commit | author | age
|
c71b22
|
1 |
# |
AP |
2 |
# This file and its contents are supplied under the terms of the |
|
3 |
# Common Development and Distribution License ("CDDL"), version 1.0. |
|
4 |
# You may only use this file in accordance with the terms of version |
|
5 |
# 1.0 of the CDDL. |
|
6 |
# |
|
7 |
# A full copy of the text of the CDDL should have accompanied this |
|
8 |
# source. A copy of the CDDL is also available via the Internet at |
|
9 |
# http://www.illumos.org/license/CDDL. |
|
10 |
# |
|
11 |
|
|
12 |
# |
daddc0
|
13 |
# Copyright 2016 Alexander Pyhalov |
745628
|
14 |
# Copyright 2019 Michal Nowak |
712c8f
|
15 |
# Copyright 2021 Till Wegmueller |
4da016
|
16 |
# Copyright 2022 David Stes |
c71b22
|
17 |
# |
AP |
18 |
|
daddc0
|
19 |
include ../../../make-rules/shared-macros.mk |
c71b22
|
20 |
|
AP |
21 |
COMPONENT_NAME= ca-certificates |
6f06dd
|
22 |
COMPONENT_VERSION_MAJOR=3 |
216a12
|
23 |
COMPONENT_VERSION_MINOR=76 |
6f06dd
|
24 |
COMPONENT_VERSION= $(COMPONENT_VERSION_MAJOR).$(COMPONENT_VERSION_MINOR) |
c6e76b
|
25 |
COMPONENT_SUMMARY= Common CA certificates |
MN |
26 |
COMPONENT_SRC= nss-$(COMPONENT_VERSION) |
|
27 |
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz |
c71b22
|
28 |
COMPONENT_ARCHIVE_HASH= \ |
216a12
|
29 |
sha256:1b8e0310add364d2ade40620cde0f1c37f4f00a6999b2d3e7ea8dacda4aa1630 |
c71b22
|
30 |
COMPONENT_ARCHIVE_URL= \ |
6f06dd
|
31 |
https://ftp.mozilla.org/pub/security/nss/releases/NSS_$(COMPONENT_VERSION_MAJOR)_$(COMPONENT_VERSION_MINOR)_RTM/src/$(COMPONENT_ARCHIVE) |
5cbedb
|
32 |
COMPONENT_PROJECT_URL = https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS |
c6e76b
|
33 |
COMPONENT_FMRI= crypto/ca-certificates |
6f06dd
|
34 |
COMPONENT_LICENSE= MPLv2.0 |
MN |
35 |
COMPONENT_LICENSE_FILE= nss/COPYING |
c71b22
|
36 |
|
daddc0
|
37 |
include $(WS_MAKE_RULES)/prep.mk |
AP |
38 |
include $(WS_MAKE_RULES)/ips.mk |
c71b22
|
39 |
|
042cf4
|
40 |
PKG_OPTIONS+= -I $(COMPONENT_DIR) |
AŠ |
41 |
|
e23f2c
|
42 |
CLEAN_PATHS += $(BUILD_DIR) $(PROTO_DIR) |
c71b22
|
43 |
|
AP |
44 |
$(BUILD_32): $(BUILD_DIR_32)/.certs_renamed |
|
45 |
|
4da016
|
46 |
# some filenames are UTF-8 not 7bit ASCII because |
DS |
47 |
# certdata.txt has CKA_LABEL UTF8 entries that are not 7bit ASCII |
|
48 |
# for example NetLock_Arany_(Class_Gold)_Ftanstvny.pem has a small letter o |
|
49 |
# which uses the Hungarian small latin o with double acute (U + 0151) |
|
50 |
# to avoid packaging UTF-8 non-ASCII paths in /etc, process by iconv |
|
51 |
# see Illumos bug #14510 and bug #11625 |
|
52 |
|
c71b22
|
53 |
$(BUILD_DIR_32)/.certs_renamed: $(BUILD_DIR_32)/.certs_extracted |
AP |
54 |
for i in $(BUILD_DIR_32)/xx*; do \ |
|
55 |
FILE_LEN=$$(wc -l "$$i" |awk ' { print $$1; }' ); \ |
|
56 |
BEGIN=$$(grep -n "BEGIN CERT" "$$i" |cut -d : -f 1); \ |
|
57 |
TAIL=$$(($$FILE_LEN-$$BEGIN+1)); \ |
216a12
|
58 |
NAME=$$(head -1 "$$i" | tr ' ' '_' | \ |
DS |
59 |
iconv -c -f UTF-8 -t ASCII | \ |
|
60 |
tr -d '?' | tr -d '(' | tr -d ')' \ |
|
61 |
); \ |
c71b22
|
62 |
tail -n $$TAIL "$$i" > $(BUILD_DIR_32)/$${NAME}.pem ;\ |
AP |
63 |
done |
|
64 |
$(TOUCH) $@ |
|
65 |
|
|
66 |
$(BUILD_DIR_32)/.certs_extracted: $(BUILD_DIR_32)/ca-bundle.processed |
|
67 |
cd $(BUILD_DIR_32) &&\ |
|
68 |
NUM=$$(awk '/BEGIN/{n++} END{print n-2}' $(BUILD_DIR_32)/ca-bundle.processed) &&\ |
|
69 |
csplit -s -n 3 $(BUILD_DIR_32)/ca-bundle.processed '/END CERT/1' "{$$NUM}" |
|
70 |
$(TOUCH) $@ |
|
71 |
|
|
72 |
$(BUILD_DIR_32)/ca-bundle.processed: $(BUILD_DIR_32)/ca-bundle.crt |
|
73 |
grep -v '^#' $(BUILD_DIR_32)/ca-bundle.crt | grep -v '^$$' > $@ |
|
74 |
|
|
75 |
$(BUILD_DIR_32)/ca-bundle.crt: $(BUILD_DIR_32)/certdata.txt |
6f06dd
|
76 |
cd $(BUILD_DIR_32) && $(PERL) $(COMPONENT_DIR)/files/mk-ca-bundle.pl -n |
c71b22
|
77 |
|
AP |
78 |
|
|
79 |
$(BUILD_DIR_32)/certdata.txt: $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt |
|
80 |
$(MKDIR) $(BUILD_DIR_32) |
|
81 |
$(CP) $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt $@ |
|
82 |
|
|
83 |
$(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt: $(SOURCE_DIR)/.prep |
|
84 |
|
|
85 |
$(INSTALL_32): $(BUILD_32) |
|
86 |
$(MKDIR) $(PROTO_DIR)/etc/certs/CA $(PROTO_DIR)/etc/openssl/certs |
|
87 |
$(CP) $(BUILD_DIR_32)/*.pem $(PROTO_DIR)/etc/certs/CA/ |
|
88 |
cd $(PROTO_DIR)/etc/certs/CA &&\ |
|
89 |
for i in *.pem ; do \ |
|
90 |
HASH=$$(openssl x509 -noout -hash -in $$i); \ |
e23f2c
|
91 |
ln -fs ../../certs/CA/$${i} ../../openssl/certs/$${HASH}.0; \ |
c71b22
|
92 |
done; |
AP |
93 |
touch $@ |
|
94 |
|
99f131
|
95 |
build: $(BUILD_32) |
c71b22
|
96 |
|
99f131
|
97 |
install: $(INSTALL_32) |
MN |
98 |
|
|
99 |
test: $(NO_TESTS) |
daddc0
|
100 |
|
AP |
101 |
REQUIRED_PACKAGES += file/gnu-coreutils |
|
102 |
REQUIRED_PACKAGES += library/security/openssl |
|
103 |
REQUIRED_PACKAGES += runtime/perl-522 |
2dc0ea
|
104 |
REQUIRED_PACKAGES += library/perl-5/libwww-perl-522 |
daddc0
|
105 |
REQUIRED_PACKAGES += text/gawk |
AP |
106 |
REQUIRED_PACKAGES += text/gnu-grep |
4da016
|
107 |
REQUIRED_PACKAGES += system/library/iconv/utf-8 |
99f131
|
108 |
# Auto-generated dependencies |