# Contributor: Sören Tempel # Maintainer: Natanael Copa pkgname=ca-certificates pkgver=20191127 pkgrel=2 pkgdesc="Common CA certificates PEM files from Mozilla" url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/" arch="all" license="MPL-2.0 GPL-2.0-or-later" makedepends_build="perl" makedepends_host="openssl-dev" subpackages="$pkgname-doc $pkgname-bundle" # c_rehash is either in libcrypto1.0 or openssl depending on package, grr. replace both of them replaces="libcrypto1.0 openssl openssl1.0" options="!fhs !check" triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d" install="$pkgname.post-deinstall" source="https://git.alpinelinux.org/ca-certificates/snapshot/ca-certificates-$pkgver.tar.xz 0001-update-ca-fix-compiler-warning.patch 0002-replace-python-script-with-perl-script.patch 0003-update-ca-insert-newline-between-certs.patch " build() { make } package() { make install DESTDIR="$pkgdir" ( echo "# Automatically generated by $pkgname-$pkgver-$pkgrel" echo "# $(date -u)" echo "# Do not edit." cd "$pkgdir"/usr/share/ca-certificates find . -name '*.crt' | sort | cut -b3- ) > "$pkgdir"/etc/ca-certificates.conf # generate the bundle in similar way as update-ca-certificates would do for i in $(ls *.crt | sort); do cat "$i" printf "\n" done > "$pkgdir"/etc/ssl/certs/ca-certificates.crt mkdir -p "$pkgdir"/etc/apk/protected_paths.d cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF -etc/ssl/certs/ca-certificates.crt -etc/ssl/certs/ca-cert-*.pem -etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]* EOF cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF #!/bin/sh exec /usr/bin/c_rehash /etc/ssl/certs EOF chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash } bundle() { pkgdesc="Pre generated bundle of Mozilla certificates" replaces="libressl2.7-libcrypto" provides="$pkgname-cacert=$pkgver-r$pkgrel" mkdir -p "$subpkgdir"/etc/ssl/certs mv "$pkgdir"/etc/ssl/certs/ca-certificates.crt \ "$subpkgdir"/etc/ssl/certs/ ln -s certs/ca-certificates.crt \ "$subpkgdir"/etc/ssl/cert.pem } sha512sums="68a879680a5e20764b8a4ee3019e9a008193c578a687b0d29694355a679c04cbfa94d4049beb3c52a899d593f46254c94d67db833f39e91325a4476963b9ef18 ca-certificates-20191127.tar.xz aafe6d9047380fc403792fbf27146dc9c0532ef401e6eb9bd8b533c110f902cad0a66701cf3563ad625d07ae54619e9f2f3091ec14772b92e178dbed142ecd97 0001-update-ca-fix-compiler-warning.patch 4d9c71b9ea0596f5efaa188f244b7ab587f96c218bb6fed01f11e34c553909f65bbe660156f8300be9511ae50614661c5dcd3b493ac146a8e888f62fc52bd9d4 0002-replace-python-script-with-perl-script.patch 051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595 0003-update-ca-insert-newline-between-certs.patch"