openwrt/package/system/ca-certificates/Makefile

71 lines
1.9 KiB
Makefile
Raw Normal View History

#
# Copyright (C) 2006-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=ca-certificates
PKG_VERSION:=20240203
ca-certificates: update to version 20200601 This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-07 15:22:02 +00:00
PKG_RELEASE:=1
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-or-later MPL-2.0
PKG_LICENSE_FILES:=debian/copyright
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
PKG_HASH:=3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
ca-certificates: Update to version 20230311 Update the ca-certificates and ca-bundle package from version 20211016 to version 20230311. Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches. Debian change-log entry [1]: |[...] |[ Đoàn Trần Công Danh ] |* ca-certificates: compat with non-GNU mktemp (closes: #1000847) | |[ Ilya Lipnitskiy ] |* certdata2pem.py: use UTC time when checking cert validity | |[ Julien Cristau ] |* Update Mozilla certificate authority bundle to version 2.60 | The following certificate authorities were added (+): | + "Autoridad de Certificacion Firmaprofesional CIF A62634068" | + "Certainly Root E1" | + "Certainly Root R1" | + "D-TRUST BR Root CA 1 2020" | + "D-TRUST EV Root CA 1 2020" | + "DigiCert TLS ECC P384 Root G5" | + "DigiCert TLS RSA4096 Root G5" | + "E-Tugra Global Root CA ECC v3" | + "E-Tugra Global Root CA RSA v3" | + "HARICA TLS ECC Root CA 2021" | + "HARICA TLS RSA Root CA 2021" | + "HiPKI Root CA - G1" | + "ISRG Root X2" | + "Security Communication ECC RootCA1" | + "Security Communication RootCA3" | + "Telia Root CA v2" | + "TunTrust Root CA" | + "vTrus ECC Root CA" | + "vTrus Root CA" | The following certificate authorities were removed (-): | - "Cybertrust Global Root" (expired) | - "EC-ACC" | - "GlobalSign Root CA - R2" (expired) | - "Hellenic Academic and Research Institutions RootCA 2011" | - "Network Solutions Certificate Authority" | - "Staat der Nederlanden EV Root CA" (expired) |* Drop trailing space from debconf template causing misformatting | (closes: #980821) | |[ Wataru Ashihara ] |* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) |[...] [1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-26 04:09:47 +00:00
TAR_OPTIONS+= --strip-components 1
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
define Package/ca-certificates
SECTION:=base
CATEGORY:=Base system
TITLE:=System CA certificates
PKGARCH:=all
PROVIDES:=ca-certs
endef
define Package/ca-bundle
SECTION:=base
CATEGORY:=Base system
TITLE:=System CA certificates as a bundle
PKGARCH:=all
PROVIDES:=ca-certs
endef
define Build/Install
mkdir -p \
$(PKG_INSTALL_DIR)/usr/sbin \
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
$(call Build/Install/Default,)
endef
define Package/ca-certificates/install
$(INSTALL_DIR) $(1)/etc/ssl/certs
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
SUFFIX=0 ; \
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
let "SUFFIX += 1" ; \
done ; \
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
done
endef
define Package/ca-bundle/install
$(INSTALL_DIR) $(1)/etc/ssl/certs
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
endef
$(eval $(call BuildPackage,ca-bundle))
$(eval $(call BuildPackage,ca-certificates))