/[packages]/cauldron/rootcerts/current/SPECS/rootcerts.spec
ViewVC logotype

Contents of /cauldron/rootcerts/current/SPECS/rootcerts.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 137233 - (show annotations) (download)
Wed Aug 31 14:52:28 2011 UTC (12 years, 7 months ago) by dmorgan
File size: 5378 byte(s)
- new certdata.txt file (fixes MFSA 2011-34 Protection against fraudulent DigiNotar certificates)
1 # don't make useless debug packages
2 %define _enable_debug_packages %{nil}
3 %define debug_package %{nil}
4
5 # _without = java enabled, _with = java disabled
6 %ifnarch %arm %mips
7 %bcond_without java
8 %else
9 %bcond_with java
10 %endif
11
12 Summary: Bundle of CA Root Certificates
13 Name: rootcerts
14 # <mrl> Use this versioning style in order to be easily backportable.
15 # Note that the release is the last two digits on the version.
16 # All BuildRequires for rootcerts should be done this way:
17 # BuildRequires: rootcerts >= 0:20070402.00, for example
18 # - NEVER specifying the %%{release}
19 Epoch: 1
20 Version: 20110830.00
21 Release: %mkrel 1
22 License: GPL
23 Group: System/Servers
24 URL: http://www.mageia.org
25 # S0 originates from http://switch.dl.sourceforge.net/sourceforge/courier/courier-0.52.1.tar.bz2
26 Source0: rootcerts.tar.bz2
27 # www.mail-archive.com/ modssl-users@modssl.org/msg16980.html
28 #cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt > certdata.txt
29 Source1: certdata.txt
30 Source2: rootcerts-igp-brasil.txt
31 # http://www.cacert.org/certs/root.der
32 Source3: cacert.org.der
33 # http://qa.mandriva.com/show_bug.cgi?id=29612
34 # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
35 Source4: verisign-class-3-secure-server-ca.pem
36 # Java JKS keystore generator:
37 # http://cvs.fedora.redhat.com/viewcvs/devel/ca-certificates/generate-cacerts.pl
38 Source6: generate-cacerts.pl
39 # Fix overwriting issue with generate-cacerts.pl
40 Patch0: generate-cacerts-fix-entrustsslca.patch
41 # Some hacks to make generate-cacerts.pl work with some of our certificates
42 Patch1: generate-cacerts-mageia.patch
43 # Just rename identically named certificates that are not handled by mageia.patch
44 Patch2: generate-cacerts-rename-duplicates.patch
45 # remove the MD5 Collisions Forged Rogue CA 25c3 one
46 Patch3: certdata-MD5_Collisions_Forged_Rogue_CA_25c3.diff
47 BuildRequires: perl openssl nss
48 %if %with java
49 BuildRequires: java-rpmbuild
50 %endif
51 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
52
53 %description
54 This is a bundle of X.509 certificates of public Certificate
55 Authorities (CA). These were automatically extracted from Mozilla's
56 root CA list (the file "certdata.txt"). It contains the certificates
57 in both plain text and PEM format and therefore can be directly used
58 with an Apache/mod_ssl webserver for SSL client authentication. Just
59 configure this file as the SSLCACertificateFile.
60
61 %if %with java
62 %package java
63 Summary: Bundle of CA Root Certificates for Java
64 Group: Development/Java
65
66 %description java
67 Bundle of X.509 certificates of public Certificate Authorities (CA)
68 in a format used by Java Runtime Environment.
69 %endif
70
71 %prep
72
73 %setup -q -n rootcerts
74
75 mkdir -p builtins
76 cp %{SOURCE1} builtins/certdata.txt
77 %patch3 -p0
78
79 # extract the license
80 head -36 builtins/certdata.txt > LICENSE
81
82 # add additional CA's here, needs to have the mozilla format...
83 cat %{SOURCE2} >> builtins/certdata.txt
84
85 # CAcert
86 cp %{SOURCE3} .
87
88 cp %{SOURCE6} .
89 %patch0 -p0
90 %patch1 -p0
91 %patch2 -p0
92
93 %build
94 rm -f configure
95 libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy
96
97 # CAcert
98 # http://wiki.cacert.org/wiki/NSSLib
99 addbuiltin -n "CAcert Inc." -t "CT,C,C" < cacert.org.der >> builtins/certdata.txt
100
101 # new verisign intermediate certificate
102 # -t trust trust flags (cCTpPuw).
103 openssl x509 -in %{SOURCE4} -inform PEM -outform DER | \
104 addbuiltin -n "VeriSign Class 3 Secure Server CA" \
105 -t "CT,C,C" >> builtins/certdata.txt
106
107 perl mkcerts.pl > certs.sh
108
109 %configure2_5x --with-certdb=%{_sysconfdir}/pki/tls/rootcerts
110 %make
111 cat pem/*.pem > ca-bundle.crt
112 cat %{SOURCE4} >> ca-bundle.crt
113
114 %if %with java
115 mkdir -p java
116 cd java
117 LC_ALL=C perl ../generate-cacerts.pl %{java_home}/bin/keytool ../ca-bundle.crt
118 cd ..
119 %endif
120
121 %install
122 rm -rf %{buildroot}
123
124 %makeinstall_std
125
126 install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
127 install -d %{buildroot}%{_sysconfdir}/pki/tls/mozilla
128 install -d %{buildroot}%{_bindir}
129
130 install -m0644 ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/certs/
131 ln -s certs/ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/cert.pem
132
133 install -m0644 builtins/certdata.txt %{buildroot}%{_sysconfdir}/pki/tls/mozilla/
134
135 %if %with java
136 install -d %{buildroot}%{_sysconfdir}/pki/java
137 install -m0644 java/cacerts %{buildroot}%{_sysconfdir}/pki/java/
138 %endif
139
140 cat > README << EOF
141
142 R O O T C E R T S
143 -----------------
144
145 This is a bundle of X.509 certificates of public Certificate
146 Authorities (CA). These were automatically extracted from Mozilla's
147 root CA list (the file "certdata.txt"). It contains the certificates
148 in both plain text and PEM format and therefore can be directly used
149 with an Apache/mod_ssl webserver for SSL client authentication. Just
150 configure this file as the SSLCACertificateFile.
151
152 EOF
153
154 # fix #58107
155 install -d %{buildroot}%{_sysconfdir}/ssl
156 ln -sf %{_sysconfdir}/pki/tls/certs %{buildroot}%{_sysconfdir}/ssl/certs
157
158 %clean
159 rm -rf %{buildroot}
160
161 %files
162 %defattr(-,root,root)
163 %doc README LICENSE
164 %{_sysconfdir}/pki/tls/cert.pem
165 %config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
166 %config(noreplace) %{_sysconfdir}/pki/tls/rootcerts/*
167 %config(noreplace) %{_sysconfdir}/pki/tls/mozilla/certdata.txt
168 %{_sysconfdir}/ssl/certs
169
170 %if %with java
171 %files java
172 %defattr(-,root,root)
173 %dir %{_sysconfdir}/pki/java
174 %config(noreplace) %{_sysconfdir}/pki/java/cacerts
175 %endif

  ViewVC Help
Powered by ViewVC 1.1.30