mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-22 15:02:32 +00:00
7c83b6ac86
Update the ca-certificates and ca-bundle package from version 20211016 to version 20230311. Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches. Debian change-log entry [1]: |[...] |[ Đoàn Trần Công Danh ] |* ca-certificates: compat with non-GNU mktemp (closes: #1000847) | |[ Ilya Lipnitskiy ] |* certdata2pem.py: use UTC time when checking cert validity | |[ Julien Cristau ] |* Update Mozilla certificate authority bundle to version 2.60 | The following certificate authorities were added (+): | + "Autoridad de Certificacion Firmaprofesional CIF A62634068" | + "Certainly Root E1" | + "Certainly Root R1" | + "D-TRUST BR Root CA 1 2020" | + "D-TRUST EV Root CA 1 2020" | + "DigiCert TLS ECC P384 Root G5" | + "DigiCert TLS RSA4096 Root G5" | + "E-Tugra Global Root CA ECC v3" | + "E-Tugra Global Root CA RSA v3" | + "HARICA TLS ECC Root CA 2021" | + "HARICA TLS RSA Root CA 2021" | + "HiPKI Root CA - G1" | + "ISRG Root X2" | + "Security Communication ECC RootCA1" | + "Security Communication RootCA3" | + "Telia Root CA v2" | + "TunTrust Root CA" | + "vTrus ECC Root CA" | + "vTrus Root CA" | The following certificate authorities were removed (-): | - "Cybertrust Global Root" (expired) | - "EC-ACC" | - "GlobalSign Root CA - R2" (expired) | - "Hellenic Academic and Research Institutions RootCA 2011" | - "Network Solutions Certificate Authority" | - "Staat der Nederlanden EV Root CA" (expired) |* Drop trailing space from debconf template causing misformatting | (closes: #980821) | |[ Wataru Ashihara ] |* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) |[...] [1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
68 lines
1.8 KiB
Makefile
68 lines
1.8 KiB
Makefile
#
|
|
# Copyright (C) 2006-2017 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=ca-certificates
|
|
PKG_VERSION:=20230311
|
|
PKG_RELEASE:=1
|
|
PKG_MAINTAINER:=
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
|
|
PKG_HASH:=83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3
|
|
PKG_INSTALL:=1
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
TAR_OPTIONS+= --strip-components 1
|
|
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
|
|
|
|
define Package/ca-certificates
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Package/ca-bundle
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates as a bundle
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Build/Install
|
|
mkdir -p \
|
|
$(PKG_INSTALL_DIR)/usr/sbin \
|
|
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
|
|
$(call Build/Install/Default,)
|
|
endef
|
|
|
|
define Package/ca-certificates/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
|
|
|
|
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
|
|
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
|
|
SUFFIX=0 ; \
|
|
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
|
|
let "SUFFIX += 1" ; \
|
|
done ; \
|
|
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
|
|
done
|
|
endef
|
|
|
|
define Package/ca-bundle/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
|
|
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
|
|
endef
|
|
$(eval $(call BuildPackage,ca-bundle))
|
|
$(eval $(call BuildPackage,ca-certificates))
|