113 lines
2.9 KiB
Plaintext
113 lines
2.9 KiB
Plaintext
###############################################################################
|
|
# IPFire.org - An Open Source Firewall Solution #
|
|
# Copyright (C) - IPFire Development Team <info@ipfire.org> #
|
|
###############################################################################
|
|
|
|
name = ca-certificates
|
|
version = 2019.11
|
|
release = 1
|
|
arch = noarch
|
|
|
|
groups = System/Base
|
|
url = https://www.mozilla.org/
|
|
license = Public Domain
|
|
summary = The Mozilla CA root certificate bundle.
|
|
|
|
description
|
|
This package contains the set of CA certificates chosen by the
|
|
Mozilla Foundation for use with the Internet PKI.
|
|
end
|
|
|
|
# This package has no tarball.
|
|
sources =
|
|
|
|
build
|
|
requires
|
|
openssl
|
|
perl
|
|
rcs
|
|
end
|
|
|
|
DIR_APP = %{DIR_SOURCE}
|
|
|
|
build
|
|
# Create file layout.
|
|
mkdir -pv certs
|
|
cp certdata.txt blacklist.txt certs
|
|
cd certs
|
|
|
|
python %{DIR_SOURCE}/certdata2pem.py
|
|
|
|
cd ..
|
|
(cat <<EOF
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
# Authorities. It was generated from the Mozilla root CA list.
|
|
#
|
|
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
|
|
#
|
|
# Generated from:
|
|
EOF
|
|
ident -q certdata.txt | sed '1d;s/^/#/';
|
|
|
|
echo '#' ) > ca-bundle.crt
|
|
|
|
(cat <<EOF
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
# Authorities. It was generated from the Mozilla root CA list.
|
|
# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
|
|
# format and have trust bits set accordingly.
|
|
#
|
|
# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
|
|
#
|
|
# Generated from:
|
|
EOF
|
|
ident -q certdata.txt | sed '1d;s/^/#/';
|
|
echo '#' ) > ca-bundle.trust.crt
|
|
|
|
for f in certs/*.crt; do
|
|
[ -z "${f}" ] && continue
|
|
|
|
tbits=$(sed -n '/^# openssl-trust/{s/^.*=//;p;}' ${f})
|
|
case "${tbits}" in
|
|
*serverAuth*)
|
|
openssl x509 -text -in "${f}" >> ca-bundle.crt
|
|
;;
|
|
esac
|
|
|
|
if [ -n "$tbits" ]; then
|
|
targs=""
|
|
for t in ${tbits}; do
|
|
targs="${targs} -addtrust ${t}"
|
|
done
|
|
|
|
openssl x509 -text -in "${f}" -trustout $targs >> ca-bundle.trust.crt
|
|
fi
|
|
done
|
|
|
|
perl generate-cacerts.pl /usr/bin/keytool ../ca-bundle.crt
|
|
touch -r certdata.txt cacerts
|
|
end
|
|
|
|
install
|
|
# Create folder layout.
|
|
mkdir -p %{BUILDROOT}/etc/pki/tls/certs/
|
|
|
|
# Install files.
|
|
install -p -m 644 ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
|
|
install -p -m 644 ca-bundle.trust.crt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
|
|
|
|
ln -s certs/ca-bundle.crt %{BUILDROOT}%{sysconfdir}/pki/tls/cert.pem
|
|
|
|
touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.crt
|
|
touch -r certdata.txt %{BUILDROOT}%{sysconfdir}/pki/tls/certs/ca-bundle.trust.crt
|
|
|
|
# /etc/ssl/certs symlink for 3rd-party tools
|
|
mkdir -pv -m 755 %{BUILDROOT}%{sysconfdir}/ssl
|
|
ln -s ../pki/tls/certs %{BUILDROOT}%{sysconfdir}/ssl/certs
|
|
end
|
|
end
|
|
|
|
packages
|
|
package %{name}
|
|
end
|