OpenIndiana Userland
blame | history | raw
David Stes
2022-03-06 216a1253a4c63b282b8140c60fe911f09ff11a23 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

#


# This file and its contents are supplied under the terms of the


# Common Development and Distribution License ("CDDL"), version 1.0.


# You may only use this file in accordance with the terms of version


# 1.0 of the CDDL.


#


# A full copy of the text of the CDDL should have accompanied this


# source.  A copy of the CDDL is also available via the Internet at


# http://www.illumos.org/license/CDDL.


#


 


#


# Copyright 2016 Alexander Pyhalov


# Copyright 2019 Michal Nowak


# Copyright 2021 Till Wegmueller


# Copyright 2022 David Stes


#


 


include ../../../make-rules/shared-macros.mk


 


COMPONENT_NAME= ca-certificates


COMPONENT_VERSION_MAJOR=3


COMPONENT_VERSION_MINOR=76


COMPONENT_VERSION=    $(COMPONENT_VERSION_MAJOR).$(COMPONENT_VERSION_MINOR)


COMPONENT_SUMMARY=    Common CA certificates


COMPONENT_SRC=        nss-$(COMPONENT_VERSION)


COMPONENT_ARCHIVE=    $(COMPONENT_SRC).tar.gz


COMPONENT_ARCHIVE_HASH= \


               sha256:1b8e0310add364d2ade40620cde0f1c37f4f00a6999b2d3e7ea8dacda4aa1630


COMPONENT_ARCHIVE_URL= \


    https://ftp.mozilla.org/pub/security/nss/releases/NSS_$(COMPONENT_VERSION_MAJOR)_$(COMPONENT_VERSION_MINOR)_RTM/src/$(COMPONENT_ARCHIVE)


COMPONENT_PROJECT_URL = https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS


COMPONENT_FMRI=        crypto/ca-certificates


COMPONENT_LICENSE=    MPLv2.0


COMPONENT_LICENSE_FILE=    nss/COPYING


 


include $(WS_MAKE_RULES)/prep.mk


include $(WS_MAKE_RULES)/ips.mk


 


PKG_OPTIONS+= -I $(COMPONENT_DIR)


 


CLEAN_PATHS += $(BUILD_DIR) $(PROTO_DIR)


 


$(BUILD_32): $(BUILD_DIR_32)/.certs_renamed


 


# some filenames are UTF-8 not 7bit ASCII because 


# certdata.txt has CKA_LABEL UTF8 entries that are not 7bit ASCII


# for example NetLock_Arany_(Class_Gold)_Ftanstvny.pem has a small letter o


# which uses the Hungarian small latin o with double acute (U + 0151)


# to avoid packaging UTF-8 non-ASCII paths in /etc, process by iconv


# see Illumos bug #14510 and bug #11625


 


$(BUILD_DIR_32)/.certs_renamed: $(BUILD_DIR_32)/.certs_extracted


    for i in $(BUILD_DIR_32)/xx*; do \


        FILE_LEN=$$(wc -l  "$$i" |awk ' { print $$1; }' ); \


        BEGIN=$$(grep -n "BEGIN CERT" "$$i" |cut -d : -f 1); \


        TAIL=$$(($$FILE_LEN-$$BEGIN+1)); \


        NAME=$$(head -1 "$$i" | tr ' ' '_' | \


            iconv -c -f UTF-8 -t ASCII | \


            tr -d '?' | tr -d '(' | tr -d ')' \


        ); \


        tail -n $$TAIL  "$$i" > $(BUILD_DIR_32)/$${NAME}.pem ;\


    done


    $(TOUCH) $@


 


$(BUILD_DIR_32)/.certs_extracted: $(BUILD_DIR_32)/ca-bundle.processed


    cd $(BUILD_DIR_32) &&\


    NUM=$$(awk '/BEGIN/{n++} END{print n-2}' $(BUILD_DIR_32)/ca-bundle.processed) &&\


    csplit -s -n 3 $(BUILD_DIR_32)/ca-bundle.processed '/END CERT/1' "{$$NUM}"


    $(TOUCH) $@


 


$(BUILD_DIR_32)/ca-bundle.processed: $(BUILD_DIR_32)/ca-bundle.crt


    grep -v '^#' $(BUILD_DIR_32)/ca-bundle.crt | grep -v '^$$' > $@


 


$(BUILD_DIR_32)/ca-bundle.crt: $(BUILD_DIR_32)/certdata.txt


    cd $(BUILD_DIR_32) && $(PERL) $(COMPONENT_DIR)/files/mk-ca-bundle.pl -n


    


 


$(BUILD_DIR_32)/certdata.txt: $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt


    $(MKDIR)  $(BUILD_DIR_32)


    $(CP) $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt $@


 


$(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt: $(SOURCE_DIR)/.prep


 


$(INSTALL_32):    $(BUILD_32)


    $(MKDIR) $(PROTO_DIR)/etc/certs/CA $(PROTO_DIR)/etc/openssl/certs


    $(CP) $(BUILD_DIR_32)/*.pem $(PROTO_DIR)/etc/certs/CA/


    cd $(PROTO_DIR)/etc/certs/CA &&\


    for i in *.pem ; do  \


       HASH=$$(openssl x509 -noout -hash -in $$i); \


           ln -fs ../../certs/CA/$${i} ../../openssl/certs/$${HASH}.0; \


    done; 


    touch $@


    


build:        $(BUILD_32)


 


install:    $(INSTALL_32)


 


test:        $(NO_TESTS)


 


REQUIRED_PACKAGES += file/gnu-coreutils


REQUIRED_PACKAGES += library/security/openssl


REQUIRED_PACKAGES += runtime/perl-522


REQUIRED_PACKAGES += library/perl-5/libwww-perl-522  


REQUIRED_PACKAGES += text/gawk


REQUIRED_PACKAGES += text/gnu-grep


REQUIRED_PACKAGES += system/library/iconv/utf-8


# Auto-generated dependencies