mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-25 16:31:13 +00:00
ce32068bf2
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.
Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.
Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
| The following certificate authorities were added (+):
| + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
| + "Certainly Root E1"
| + "Certainly Root R1"
| + "D-TRUST BR Root CA 1 2020"
| + "D-TRUST EV Root CA 1 2020"
| + "DigiCert TLS ECC P384 Root G5"
| + "DigiCert TLS RSA4096 Root G5"
| + "E-Tugra Global Root CA ECC v3"
| + "E-Tugra Global Root CA RSA v3"
| + "HARICA TLS ECC Root CA 2021"
| + "HARICA TLS RSA Root CA 2021"
| + "HiPKI Root CA - G1"
| + "ISRG Root X2"
| + "Security Communication ECC RootCA1"
| + "Security Communication RootCA3"
| + "Telia Root CA v2"
| + "TunTrust Root CA"
| + "vTrus ECC Root CA"
| + "vTrus Root CA"
| The following certificate authorities were removed (-):
| - "Cybertrust Global Root" (expired)
| - "EC-ACC"
| - "GlobalSign Root CA - R2" (expired)
| - "Hellenic Academic and Research Institutions RootCA 2011"
| - "Network Solutions Certificate Authority"
| - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
| (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]
[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac86
)
68 lines
1.8 KiB
Makefile
68 lines
1.8 KiB
Makefile
#
|
|
# Copyright (C) 2006-2017 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=ca-certificates
|
|
PKG_VERSION:=20230311
|
|
PKG_RELEASE:=1
|
|
PKG_MAINTAINER:=
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
|
|
PKG_HASH:=83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3
|
|
PKG_INSTALL:=1
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
TAR_OPTIONS+= --strip-components 1
|
|
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
|
|
|
|
define Package/ca-certificates
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Package/ca-bundle
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
TITLE:=System CA certificates as a bundle
|
|
PKGARCH:=all
|
|
PROVIDES:=ca-certs
|
|
endef
|
|
|
|
define Build/Install
|
|
mkdir -p \
|
|
$(PKG_INSTALL_DIR)/usr/sbin \
|
|
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
|
|
$(call Build/Install/Default,)
|
|
endef
|
|
|
|
define Package/ca-certificates/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
|
|
|
|
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
|
|
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
|
|
SUFFIX=0 ; \
|
|
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
|
|
let "SUFFIX += 1" ; \
|
|
done ; \
|
|
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
|
|
done
|
|
endef
|
|
|
|
define Package/ca-bundle/install
|
|
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
|
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
|
|
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
|
|
endef
|
|
$(eval $(call BuildPackage,ca-bundle))
|
|
$(eval $(call BuildPackage,ca-certificates))
|