mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 14:13:16 +00:00
f611b014a7
This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
66 lines
1.8 KiB
Makefile
66 lines
1.8 KiB
Makefile
#
|
|
# Copyright (C) 2006-2017 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=ca-certificates
|
|
PKG_VERSION:=20200601
|
|
PKG_RELEASE:=1
|
|
PKG_MAINTAINER:=
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates
|
|
PKG_HASH:=43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63
|
|
PKG_BUILD_DIR:=$(BUILD_DIR)/work
|
|
PKG_INSTALL:=1
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/ca-certificates
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Package/ca-bundle
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates as a bundle
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Build/Install
|
|
mkdir -p \
|
|
$(PKG_INSTALL_DIR)/usr/sbin \
|
|
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
|
|
$(call Build/Install/Default,)
|
|
endef
|
|
|
|
define Package/ca-certificates/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
|
|
|
|
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
|
|
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
|
|
SUFFIX=0 ; \
|
|
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
|
|
let "SUFFIX += 1" ; \
|
|
done ; \
|
|
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
|
|
done
|
|
endef
|
|
|
|
define Package/ca-bundle/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
|
|
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
|
|
endef
|
|
$(eval $(call BuildPackage,ca-bundle))
|
|
$(eval $(call BuildPackage,ca-certificates))
|