commit | author | age
|
c71b22
|
1 |
# |
AP |
2 |
# This file and its contents are supplied under the terms of the |
|
3 |
# Common Development and Distribution License ("CDDL"), version 1.0. |
|
4 |
# You may only use this file in accordance with the terms of version |
|
5 |
# 1.0 of the CDDL. |
|
6 |
# |
|
7 |
# A full copy of the text of the CDDL should have accompanied this |
|
8 |
# source. A copy of the CDDL is also available via the Internet at |
|
9 |
# http://www.illumos.org/license/CDDL. |
|
10 |
# |
|
11 |
|
|
12 |
# |
daddc0
|
13 |
# Copyright 2016 Alexander Pyhalov |
745628
|
14 |
# Copyright 2019 Michal Nowak |
712c8f
|
15 |
# Copyright 2021 Till Wegmueller |
4da016
|
16 |
# Copyright 2022 David Stes |
46c15a
|
17 |
# Copyright 2023 Niklas Poslovski |
c71b22
|
18 |
# |
AP |
19 |
|
d90b61
|
20 |
BUILD_STYLE = archive |
MT |
21 |
BUILD_BITS = NO_ARCH |
daddc0
|
22 |
include ../../../make-rules/shared-macros.mk |
c71b22
|
23 |
|
AP |
24 |
COMPONENT_NAME= ca-certificates |
6c13f2
|
25 |
COMPONENT_VERSION_MAJOR= 3 |
a099c6
|
26 |
COMPONENT_VERSION_MINOR= 99 |
6f06dd
|
27 |
COMPONENT_VERSION= $(COMPONENT_VERSION_MAJOR).$(COMPONENT_VERSION_MINOR) |
a099c6
|
28 |
HUMAN_VERSION= 20240315 |
c6e76b
|
29 |
COMPONENT_SUMMARY= Common CA certificates |
MN |
30 |
COMPONENT_SRC= nss-$(COMPONENT_VERSION) |
|
31 |
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz |
a099c6
|
32 |
COMPONENT_ARCHIVE_HASH= sha256:5cd5c2c8406a376686e6fa4b9c2de38aa280bea07bf927c0d521ba07c88b09bd |
6c13f2
|
33 |
COMPONENT_ARCHIVE_URL= https://ftp.mozilla.org/pub/security/nss/releases/NSS_$(COMPONENT_VERSION_MAJOR)_$(COMPONENT_VERSION_MINOR)_RTM/src/$(COMPONENT_ARCHIVE) |
AW |
34 |
COMPONENT_PROJECT_URL= https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS |
c6e76b
|
35 |
COMPONENT_FMRI= crypto/ca-certificates |
6f06dd
|
36 |
COMPONENT_LICENSE= MPLv2.0 |
MN |
37 |
COMPONENT_LICENSE_FILE= nss/COPYING |
ce6993
|
38 |
|
d90b61
|
39 |
BUILD_TARGET = $(BUILD_$(MK_BITS)) |
MT |
40 |
INSTALL_TARGET = $(INSTALL_$(MK_BITS)) |
|
41 |
|
|
42 |
include $(WS_MAKE_RULES)/common.mk |
c71b22
|
43 |
|
6c13f2
|
44 |
PKG_OPTIONS += -I $(COMPONENT_DIR) |
042cf4
|
45 |
|
e23f2c
|
46 |
CLEAN_PATHS += $(BUILD_DIR) $(PROTO_DIR) |
c71b22
|
47 |
|
d90b61
|
48 |
$(BUILD_$(MK_BITS)): $(BUILD_DIR_$(MK_BITS))/.certs_renamed |
c71b22
|
49 |
|
4da016
|
50 |
# some filenames are UTF-8 not 7bit ASCII because |
DS |
51 |
# certdata.txt has CKA_LABEL UTF8 entries that are not 7bit ASCII |
|
52 |
# for example NetLock_Arany_(Class_Gold)_Ftanstvny.pem has a small letter o |
|
53 |
# which uses the Hungarian small latin o with double acute (U + 0151) |
|
54 |
# to avoid packaging UTF-8 non-ASCII paths in /etc, process by iconv |
|
55 |
# see Illumos bug #14510 and bug #11625 |
|
56 |
|
d90b61
|
57 |
$(BUILD_DIR_$(MK_BITS))/.certs_renamed: $(BUILD_DIR_$(MK_BITS))/.certs_extracted |
MT |
58 |
for i in $(@D)/xx*; do \ |
c71b22
|
59 |
FILE_LEN=$$(wc -l "$$i" |awk ' { print $$1; }' ); \ |
AP |
60 |
BEGIN=$$(grep -n "BEGIN CERT" "$$i" |cut -d : -f 1); \ |
|
61 |
TAIL=$$(($$FILE_LEN-$$BEGIN+1)); \ |
216a12
|
62 |
NAME=$$(head -1 "$$i" | tr ' ' '_' | \ |
DS |
63 |
iconv -c -f UTF-8 -t ASCII | \ |
|
64 |
tr -d '?' | tr -d '(' | tr -d ')' \ |
|
65 |
); \ |
d90b61
|
66 |
tail -n $$TAIL "$$i" > $(@D)/$${NAME}.pem ;\ |
c71b22
|
67 |
done |
AP |
68 |
$(TOUCH) $@ |
|
69 |
|
d90b61
|
70 |
$(BUILD_DIR_$(MK_BITS))/.certs_extracted: $(BUILD_DIR_$(MK_BITS))/ca-bundle.processed |
MT |
71 |
cd $(@D) &&\ |
|
72 |
NUM=$$(awk '/BEGIN/{n++} END{print n-2}' $(@D)/ca-bundle.processed) &&\ |
|
73 |
csplit -s -n 3 $(@D)/ca-bundle.processed '/END CERT/1' "{$$NUM}" |
c71b22
|
74 |
$(TOUCH) $@ |
AP |
75 |
|
d90b61
|
76 |
$(BUILD_DIR_$(MK_BITS))/ca-bundle.processed: $(BUILD_DIR_$(MK_BITS))/ca-bundle.crt |
MT |
77 |
grep -v '^#' $(@D)/ca-bundle.crt | grep -v '^$$' > $@ |
c71b22
|
78 |
|
d90b61
|
79 |
$(BUILD_DIR_$(MK_BITS))/ca-bundle.crt: $(BUILD_DIR_$(MK_BITS))/certdata.txt |
MT |
80 |
cd $(@D) && $(PERL) $(COMPONENT_DIR)/files/mk-ca-bundle.pl -n |
c71b22
|
81 |
|
AP |
82 |
|
d90b61
|
83 |
$(BUILD_DIR_$(MK_BITS))/certdata.txt: $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt |
MT |
84 |
$(MKDIR) $(@D) |
c71b22
|
85 |
$(CP) $(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt $@ |
AP |
86 |
|
|
87 |
$(SOURCE_DIR)/nss/lib/ckfw/builtins/certdata.txt: $(SOURCE_DIR)/.prep |
|
88 |
|
d90b61
|
89 |
$(INSTALL_$(MK_BITS)): $(BUILD_$(MK_BITS)) |
c71b22
|
90 |
$(MKDIR) $(PROTO_DIR)/etc/certs/CA $(PROTO_DIR)/etc/openssl/certs |
d90b61
|
91 |
$(CP) $(@D)/*.pem $(PROTO_DIR)/etc/certs/CA/ |
c71b22
|
92 |
cd $(PROTO_DIR)/etc/certs/CA &&\ |
AP |
93 |
for i in *.pem ; do \ |
|
94 |
HASH=$$(openssl x509 -noout -hash -in $$i); \ |
e23f2c
|
95 |
ln -fs ../../certs/CA/$${i} ../../openssl/certs/$${HASH}.0; \ |
c71b22
|
96 |
done; |
AP |
97 |
touch $@ |
7d64a7
|
98 |
|
AW |
99 |
# Manually added dependencies |
daddc0
|
100 |
REQUIRED_PACKAGES += file/gnu-coreutils |
AP |
101 |
REQUIRED_PACKAGES += library/security/openssl |
d90b61
|
102 |
REQUIRED_PACKAGES += runtime/perl |
MT |
103 |
REQUIRED_PACKAGES += library/perl-5/libwww-perl |
daddc0
|
104 |
REQUIRED_PACKAGES += text/gawk |
AP |
105 |
REQUIRED_PACKAGES += text/gnu-grep |
4da016
|
106 |
REQUIRED_PACKAGES += system/library/iconv/utf-8 |
7d64a7
|
107 |
|
99f131
|
108 |
# Auto-generated dependencies |
d90b61
|
109 |
REQUIRED_PACKAGES += system/ca-certificates |