s/^/#/';
-
-               echo '#' ) > ca-bundle.crt
+               ) > ca-bundle.crt
 
                (cat <<EOF
                # This is a bundle of X.509 certificates of public Certificate
@@ -59,33 +57,32 @@ build
                #
                # Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
                #
-               # Generated from:
                EOF
-               ident -q certdata.txt | sed '1d;s/^/#/';
-               echo '#' ) > ca-bundle.trust.crt
-
-               for f in certs/*.crt; do 
-                       [ -z "${f}" ] && continue
-
-                       tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
-                       case "${tbits}" in
-                               *serverAuth*)
-                                       openssl x509 -text -in "${f}" >> ca-bundle.crt
-                                       ;;
-                       esac
-
-                       if [ -n "$tbits" ]; then
-                               targs=""
-                               for t in ${tbits}; do
-                                       targs="${targs} -addtrust ${t}"
-                               done
-
-                               openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
-                       fi
+               ) > ca-bundle.trust.crt
+
+               mkdir -pv /etc/pki/ca-trust/source
+
+               # Collect all certs for p11-kit
+               for p in certs/*.tmp-p11-kit; do
+                       cat "${p}" >> /etc/pki/ca-trust/source/ca-bundle.trust.p11-kit
                done
 
-               perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt
-               touch -r certdata.txt cacerts
+               trust extract \
+                       --overwrite \
+                       --comment \
+                       --filter=certificates \
+                       --format=openssl-bundle \
+                       ca-bundle.trust
+               cat ca-bundle.trust >> ca-bundle.trust.crt
+
+               trust extract \
+                       --overwrite \
+                       --comment \
+                       --filter=ca-anchors \
+                       --format=pem-bundle \
+                       --purpose=server-auth \
+                       ca-bundle
+               cat ca-bundle >> ca-bundle.crt
        end
 
        install