| commit | author | age | ||
| c71b22 | 1 | # |
| AP | 2 | # This file and its contents are supplied under the terms of the |
| 3 | # Common Development and Distribution License ("CDDL"), version 1.0. | |
| 4 | # You may only use this file in accordance with the terms of version | |
| 5 | # 1.0 of the CDDL. | |
| 6 | # | |
| 7 | # A full copy of the text of the CDDL should have accompanied this | |
| 8 | # source. A copy of the CDDL is also available via the Internet at | |
| 9 | # http://www.illumos.org/license/CDDL. | |
| 10 | # | |
| 11 | ||
| 12 | # | |
| daddc0 | 13 | # Copyright 2016 Alexander Pyhalov |
| 745628 | 14 | # Copyright 2019 Michal Nowak |
| 712c8f | 15 | # Copyright 2021 Till Wegmueller |
| 4da016 | 16 | # Copyright 2022 David Stes |
| 46c15a | 17 | # Copyright 2023 Niklas Poslovski |
| c71b22 | 18 | # |
| AP | 19 | |
| d90b61 | 20 | BUILD_STYLE = archive |
| MT | 21 | BUILD_BITS = NO_ARCH |
| daddc0 | 22 | include ../../../make-rules/shared-macros.mk |
| c71b22 | 23 | |
| AP | 24 | COMPONENT_NAME= ca-certificates |
| 6c13f2 | 25 | COMPONENT_VERSION_MAJOR= 3 |
| a099c6 | 26 | COMPONENT_VERSION_MINOR= 99 |
| 6f06dd | 27 | COMPONENT_VERSION= $(COMPONENT_VERSION_MAJOR).$(COMPONENT_VERSION_MINOR) |
| a099c6 | 28 | HUMAN_VERSION= 20240315 |
| c6e76b | 29 | COMPONENT_SUMMARY= Common CA certificates |
| MN | 30 | COMPONENT_SRC= nss-$(COMPONENT_VERSION) |
| 31 | COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz | |
| a099c6 | 32 | COMPONENT_ARCHIVE_HASH= sha256:5cd5c2c8406a376686e6fa4b9c2de38aa280bea07bf927c0d521ba07c88b09bd |
| 6c13f2 | 33 | COMPONENT_ARCHIVE_URL= https://ftp.mozilla.org/pub/security/nss/releases/NSS_$(COMPONENT_VERSION_MAJOR)_$(COMPONENT_VERSION_MINOR)_RTM/src/$(COMPONENT_ARCHIVE) |
| AW | 34 | COMPONENT_PROJECT_URL= https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS |
| c6e76b | 35 | COMPONENT_FMRI= crypto/ca-certificates |
| 6f06dd | 36 | COMPONENT_LICENSE= MPLv2.0 |
| MN | 37 | COMPONENT_LICENSE_FILE= nss/COPYING |
| ce6993 | 38 | |
| d90b61 | 39 | BUILD_TARGET = $(BUILD_$(MK_BITS)) |
| MT | 40 | INSTALL_TARGET = $(INSTALL_$(MK_BITS)) |
| 41 | ||
| 42 | include $(WS_MAKE_RULES)/common.mk | |
| c71b22 | 43 | |
| 6c13f2 | 44 | PKG_OPTIONS += -I $(COMPONENT_DIR) |
| 042cf4 | 45 | |
| e23f2c | 46 | CLEAN_PATHS += $(BUILD_DIR) $(PROTO_DIR) |
| c71b22 | 47 | |
| d90b61 | 48 | $(BUILD_$(MK_BITS)): $(BUILD_DIR_$(MK_BITS))/.certs_renamed |
| c71b22 | 49 | |
| 4da016 | 50 | # some filenames are UTF-8 not 7bit ASCII because |
| DS | 51 | # certdata.txt has CKA_LABEL UTF8 entries that are not 7bit ASCII |
| 52 | # for example NetLock_Arany_(Class_Gold)_Ftanstvny.pem has a small letter o | |
| 53 | # which uses the Hungarian small latin o with double acute (U + 0151) | |
| 54 | # to avoid packaging UTF-8 non-ASCII paths in /etc, process by iconv | |
| 55 | # see Illumos bug #14510 and bug #11625 | |
| 56 | ||
| d90b61 | 57 | $(BUILD_DIR_$(MK_BITS))/.certs_renamed: $(BUILD_DIR_$(MK_BITS))/.certs_extracted |
| MT | 58 | for i in $(@D)/xx*; do \ |
| c71b22 | 59 | FILE_LEN=$$(wc -l "$$i" |awk ' { print $$1; }' ); \ |
| AP | 60 | BEGIN=$$(grep -n "BEGIN CERT" "$$i" |cut -d : -f 1); \ |
| 61 | TAIL=$$(($$FILE_LEN-$$BEGIN+1)); \ | |
| 216a12 | 62 | NAME=$$(head -1 "$$i" | tr ' ' '_' | \ |
| DS | 63 | iconv -c -f UTF-8 -t ASCII | \ |
| 64 | tr -d '?' | tr -d '(' | tr -d ')' \ | |
| 65 | ); \ | |
| d90b61 | 66 | tail -n $$TAIL "$$i" > $(@D)/$${NAME}.pem ;\ |
| c71b22 | 67 | done |
| AP | 68 | $(TOUCH) $@ |
| 69 | ||
| d90b61 | 70 | $(BUILD_DIR_$(MK_BITS))/.certs_extracted: $(BUILD_DIR_$(MK_BITS))/ca-bundle.processed |
| MT | 71 | cd $(@D) &&\ |
| 72 | NUM=$$(awk '/BEGIN/{n++} END{print n-2}' $(@D)/ca-bundle.processed) &&\ | |
| 73 | csplit -s -n 3 $(@D)/ca-bundle.processed '/END CERT/1' "{$$NUM}" | |
| c71b22 | 74 | $(TOUCH) $@ |
| AP | 75 | |
| d90b61 | 76 | $(BUILD_DIR_$(MK_BITS))/ca-bundle.processed: $(BUILD_DIR_$(MK_BITS))/ca-bundle.crt |
| MT | 77 | grep -v '^#' $(@D)/ca-bundle.crt | grep -v '^$$' > $@ |
| c71b22 | 78 | |
| d90b61 | 79 | $(BUILD_DIR_$(MK_BITS))/ca-bundle.crt: $(BUILD_DIR_$(MK_BITS))/certdata.txt |
| MT | 80 | cd $(@D) && $(PERL) $(COMPONENT_DIR)/files/mk-ca-bundle.pl -n |
| c71b22 | 81 | |
| AP | 82 | |
| d90b61 | 83 | $(BUILD_DIR_$(MK_BITS))/certdata.txt: $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt |
| MT | 84 | $(MKDIR) $(@D) |
| c71b22 | 85 | $(CP) $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt $@ |
| AP | 86 | |
| 87 | $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt: $(SOURCE_DIR)/.prep | |
| 88 | ||
| d90b61 | 89 | $(INSTALL_$(MK_BITS)): $(BUILD_$(MK_BITS)) |
| c71b22 | 90 | $(MKDIR) $(PROTO_DIR)/etc/certs/CA $(PROTO_DIR)/etc/openssl/certs |
| d90b61 | 91 | $(CP) $(@D)/*.pem $(PROTO_DIR)/etc/certs/CA/ |
| c71b22 | 92 | cd $(PROTO_DIR)/etc/certs/CA &&\ |
| AP | 93 | for i in *.pem ; do \ |
| 94 | HASH=$$(openssl x509 -noout -hash -in $$i); \ | |
| e23f2c | 95 | ln -fs ../../certs/CA/$${i} ../../openssl/certs/$${HASH}.0; \ |
| c71b22 | 96 | done; |
| AP | 97 | touch $@ |
| 7d64a7 | 98 | |
| AW | 99 | # Manually added dependencies |
| daddc0 | 100 | REQUIRED_PACKAGES += file/gnu-coreutils |
| AP | 101 | REQUIRED_PACKAGES += library/security/openssl |
| d90b61 | 102 | REQUIRED_PACKAGES += runtime/perl |
| MT | 103 | REQUIRED_PACKAGES += library/perl-5/libwww-perl |
| daddc0 | 104 | REQUIRED_PACKAGES += text/gawk |
| AP | 105 | REQUIRED_PACKAGES += text/gnu-grep |
| 4da016 | 106 | REQUIRED_PACKAGES += system/library/iconv/utf-8 |
| 7d64a7 | 107 | |
| 99f131 | 108 | # Auto-generated dependencies |
| d90b61 | 109 | REQUIRED_PACKAGES += system/ca-certificates |
