/[packages]/updates/2/rootcerts/current/SPECS/rootcerts.spec
ViewVC logotype

Contents of /updates/2/rootcerts/current/SPECS/rootcerts.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 343184 - (show annotations) (download)
Tue Jan 8 22:08:35 2013 UTC (11 years, 9 months ago) by oden
File size: 5191 byte(s)
- really add the new file this time

1 # don't make useless debug packages
2 %define _enable_debug_packages %{nil}
3 %define debug_package %{nil}
4
5 # _without = java enabled, _with = java disabled
6 %ifnarch %arm %mips
7 %bcond_without java
8 %else
9 %bcond_with java
10 %endif
11
12 Summary: Bundle of CA Root Certificates
13 Name: rootcerts
14 # <mrl> Use this versioning style in order to be easily backportable.
15 # Note that the release is the last two digits on the version.
16 # All BuildRequires for rootcerts should be done this way:
17 # BuildRequires: rootcerts >= 0:20070402.00, for example
18 # - NEVER specifying the %%{release}
19 Epoch: 1
20 Version: 20121229.00
21 Release: %mkrel 2
22 License: GPL
23 Group: System/Servers
24 URL: http://www.mageia.org
25 # S0 originates from http://switch.dl.sourceforge.net/sourceforge/courier/courier-0.52.1.tar.bz2
26 Source0: rootcerts.tar.bz2
27 # www.mail-archive.com/ modssl-users@modssl.org/msg16980.html
28 #cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt > certdata.txt
29 Source1: certdata.txt
30 Source2: rootcerts-igp-brasil.txt
31 # http://www.cacert.org/certs/root.der
32 Source3: cacert.org.der
33 # http://qa.mandriva.com/show_bug.cgi?id=29612
34 # https://www.verisign.com/support/verisign-intermediate-ca/secure-site-intermediate/index.html
35 Source4: verisign-class-3-secure-server-ca.pem
36 # Java JKS keystore generator:
37 # http://cvs.fedora.redhat.com/viewcvs/devel/ca-certificates/generate-cacerts.pl
38 Source6: generate-cacerts.pl
39 # Fix overwriting issue with generate-cacerts.pl
40 Patch0: generate-cacerts-fix-entrustsslca.patch
41 # Some hacks to make generate-cacerts.pl work with some of our certificates
42 Patch1: generate-cacerts-mageia.patch
43 # Just rename identically named certificates that are not handled by mageia.patch
44 Patch2: generate-cacerts-rename-duplicates.patch
45 BuildRequires: perl openssl nss
46 %if %with java
47 BuildRequires: java-rpmbuild
48 %endif
49
50 %description
51 This is a bundle of X.509 certificates of public Certificate
52 Authorities (CA). These were automatically extracted from Mozilla's
53 root CA list (the file "certdata.txt"). It contains the certificates
54 in both plain text and PEM format and therefore can be directly used
55 with an Apache/mod_ssl webserver for SSL client authentication. Just
56 configure this file as the SSLCACertificateFile.
57
58 %if %with java
59 %package java
60 Summary: Bundle of CA Root Certificates for Java
61 Group: Development/Java
62
63 %description java
64 Bundle of X.509 certificates of public Certificate Authorities (CA)
65 in a format used by Java Runtime Environment.
66 %endif
67
68 %prep
69
70 %setup -q -n rootcerts
71
72 mkdir -p builtins
73 cp %{SOURCE1} builtins/certdata.txt
74
75 # extract the license
76 head -36 builtins/certdata.txt > LICENSE
77
78 # add additional CA's here, needs to have the mozilla format...
79 cat %{SOURCE2} >> builtins/certdata.txt
80
81 # CAcert
82 cp %{SOURCE3} .
83
84 cp %{SOURCE6} .
85 %patch0 -p0
86 %patch1 -p0
87 %patch2 -p0
88
89 %build
90 rm -f configure
91 libtoolize --copy --force; aclocal; autoconf; automake --foreign --add-missing --copy
92
93 # CAcert
94 # http://wiki.cacert.org/wiki/NSSLib
95 addbuiltin -n "CAcert Inc." -t "CT,C,C" < cacert.org.der >> builtins/certdata.txt
96
97 # new verisign intermediate certificate
98 # -t trust trust flags (cCTpPuw).
99 openssl x509 -in %{SOURCE4} -inform PEM -outform DER | \
100 addbuiltin -n "VeriSign Class 3 Secure Server CA" \
101 -t "CT,C,C" >> builtins/certdata.txt
102
103 perl mkcerts.pl > certs.sh
104
105 %configure2_5x --with-certdb=%{_sysconfdir}/pki/tls/rootcerts
106 %make
107 cat pem/*.pem > ca-bundle.crt
108 cat %{SOURCE4} >> ca-bundle.crt
109
110 %if %with java
111 mkdir -p java
112 cd java
113 LC_ALL=C perl ../generate-cacerts.pl %{java_home}/bin/keytool ../ca-bundle.crt
114 cd ..
115 %endif
116
117 %install
118 rm -rf %{buildroot}
119
120 %makeinstall_std
121
122 install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
123 install -d %{buildroot}%{_sysconfdir}/pki/tls/mozilla
124 install -d %{buildroot}%{_bindir}
125
126 install -m0644 ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/certs/
127 ln -s certs/ca-bundle.crt %{buildroot}%{_sysconfdir}/pki/tls/cert.pem
128
129 install -m0644 builtins/certdata.txt %{buildroot}%{_sysconfdir}/pki/tls/mozilla/
130
131 %if %with java
132 install -d %{buildroot}%{_sysconfdir}/pki/java
133 install -m0644 java/cacerts %{buildroot}%{_sysconfdir}/pki/java/
134 %endif
135
136 cat > README << EOF
137
138 R O O T C E R T S
139 -----------------
140
141 This is a bundle of X.509 certificates of public Certificate
142 Authorities (CA). These were automatically extracted from Mozilla's
143 root CA list (the file "certdata.txt"). It contains the certificates
144 in both plain text and PEM format and therefore can be directly used
145 with an Apache/mod_ssl webserver for SSL client authentication. Just
146 configure this file as the SSLCACertificateFile.
147
148 EOF
149
150 # fix #58107
151 install -d %{buildroot}%{_sysconfdir}/ssl
152 ln -sf %{_sysconfdir}/pki/tls/certs %{buildroot}%{_sysconfdir}/ssl/certs
153
154 %clean
155 rm -rf %{buildroot}
156
157 %files
158 %defattr(-,root,root)
159 %doc README LICENSE
160 %{_sysconfdir}/pki/tls/cert.pem
161 %config(noreplace) %{_sysconfdir}/pki/tls/certs/ca-bundle.crt
162 %config(noreplace) %{_sysconfdir}/pki/tls/rootcerts/*
163 %config(noreplace) %{_sysconfdir}/pki/tls/mozilla/certdata.txt
164 %{_sysconfdir}/ssl/certs
165
166 %if %with java
167 %files java
168 %defattr(-,root,root)
169 %dir %{_sysconfdir}/pki/java
170 %config(noreplace) %{_sysconfdir}/pki/java/cacerts
171 %endif

  ViewVC Help
Powered by ViewVC 1.1.30