/[packages]/cauldron/rootcerts/current/SPECS/rootcerts.spec
ViewVC logotype

Annotation of /cauldron/rootcerts/current/SPECS/rootcerts.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 310747 - (hide annotations) (download)
Sat Oct 27 16:02:15 2012 UTC (11 years, 5 months ago) by luigiwalser
File size: 5191 byte(s)
update certdata.txt to 2012/10/18 version
1 pterjan 16345 # don't make useless debug packages
2     %define _enable_debug_packages %{nil}
3     %define debug_package %{nil}
4    
5     # _without = java enabled, _with = java disabled
6     %ifnarch %arm %mips
7     %bcond_without java
8     %else
9     %bcond_with java
10     %endif
11    
12     Summary: Bundle of CA Root Certificates
13     Name: rootcerts
14     # <mrl> Use this versioning style in order to be easily backportable.
15     # Note that the release is the last two digits on the version.
16     # All BuildRequires for rootcerts should be done this way:
17     # BuildRequires: rootcerts >= 0:20070402.00, for example
18     # - NEVER specifying the %%{release}
19     Epoch: 1
20 luigiwalser 310747 Version: 20121018.00
21 pterjan 89064 Release: %mkrel 1
22 pterjan 16345 License: GPL
23     Group: System/Servers
24 wally 18895 URL: http://www.mageia.org
25 pterjan 16345 # S0 originates from http://switch.dl.sourceforge.net/sourceforge/courier/courier-0.52.1.tar.bz2
26     Source0: rootcerts.tar.bz2
27     # www.mail-archive.com/ modssl-users@modssl.org/msg16980.html
28 pterjan 89070 #cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt > certdata.txt
29 pterjan 16345 Source1: certdata.txt
30     Source2: rootcerts-igp-brasil.txt
31     # http://www.cacert.org/certs/root.der
32     Source3: cacert.org.der
33     # http://qa.mandriva.com/show_bug.cgi?id=29612
34     # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
35     Source4: verisign-class-3-secure-server-ca.pem
36     # Java JKS keystore generator:
37     # http://cvs.fedora.redhat.com/viewcvs/devel/ca-certificates/generate-cacerts.pl
38     Source6: generate-cacerts.pl
39     # Fix overwriting issue with generate-cacerts.pl
40     Patch0: generate-cacerts-fix-entrustsslca.patch
41     # Some hacks to make generate-cacerts.pl work with some of our certificates
42 wally 18895 Patch1: generate-cacerts-mageia.patch
43     # Just rename identically named certificates that are not handled by mageia.patch
44 pterjan 16345 Patch2: generate-cacerts-rename-duplicates.patch
45     BuildRequires: perl openssl nss
46     %if %with java
47     BuildRequires: java-rpmbuild
48     %endif
49    
50     %description
51     This is a bundle of X.509 certificates of public Certificate
52     Authorities (CA). These were automatically extracted from Mozilla's
53     root CA list (the file "certdata.txt"). It contains the certificates
54     in both plain text and PEM format and therefore can be directly used
55     with an Apache/mod_ssl webserver for SSL client authentication. Just
56     configure this file as the SSLCACertificateFile.
57    
58     %if %with java
59     %package java
60     Summary: Bundle of CA Root Certificates for Java
61     Group: Development/Java
62    
63     %description java
64     Bundle of X.509 certificates of public Certificate Authorities (CA)
65     in a format used by Java Runtime Environment.
66     %endif
67    
68     %prep
69    
70     %setup -q -n rootcerts
71    
72     mkdir -p builtins
73     cp %{SOURCE1} builtins/certdata.txt
74    
75     # extract the license
76     head -36 builtins/certdata.txt > LICENSE
77    
78     # add additional CA's here, needs to have the mozilla format...
79     cat %{SOURCE2} >> builtins/certdata.txt
80    
81     # CAcert
82     cp %{SOURCE3} .
83    
84     cp %{SOURCE6} .
85     %patch0 -p0
86     %patch1 -p0
87     %patch2 -p0
88    
89     %build
90     rm -f configure
91     libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy
92    
93     # CAcert
94     # http://wiki.cacert.org/wiki/NSSLib
95     addbuiltin -n "CAcert Inc." -t "CT,C,C" < cacert.org.der >> builtins/certdata.txt
96    
97     # new verisign intermediate certificate
98     # -t trust trust flags (cCTpPuw).
99     openssl x509 -in %{SOURCE4} -inform PEM -outform DER | \
100     addbuiltin -n "VeriSign Class 3 Secure Server CA" \
101     -t "CT,C,C" >> builtins/certdata.txt
102    
103     perl mkcerts.pl > certs.sh
104    
105     %configure2_5x --with-certdb=%{_sysconfdir}/pki/tls/rootcerts
106     %make
107     cat pem/*.pem > ca-bundle.crt
108     cat %{SOURCE4} >> ca-bundle.crt
109    
110     %if %with java
111     mkdir -p java
112     cd java
113     LC_ALL=C perl ../generate-cacerts.pl %{java_home}/bin/keytool ../ca-bundle.crt
114     cd ..
115     %endif
116    
117     %install
118     rm -rf %{buildroot}
119    
120     %makeinstall_std
121    
122     install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
123     install -d %{buildroot}%{_sysconfdir}/pki/tls/mozilla
124     install -d %{buildroot}%{_bindir}
125    
126     install -m0644 ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/certs/
127     ln -s certs/ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/cert.pem
128    
129     install -m0644 builtins/certdata.txt %{buildroot}%{_sysconfdir}/pki/tls/mozilla/
130    
131     %if %with java
132     install -d %{buildroot}%{_sysconfdir}/pki/java
133     install -m0644 java/cacerts %{buildroot}%{_sysconfdir}/pki/java/
134     %endif
135    
136     cat > README << EOF
137    
138     R O O T C E R T S
139     -----------------
140    
141     This is a bundle of X.509 certificates of public Certificate
142     Authorities (CA). These were automatically extracted from Mozilla's
143     root CA list (the file "certdata.txt"). It contains the certificates
144     in both plain text and PEM format and therefore can be directly used
145     with an Apache/mod_ssl webserver for SSL client authentication. Just
146     configure this file as the SSLCACertificateFile.
147    
148     EOF
149    
150     # fix #58107
151     install -d %{buildroot}%{_sysconfdir}/ssl
152     ln -sf %{_sysconfdir}/pki/tls/certs %{buildroot}%{_sysconfdir}/ssl/certs
153    
154     %clean
155     rm -rf %{buildroot}
156    
157     %files
158     %defattr(-,root,root)
159     %doc README LICENSE
160     %{_sysconfdir}/pki/tls/cert.pem
161     %config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
162     %config(noreplace) %{_sysconfdir}/pki/tls/rootcerts/*
163     %config(noreplace) %{_sysconfdir}/pki/tls/mozilla/certdata.txt
164     %{_sysconfdir}/ssl/certs
165    
166     %if %with java
167     %files java
168     %defattr(-,root,root)
169     %dir %{_sysconfdir}/pki/java
170     %config(noreplace) %{_sysconfdir}/pki/java/cacerts
171     %endif

  ViewVC Help
Powered by ViewVC 1.1.30