source: projects/specs/trunk/c/ca-certificates/ca-certificates-vl.spec @ 9836

Revision 9836, 7.0 KB checked in by tomop, 8 years ago (diff)

ca-certificates-2015.2.6-2
Line 
1# certdata.txt is generated by extracting it from Mozilla CVS.
2# This is done by running:
3#
4#   cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot   \
5#     co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
6#     > certdata.txt
7#
8# Keep the RCS version in sync with the spec Version.
9
10%define pkidir %{_sysconfdir}/pki
11
12Summary: The Mozilla CA root certificate bundle
13Summary(ja): Mozilla の CA ルート証明書バンドル
14Name: ca-certificates
15Version: 2015.2.6
16Release: 2%{?_dist_release}
17License: MPL2
18Group: System Environment/Base
19URL: http://www.mozilla.org/
20Source0: certdata.txt
21Source1: blacklist.txt
22Source2: generate-cacerts.pl
23Source3: certdata2pem.py
24BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
25BuildRequires: perl, java-openjdk, python, rcs
26BuildArch: noarch
27
28%description
29This package contains the set of CA certificates chosen by the
30Mozilla Foundation for use with the Internet PKI.
31
32%prep
33rm -rf %{name}
34mkdir %{name} %{name}/certs %{name}/java
35
36%build
37pushd %{name}/certs
38 cp %{SOURCE0} %{SOURCE1} .
39 python %{SOURCE3}
40popd
41pushd %{name}
42 (
43   cat <<EOF
44# This is a bundle of X.509 certificates of public Certificate
45# Authorities.  It was generated from the Mozilla root CA list.
46#
47# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
48#
49# Generated from:
50EOF
51   ident -q %{SOURCE0} | sed '1d;s/^/#/';
52   echo '#';
53 ) > ca-bundle.crt
54 (
55   cat <<EOF
56# This is a bundle of X.509 certificates of public Certificate
57# Authorities.  It was generated from the Mozilla root CA list.
58# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
59# format and have trust bits set accordingly.
60#
61# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
62#
63# Generated from:
64EOF
65   ident -q %{SOURCE0} | sed '1d;s/^/#/';
66   echo '#';
67 ) > ca-bundle.trust.crt
68 for f in certs/*.crt; do
69   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
70   case $tbits in
71   *serverAuth*) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
72   esac
73   if [ -n "$tbits" ]; then
74      targs=""
75      for t in $tbits; do
76         targs="${targs} -addtrust $t"
77      done
78      openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
79   fi
80 done
81popd
82pushd %{name}/java
83 test -s ../ca-bundle.crt || exit 1
84 %{__perl} %{SOURCE2} %{_bindir}/keytool ../ca-bundle.crt
85 touch -r %{SOURCE0} cacerts
86popd
87
88%install
89rm -rf $RPM_BUILD_ROOT
90
91mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
92
93install -p -m 644 %{name}/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
94install -p -m 644 %{name}/ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
95ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
96touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
97touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
98
99# Install Java cacerts file.
100mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
101install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
102
103# /etc/ssl/certs symlink for 3rd-party tools
104mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
105ln -s ../pki/tls/certs $RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
106
107%clean
108rm -rf $RPM_BUILD_ROOT
109
110%files
111%defattr(-,root,root,-)
112%dir %{pkidir}/java
113%config(noreplace) %{pkidir}/java/cacerts
114%dir %{pkidir}/tls
115%dir %{pkidir}/tls/certs
116%config(noreplace) %{pkidir}/tls/certs/ca-bundle.*crt
117%{pkidir}/tls/cert.pem
118%dir %{_sysconfdir}/ssl
119%{_sysconfdir}/ssl/certs
120
121%changelog
122* Sun Nov 29 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2015.2.6-2
123- changed "License:" to MPL2.
124
125* Sun Nov 29 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2015.2.6-1
126- updated to 2.6.
127
128* Thu Feb 06 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 2013.1.96-1
129- update to 1.96
130
131* Wed Sep 25 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 2013.1.94-1
132- update to 1.94
133
134* Wed Jul 25 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2012.85-1
135- update to r1.85
136
137* Mon Mar 26 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2012.81-1
138- initial build for Vine Linux
139
140* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2012.81-1
141- update to r1.81
142
143* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.80-2
144- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
145
146* Wed Nov  9 2011 Joe Orton <jorton@redhat.com> - 2011.80-1
147- update to r1.80
148- fix handling of certs with dublicate Subject names (#733032)
149
150* Thu Sep  1 2011 Joe Orton <jorton@redhat.com> - 2011.78-1
151- update to r1.78, removing trust from DigiNotar root (#734679)
152
153* Wed Aug  3 2011 Joe Orton <jorton@redhat.com> - 2011.75-1
154- update to r1.75
155
156* Wed Apr 20 2011 Joe Orton <jorton@redhat.com> - 2011.74-1
157- update to r1.74
158
159* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.70-2
160- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
161
162* Wed Jan 12 2011 Joe Orton <jorton@redhat.com> - 2011.70-1
163- update to r1.70
164
165* Tue Nov  9 2010 Joe Orton <jorton@redhat.com> - 2010.65-3
166- update to r1.65
167
168* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-3
169- package /etc/ssl/certs symlink for third-party apps (#572725)
170
171* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-2
172- rebuild
173
174* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-1
175- update to certdata.txt r1.63
176- use upstream RCS version in Version
177
178* Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4
179- fix ca-bundle.crt (#575111)
180
181* Thu Mar 18 2010 Joe Orton <jorton@redhat.com> - 2010-3
182- update to certdata.txt r1.58
183- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE' format
184- exclude ECC certs from the Java cacerts database
185- catch keytool failures
186- fail parsing certdata.txt on finding untrusted but not blacklisted cert
187
188* Fri Jan 15 2010 Joe Orton <jorton@redhat.com> - 2010-2
189- fix Java cacert database generation: use Subject rather than Issuer
190  for alias name; add diagnostics; fix some alias names.
191
192* Mon Jan 11 2010 Joe Orton <jorton@redhat.com> - 2010-1
193- adopt Python certdata.txt parsing script from Debian
194
195* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2009-2
196- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
197
198* Wed Jul 22 2009 Joe Orton <jorton@redhat.com> 2009-1
199- update to certdata.txt r1.53
200
201* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2008-8
202- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
203
204* Tue Oct 14 2008 Joe Orton <jorton@redhat.com> 2008-7
205- update to certdata.txt r1.49
206
207* Wed Jun 25 2008 Thomas Fitzsimmons <fitzsim@redhat.com> - 2008-6
208- Change generate-cacerts.pl to produce pretty aliases.
209
210* Mon Jun  2 2008 Joe Orton <jorton@redhat.com> 2008-5
211- include /etc/pki/tls/cert.pem symlink to ca-bundle.crt
212
213* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-4
214- use package name for temp dir, recreate it in prep
215
216* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-3
217- fix source script perms
218- mark packaged files as config(noreplace)
219
220* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-2
221- add (but don't use) mkcabundle.pl
222- tweak description
223- use /usr/bin/keytool directly; BR java-openjdk
224
225* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-1
226- Initial build (#448497)
Note: See TracBrowser for help on using the repository browser.