Context Navigation

ca-certificates-vl.spec @ 12346

Revision 12346, 7.5 KB checked in by tomop, 4 years ago (diff)

updated 14 packages

ca-certificates-2020.2.40-1

dmidecode-3.2-1

dnsmasq-2.80-2

golang-1.14.1-1

gthumb-3.8.3-1

haveged-1.9.8-1

iw-5.4-1

liblockfile-1.14-6

libnl3-3.5.0-1

libvisio-0.1.7-2

mailx-8.1.2.20180807-1

strace-5.5-1

tzdata-2019c-1

zlib-1.2.11-2

Line
1	%define pkidir %{_sysconfdir}/pki
2
3	# this year
4	%define year 2020
5
6	# latest nss release.
7	# reference: https://hg.mozilla.org/projects/nss
8	%define nss_version 3_51
9
10	# NSS_BUILTINS_LIBRARY_VERSION from https://hg.mozilla.org/projects/nss/file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/nssckbi.h
11	%define ckbi_version 2.40
12
13	%define java_version 1.8.0
14
15	Summary: The Mozilla CA root certificate bundle
16	Summary(ja): Mozilla の CA ルート証明書バンドル
17	Name: ca-certificates
18	Version: %{year}.%{ckbi_version}
19	Release: 1%{?_dist_release}
20	License: MPL2
21	Group: System Environment/Base
22	# see also: https://nss-crypto.org/
23	URL: http://www.mozilla.org/
24	Source0: https://hg.mozilla.org/projects/nss/raw-file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/certdata.txt
25	Source1: blacklist.txt
26	Source2: generate-cacerts.pl
27	Source3: certdata2pem.py
28	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
29	BuildRequires: perl, java-%{java_version}-openjdk-headless, python, rcs
30	BuildArch: noarch
31
32	Vendor: Project Vine
33	Distribution: Vine Linux.
34
35	%description
36	This package contains the set of CA certificates chosen by the
37	Mozilla Foundation for use with the Internet PKI.
38
39	%prep
40	rm -rf %{name}
41	mkdir %{name} %{name}/certs %{name}/java
42
43	%build
44	pushd %{name}/certs
45	cp %{SOURCE0} %{SOURCE1} .
46	python %{SOURCE3}
47	popd
48	pushd %{name}
49	(
50	cat <<EOF
51	# This is a bundle of X.509 certificates of public Certificate
52	# Authorities. It was generated from the Mozilla root CA list.
53	#
54	# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
55	#
56	# Generated from:
57	EOF
58	ident -q %{SOURCE0} \| sed '1d;s/^/#/';
59	echo '#';
60	) > ca-bundle.crt
61	(
62	cat <<EOF
63	# This is a bundle of X.509 certificates of public Certificate
64	# Authorities. It was generated from the Mozilla root CA list.
65	# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
66	# format and have trust bits set accordingly.
67	#
68	# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
69	#
70	# Generated from:
71	EOF
72	ident -q %{SOURCE0} \| sed '1d;s/^/#/';
73	echo '#';
74	) > ca-bundle.trust.crt
75	for f in certs/*.crt; do
76	tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
77	case $tbits in
78	serverAuth) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
79	esac
80	if [ -n "$tbits" ]; then
81	targs=""
82	for t in $tbits; do
83	targs="${targs} -addtrust $t"
84	done
85	openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
86	fi
87	done
88	popd
89	pushd %{name}/java
90	test -s ../ca-bundle.crt \|\| exit 1
91	%{__perl} %{SOURCE2} %{_bindir}/keytool ../ca-bundle.crt
92	touch -r %{SOURCE0} cacerts
93	popd
94
95	%install
96	rm -rf $RPM_BUILD_ROOT
97
98	mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
99
100	install -p -m 644 %{name}/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
101	install -p -m 644 %{name}/ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
102	ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
103	touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
104	touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
105
106	# Install Java cacerts file.
107	mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
108	install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
109
110	# /etc/ssl/certs symlink for 3rd-party tools
111	mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
112	ln -s ../pki/tls/certs $RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
113
114	%clean
115	rm -rf $RPM_BUILD_ROOT
116
117	%files
118	%defattr(-,root,root,-)
119	%dir %{pkidir}/java
120	%config(noreplace) %{pkidir}/java/cacerts
121	%dir %{pkidir}/tls
122	%dir %{pkidir}/tls/certs
123	%config(noreplace) %{pkidir}/tls/certs/ca-bundle.*crt
124	%{pkidir}/tls/cert.pem
125	%dir %{_sysconfdir}/ssl
126	%{_sysconfdir}/ssl/certs
127
128	%changelog
129	* Sat Mar 21 2020 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2020.2.40-1
130	- updated to 2.40.
131
132	* Tue Nov 20 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2018.2.28-1
133	- updated to 2.28.
134
135	* Tue Mar 13 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2018.2.22-1
136	- updated to 2.22.
137
138	* Sun Nov 29 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2015.2.6-2
139	- changed "License:" to MPL2.
140
141	* Sun Nov 29 2015 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2015.2.6-1
142	- updated to 2.6.
143
144	* Thu Feb 06 2014 Daisuke SUZUKI <daisuke@linux.or.jp> 2013.1.96-1
145	- update to 1.96
146
147	* Wed Sep 25 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 2013.1.94-1
148	- update to 1.94
149
150	* Wed Jul 25 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2012.85-1
151	- update to r1.85
152
153	* Mon Mar 26 2012 Daisuke SUZUKI <daisuke@linux.or.jp> 2012.81-1
154	- initial build for Vine Linux
155
156	* Mon Feb 13 2012 Joe Orton <jorton@redhat.com> - 2012.81-1
157	- update to r1.81
158
159	* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.80-2
160	- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
161
162	* Wed Nov 9 2011 Joe Orton <jorton@redhat.com> - 2011.80-1
163	- update to r1.80
164	- fix handling of certs with dublicate Subject names (#733032)
165
166	* Thu Sep 1 2011 Joe Orton <jorton@redhat.com> - 2011.78-1
167	- update to r1.78, removing trust from DigiNotar root (#734679)
168
169	* Wed Aug 3 2011 Joe Orton <jorton@redhat.com> - 2011.75-1
170	- update to r1.75
171
172	* Wed Apr 20 2011 Joe Orton <jorton@redhat.com> - 2011.74-1
173	- update to r1.74
174
175	* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2011.70-2
176	- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
177
178	* Wed Jan 12 2011 Joe Orton <jorton@redhat.com> - 2011.70-1
179	- update to r1.70
180
181	* Tue Nov 9 2010 Joe Orton <jorton@redhat.com> - 2010.65-3
182	- update to r1.65
183
184	* Wed Apr 7 2010 Joe Orton <jorton@redhat.com> - 2010.63-3
185	- package /etc/ssl/certs symlink for third-party apps (#572725)
186
187	* Wed Apr 7 2010 Joe Orton <jorton@redhat.com> - 2010.63-2
188	- rebuild
189
190	* Wed Apr 7 2010 Joe Orton <jorton@redhat.com> - 2010.63-1
191	- update to certdata.txt r1.63
192	- use upstream RCS version in Version
193
194	* Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4
195	- fix ca-bundle.crt (#575111)
196
197	* Thu Mar 18 2010 Joe Orton <jorton@redhat.com> - 2010-3
198	- update to certdata.txt r1.58
199	- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE' format
200	- exclude ECC certs from the Java cacerts database
201	- catch keytool failures
202	- fail parsing certdata.txt on finding untrusted but not blacklisted cert
203
204	* Fri Jan 15 2010 Joe Orton <jorton@redhat.com> - 2010-2
205	- fix Java cacert database generation: use Subject rather than Issuer
206	for alias name; add diagnostics; fix some alias names.
207
208	* Mon Jan 11 2010 Joe Orton <jorton@redhat.com> - 2010-1
209	- adopt Python certdata.txt parsing script from Debian
210
211	* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2009-2
212	- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
213
214	* Wed Jul 22 2009 Joe Orton <jorton@redhat.com> 2009-1
215	- update to certdata.txt r1.53
216
217	* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2008-8
218	- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
219
220	* Tue Oct 14 2008 Joe Orton <jorton@redhat.com> 2008-7
221	- update to certdata.txt r1.49
222
223	* Wed Jun 25 2008 Thomas Fitzsimmons <fitzsim@redhat.com> - 2008-6
224	- Change generate-cacerts.pl to produce pretty aliases.
225
226	* Mon Jun 2 2008 Joe Orton <jorton@redhat.com> 2008-5
227	- include /etc/pki/tls/cert.pem symlink to ca-bundle.crt
228
229	* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-4
230	- use package name for temp dir, recreate it in prep
231
232	* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-3
233	- fix source script perms
234	- mark packaged files as config(noreplace)
235
236	* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-2
237	- add (but don't use) mkcabundle.pl
238	- tweak description
239	- use /usr/bin/keytool directly; BR java-openjdk
240
241	* Tue May 27 2008 Joe Orton <jorton@redhat.com> 2008-1
242	- Initial build (#448497)

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format