blob: cf529baedae5bce4805f04ef862b377d5cbba9db (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20170726
pkgrel=0
pkgdesc="Common CA certificates PEM files"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
license="MPL 2.0 GPL2+"
depends=""
makedepends="python3 libressl-dev"
subpackages="$pkgname-doc"
# c_rehash is either in libcrypto1.0 or openssl depending on package, grr. replace both of them
replaces="libcrypto1.0 openssl"
options="!fhs"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
source="blacklist.txt
certdata.txt
certdata2pem.py
update-ca-certificates.8
update-ca.c
c_rehash.c
"
builddir="$srcdir"
build () {
cd "$builddir"
python3 certdata2pem.py
${CC:-gcc} ${CFLAGS} -o update-ca-certificates "$srcdir"/update-ca.c ${LDFLAGS}
${CC:-gcc} ${CFLAGS} -o c_rehash "$srcdir"/c_rehash.c -lcrypto ${LDFLAGS}
}
package() {
cd "$builddir"
install -d -m755 "$pkgdir"/etc/ca-certificates/update.d \
"$pkgdir"/usr/bin \
"$pkgdir"/usr/sbin \
"$pkgdir"/usr/share/ca-certificates \
"$pkgdir"/usr/local/share/ca-certificates \
"$pkgdir"/etc/ssl/certs
for cert in *.crt; do
install -D -m644 $cert "$pkgdir"/usr/share/ca-certificates/mozilla/$cert
done
install -D -m644 update-ca-certificates.8 \
"$pkgdir"/usr/share/man/man8/update-ca-certificates.8
(
echo "# Automatically generated by ${pkgname}-${pkgver}-${pkgrel}"
echo "# $(date -u)"
echo "# Do not edit."
cd "$pkgdir"/usr/share/ca-certificates
find . -name '*.crt' | sort | cut -b3-
) > "$pkgdir"/etc/ca-certificates.conf
# http://bugs.alpinelinux.org/issues/2715
# http://bugs.alpinelinux.org/issues/2846
install -m755 update-ca-certificates "$pkgdir"/usr/sbin
install -m755 c_rehash "$pkgdir"/usr/bin
mkdir -p "$pkgdir"/etc/apk/protected_paths.d
cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
-etc/ssl/certs/ca-certificates.crt
-etc/ssl/certs/ca-cert-*.pem
-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
EOF
cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
#!/bin/sh
exec /usr/bin/c_rehash /etc/ssl/certs
EOF
chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash
}
sha512sums="14cc0a98809080c298ba94e9fec41a8d34d8ea0fca02a9498aa86b9d8f7ae20424dfe2b6dd73e5c9a4d7cc17b30cae052457e88a864419d8d0f4e0059ff0eb26 blacklist.txt
9a12c4dd37c08513acf4269be82a5f5e79d399b5a9fdef9c37a14543fee777d4e8df8778ec0f368b97f775368d4e9f7825817105cde51ee24f401adb2e86e785 certdata.txt
540b1eda64c1774373ca63fe97917218e43462e2ef201a7248288192aa330ae47d1260d916cfee31b292f800d9bc5b73a9ded86dc78863d16d3d8f9f8abdee9d certdata2pem.py
741bab04ea2a164951cf9338dff1278a3fd8acd500506a5b4c3fbb6ad5a96c533042867b10d927261fb8e08b8026de22fb63440a9ac4360fc0cb5b5572883b06 update-ca-certificates.8
b3122866eabaccab248142a3a0131c763757da0f851941a28741bf2f9b377e3bcea08efa91865d6bec5b3525398a662054b291dd00cf80ad52ab69c3be30f361 update-ca.c
ce32e104f995818f237c21ec09c4252c3c0e7421a6eabaab9a7a82e6abf66814d412db43d16ff51dee119b824e7418334f6919f621afa75e03a23c31dccacfcc c_rehash.c"
|