| commit | author | age | ||
| c71b22 | 1 | # |
| AP | 2 | # This file and its contents are supplied under the terms of the |
| 3 | # Common Development and Distribution License ("CDDL"), version 1.0. | |
| 4 | # You may only use this file in accordance with the terms of version | |
| 5 | # 1.0 of the CDDL. | |
| 6 | # | |
| 7 | # A full copy of the text of the CDDL should have accompanied this | |
| 8 | # source. A copy of the CDDL is also available via the Internet at | |
| 9 | # http://www.illumos.org/license/CDDL. | |
| 10 | # | |
| 11 | ||
| 12 | # | |
| daddc0 | 13 | # Copyright 2016 Alexander Pyhalov |
| 745628 | 14 | # Copyright 2019 Michal Nowak |
| 712c8f | 15 | # Copyright 2021 Till Wegmueller |
| 4da016 | 16 | # Copyright 2022 David Stes |
| c71b22 | 17 | # |
| AP | 18 | |
| daddc0 | 19 | include ../../../make-rules/shared-macros.mk |
| c71b22 | 20 | |
| AP | 21 | COMPONENT_NAME= ca-certificates |
| 6f06dd | 22 | COMPONENT_VERSION_MAJOR=3 |
| 216a12 | 23 | COMPONENT_VERSION_MINOR=76 |
| 6f06dd | 24 | COMPONENT_VERSION= $(COMPONENT_VERSION_MAJOR).$(COMPONENT_VERSION_MINOR) |
| c6e76b | 25 | COMPONENT_SUMMARY= Common CA certificates |
| MN | 26 | COMPONENT_SRC= nss-$(COMPONENT_VERSION) |
| 27 | COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz | |
| c71b22 | 28 | COMPONENT_ARCHIVE_HASH= \ |
| 216a12 | 29 | sha256:1b8e0310add364d2ade40620cde0f1c37f4f00a6999b2d3e7ea8dacda4aa1630 |
| c71b22 | 30 | COMPONENT_ARCHIVE_URL= \ |
| 6f06dd | 31 | https://ftp.mozilla.org/pub/security/nss/releases/NSS_$(COMPONENT_VERSION_MAJOR)_$(COMPONENT_VERSION_MINOR)_RTM/src/$(COMPONENT_ARCHIVE) |
| 5cbedb | 32 | COMPONENT_PROJECT_URL = https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS |
| c6e76b | 33 | COMPONENT_FMRI= crypto/ca-certificates |
| 6f06dd | 34 | COMPONENT_LICENSE= MPLv2.0 |
| MN | 35 | COMPONENT_LICENSE_FILE= nss/COPYING |
| c71b22 | 36 | |
| daddc0 | 37 | include $(WS_MAKE_RULES)/prep.mk |
| AP | 38 | include $(WS_MAKE_RULES)/ips.mk |
| c71b22 | 39 | |
| 042cf4 | 40 | PKG_OPTIONS+= -I $(COMPONENT_DIR) |
| AŠ | 41 | |
| e23f2c | 42 | CLEAN_PATHS += $(BUILD_DIR) $(PROTO_DIR) |
| c71b22 | 43 | |
| AP | 44 | $(BUILD_32): $(BUILD_DIR_32)/.certs_renamed |
| 45 | ||
| 4da016 | 46 | # some filenames are UTF-8 not 7bit ASCII because |
| DS | 47 | # certdata.txt has CKA_LABEL UTF8 entries that are not 7bit ASCII |
| 48 | # for example NetLock_Arany_(Class_Gold)_Ftanstvny.pem has a small letter o | |
| 49 | # which uses the Hungarian small latin o with double acute (U + 0151) | |
| 50 | # to avoid packaging UTF-8 non-ASCII paths in /etc, process by iconv | |
| 51 | # see Illumos bug #14510 and bug #11625 | |
| 52 | ||
| c71b22 | 53 | $(BUILD_DIR_32)/.certs_renamed: $(BUILD_DIR_32)/.certs_extracted |
| AP | 54 | for i in $(BUILD_DIR_32)/xx*; do \ |
| 55 | FILE_LEN=$$(wc -l "$$i" |awk ' { print $$1; }' ); \ | |
| 56 | BEGIN=$$(grep -n "BEGIN CERT" "$$i" |cut -d : -f 1); \ | |
| 57 | TAIL=$$(($$FILE_LEN-$$BEGIN+1)); \ | |
| 216a12 | 58 | NAME=$$(head -1 "$$i" | tr ' ' '_' | \ |
| DS | 59 | iconv -c -f UTF-8 -t ASCII | \ |
| 60 | tr -d '?' | tr -d '(' | tr -d ')' \ | |
| 61 | ); \ | |
| c71b22 | 62 | tail -n $$TAIL "$$i" > $(BUILD_DIR_32)/$${NAME}.pem ;\ |
| AP | 63 | done |
| 64 | $(TOUCH) $@ | |
| 65 | ||
| 66 | $(BUILD_DIR_32)/.certs_extracted: $(BUILD_DIR_32)/ca-bundle.processed | |
| 67 | cd $(BUILD_DIR_32) &&\ | |
| 68 | NUM=$$(awk '/BEGIN/{n++} END{print n-2}' $(BUILD_DIR_32)/ca-bundle.processed) &&\ | |
| 69 | csplit -s -n 3 $(BUILD_DIR_32)/ca-bundle.processed '/END CERT/1' "{$$NUM}" | |
| 70 | $(TOUCH) $@ | |
| 71 | ||
| 72 | $(BUILD_DIR_32)/ca-bundle.processed: $(BUILD_DIR_32)/ca-bundle.crt | |
| 73 | grep -v '^#' $(BUILD_DIR_32)/ca-bundle.crt | grep -v '^$$' > $@ | |
| 74 | ||
| 75 | $(BUILD_DIR_32)/ca-bundle.crt: $(BUILD_DIR_32)/certdata.txt | |
| 6f06dd | 76 | cd $(BUILD_DIR_32) && $(PERL) $(COMPONENT_DIR)/files/mk-ca-bundle.pl -n |
| c71b22 | 77 | |
| AP | 78 | |
| 79 | $(BUILD_DIR_32)/certdata.txt: $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt | |
| 80 | $(MKDIR) $(BUILD_DIR_32) | |
| 81 | $(CP) $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt $@ | |
| 82 | ||
| 83 | $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt: $(SOURCE_DIR)/.prep | |
| 84 | ||
| 85 | $(INSTALL_32): $(BUILD_32) | |
| 86 | $(MKDIR) $(PROTO_DIR)/etc/certs/CA $(PROTO_DIR)/etc/openssl/certs | |
| 87 | $(CP) $(BUILD_DIR_32)/*.pem $(PROTO_DIR)/etc/certs/CA/ | |
| 88 | cd $(PROTO_DIR)/etc/certs/CA &&\ | |
| 89 | for i in *.pem ; do \ | |
| 90 | HASH=$$(openssl x509 -noout -hash -in $$i); \ | |
| e23f2c | 91 | ln -fs ../../certs/CA/$${i} ../../openssl/certs/$${HASH}.0; \ |
| c71b22 | 92 | done; |
| AP | 93 | touch $@ |
| 94 | ||
| 99f131 | 95 | build: $(BUILD_32) |
| c71b22 | 96 | |
| 99f131 | 97 | install: $(INSTALL_32) |
| MN | 98 | |
| 99 | test: $(NO_TESTS) | |
| daddc0 | 100 | |
| AP | 101 | REQUIRED_PACKAGES += file/gnu-coreutils |
| 102 | REQUIRED_PACKAGES += library/security/openssl | |
| 103 | REQUIRED_PACKAGES += runtime/perl-522 | |
| 2dc0ea | 104 | REQUIRED_PACKAGES += library/perl-5/libwww-perl-522 |
| daddc0 | 105 | REQUIRED_PACKAGES += text/gawk |
| AP | 106 | REQUIRED_PACKAGES += text/gnu-grep |
| 4da016 | 107 | REQUIRED_PACKAGES += system/library/iconv/utf-8 |
| 99f131 | 108 | # Auto-generated dependencies |
