Florian Eckert
9b12d41476
ca-certificates: add missing license information
...
The package has no licence information. So let's fix it.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 0da116f25b
)
Link: https://github.com/openwrt/openwrt/pull/15918
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-07-10 23:07:36 +02:00
Tianling Shen
14cbf041ea
ca-certificates: Update to version 20230311
...
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.
Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.
Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes : #1000847 )
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
| The following certificate authorities were added (+):
| + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
| + "Certainly Root E1"
| + "Certainly Root R1"
| + "D-TRUST BR Root CA 1 2020"
| + "D-TRUST EV Root CA 1 2020"
| + "DigiCert TLS ECC P384 Root G5"
| + "DigiCert TLS RSA4096 Root G5"
| + "E-Tugra Global Root CA ECC v3"
| + "E-Tugra Global Root CA RSA v3"
| + "HARICA TLS ECC Root CA 2021"
| + "HARICA TLS RSA Root CA 2021"
| + "HiPKI Root CA - G1"
| + "ISRG Root X2"
| + "Security Communication ECC RootCA1"
| + "Security Communication RootCA3"
| + "Telia Root CA v2"
| + "TunTrust Root CA"
| + "vTrus ECC Root CA"
| + "vTrus Root CA"
| The following certificate authorities were removed (-):
| - "Cybertrust Global Root" (expired)
| - "EC-ACC"
| - "GlobalSign Root CA - R2" (expired)
| - "Hellenic Academic and Research Institutions RootCA 2011"
| - "Network Solutions Certificate Authority"
| - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
| (closes : #980821 )
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes : #1008244 )
|[...]
[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac86
)
2023-05-31 23:10:06 +02:00
Christian Lamparter
25bc66eb40
ca-certificates: fix python3-cryptography woes in certdata2pem.py
...
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697 >
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-01 17:52:35 +01:00
Christian Lamparter
7c99085bd6
ca-certicficates: Update to version 20211016
...
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.
Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
| bundle to version 2.50
| The following certificate authorities were added (+):
| + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
| + "GlobalSign Root R46"
| + "GlobalSign Root E46"
| + "GLOBALTRUST 2020"
| + "ANF Secure Server Root CA"
| + "Certum EC-384 CA"
| + "Certum Trusted Root CA"
| The following certificate authorities were removed (-):
| - "QuoVadis Root CA"
| - "Sonera Class 2 Root CA"
| - "GeoTrust Primary Certification Authority - G2"
| - "VeriSign Universal Root Certification Authority"
| - "Chambers of Commerce Root - 2008"
| - "Global Chambersign Root - 2008"
| - "Trustis FPS Root CA"
| - "Staat der Nederlanden Root CA - G3"
| * Blacklist expired root certificate "DST Root CA X3" (closes : #995432 )
|[...]
[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog >
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-30 20:14:26 +01:00
David Bauer
9a9cf40dd9
download: add mirror alias for Debian
...
Add an alias for Debian packages and download them from the Debian
mirror redirector.
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-26 20:41:00 +01:00
Paul Menzel
ea1cdd1901
ca-certicficates: Update to version 20210119
...
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.
This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].
Debian change-log entry [2]:
> [ Julien Cristau ]
> * New maintainer (closes : #976406 )
> * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
> bundle to version 2.46.
> The following certificate authorities were added (+):
> + "certSIGN ROOT CA G2"
> + "e-Szigno Root CA 2017"
> + "Microsoft ECC Root Certificate Authority 2017"
> + "Microsoft RSA Root Certificate Authority 2017"
> + "NAVER Global Root Certification Authority"
> + "Trustwave Global Certification Authority"
> + "Trustwave Global ECC P256 Certification Authority"
> + "Trustwave Global ECC P384 Certification Authority"
> The following certificate authorities were removed (-):
> - "EE Certification Centre Root CA"
> - "GeoTrust Universal CA 2"
> - "LuxTrust Global Root 2"
> - "OISTE WISeKey Global Root GA CA"
> - "Staat der Nederlanden Root CA - G2" (closes : #962079 )
> - "Taiwan GRCA"
> - "Verisign Class 3 Public Primary Certification Authority - G3"
>
> [ Michael Shuler ]
> * mozilla/blacklist:
> Revert Symantec CA blacklist (#911289 ). Closes : #962596
> The following root certificates were added back (+):
> + "GeoTrust Primary Certification Authority - G2"
> + "VeriSign Universal Root Certification Authority"
>
> [ Gianfranco Costamagna ]
> * debian/{rules,control}:
> Merge Ubuntu patch from Matthias Klose to use Python3 during build.
> Closes : #942915
[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
2021-01-29 21:20:40 +01:00
Jianhui Zhao
8d7a6d48eb
ca-certificates: canonical the build dir
...
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2020-11-12 18:19:44 +01:00
Christian Lamparter
f611b014a7
ca-certificates: update to version 20200601
...
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.
A list of changes from Debian's change-log entry for 20200601 [0]:
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.40.
Closes : #956411 , #955038
* mozilla/blacklist.txt
Add distrusted Symantec CA list to blacklist for explicit removal.
Closes : #911289
Blacklist expired root certificate, "AddTrust External Root"
Closes : #961907
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog >
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Maxim Storchak
dd299805ad
ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
...
- both packages provide ca-certs
- make ca-bundle the default provider
This should allow easy transition between these two forms of CA certificates storage
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2019-12-23 00:22:07 +01:00
Josef Schlehofer
f22c33b40c
ca-certificates: update to version 20190110
...
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-03-21 00:57:54 +01:00
Christian Schoenebeck
c89195eb25
ca-caertificates: remove myself as PKG_MAINTAINER
...
remove myself as PKG_MAINTAINER
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:00:20 +02:00
Yousong Zhou
191078e83d
ca-certificates: ca-bundle: add symlink for openssl default setting
...
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixes openwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-07 18:19:39 +02:00
Christian Schoenebeck
80cb5c5703
ca-certificates: Update to Version 20180409
...
ca-certificates: Update to Version 20180409
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-05 09:32:04 +02:00
Christian Schoenebeck
a2a226e6e8
ca-certificates: Update to 20170717
...
Update to 20170717
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-08-18 18:44:38 +02:00
Christian Schoenebeck
7d7356df64
ca-certificates: Update to version 20161130+nmu1
...
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2017-06-24 14:11:06 +02:00
Felix Fietkau
720b99215d
treewide: clean up download hashes
...
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Christian Schoenebeck
6ae71708c9
ca-certificates: update to version 20161130
...
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2016-12-12 09:57:40 +01:00
Christian Schoenebeck
7ee661def6
ca-certificates: update to version 20161102
...
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2016-11-08 10:49:51 +01:00
Daniel Dickinson
3015af9647
ca-certificates: Add certificate bundle package
...
Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
2016-05-18 22:17:28 +02:00
Felix Fietkau
20a67881f4
ca-certificates: update to version 20160104
...
- update to latest version 20160104
- remove cpu dependency (PKGARCH:=all)
- set myself as package maintainer
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48271
2016-01-17 11:03:36 +00:00
John Crispin
e0c047c6c5
ca-certificates: update to version 20151214
...
update to version 20151214
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48000
2015-12-23 19:25:33 +00:00
John Crispin
157c9199b3
ca-certificates: update to version 20150426
...
update to version 20150426
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 45858
2015-05-31 17:45:54 +00:00
Nicolas Thill
fe46689f10
packages: use $(LN) macro, make symlinks relative
...
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 45250
2015-04-03 00:07:43 +00:00
Nicolas Thill
4b8ebb5d50
packages: remove uneeded PKG_BUILD_DIR overrides
...
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 44498
2015-02-22 01:31:21 +00:00
John Crispin
74a3a77bcd
license info - revert r43155
...
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a
Add more license tags with SPDX identifiers
...
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
John Crispin
9205c6da4b
ca-certificates: Update to Version 20141019
...
Update to Version 20141019
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 43111
2014-10-29 21:01:26 +00:00
Felix Fietkau
d282ccf383
ca-certificates: create symbolic link for certificate hashes
...
Implementing "add-cert.sh" functionality described at
http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
otherwise you need to create symbolic links for certificate hashes
yourself.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 42660
2014-09-25 07:38:02 +00:00
Steven Barth
e9ff251ca6
ca-certificates: bump to 20140325
...
SVN-Revision: 40894
2014-06-01 10:32:37 +00:00
Felix Fietkau
c295f65da9
ca-certificates: install to /etc/ssl/certs/ directly instead of installing a symlink ( fixes #15351 )
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40007
2014-03-23 11:59:37 +00:00
Felix Fietkau
02373252ba
ca-certificates: add system CA certificates package (based on the debian one)
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39984
2014-03-21 15:54:22 +00:00