openwrt/package/system/ca-certificates/Makefile

72 lines
1.8 KiB
Makefile
Raw Normal View History

#
# Copyright (C) 2006-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=ca-certificates
ca-certificates: update to version 20200601 This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-07 15:22:02 +00:00
PKG_VERSION:=20200601
PKG_RELEASE:=1
PKG_MAINTAINER:=
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates
ca-certificates: update to version 20200601 This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-07 15:22:02 +00:00
PKG_HASH:=43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
define Package/ca-certificates
SECTION:=base
CATEGORY:=Base system
TITLE:=System CA certificates
PKGARCH:=all
PROVIDES:=ca-certs
endef
define Package/ca-bundle
SECTION:=base
CATEGORY:=Base system
TITLE:=System CA certificates as a bundle
PKGARCH:=all
PROVIDES:=ca-certs
endef
define Build/Prepare
$(DECOMPRESS_CMD) $(HOST_TAR) -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(Build/Patch)
endef
MAKE_PATH := work
define Build/Install
mkdir -p \
$(PKG_INSTALL_DIR)/usr/sbin \
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
$(call Build/Install/Default,)
endef
define Package/ca-certificates/install
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
SUFFIX=0 ; \
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
let "SUFFIX += 1" ; \
done ; \
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
done
endef
define Package/ca-bundle/install
$(INSTALL_DIR) $(1)/etc/ssl/certs
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
endef
$(eval $(call BuildPackage,ca-bundle))
$(eval $(call BuildPackage,ca-certificates))