diff options
author | bsiegert <bsiegert@pkgsrc.org> | 2013-03-15 16:14:55 +0000 |
---|---|---|
committer | bsiegert <bsiegert@pkgsrc.org> | 2013-03-15 16:14:55 +0000 |
commit | e9a5a20cf47771ff5b437f906fe7ad909214178a (patch) | |
tree | 645b3cbd6f64cf856beeb9be7748ac62b5060614 /security | |
parent | f39296d487b8083a36552c6f087c81712b22e9bf (diff) | |
download | pkgsrc-e9a5a20cf47771ff5b437f906fe7ad909214178a.tar.gz |
Add a new subcommand "mozilla-rootcerts install" that unpacks and installs
the certificates with a single command.
ok gdt, wiz
Diffstat (limited to 'security')
-rw-r--r-- | security/mozilla-rootcerts/MESSAGE | 19 | ||||
-rw-r--r-- | security/mozilla-rootcerts/Makefile | 15 | ||||
-rw-r--r-- | security/mozilla-rootcerts/files/mozilla-rootcerts.sh | 28 |
3 files changed, 44 insertions, 18 deletions
diff --git a/security/mozilla-rootcerts/MESSAGE b/security/mozilla-rootcerts/MESSAGE index 2212f38d438..d0125280369 100644 --- a/security/mozilla-rootcerts/MESSAGE +++ b/security/mozilla-rootcerts/MESSAGE @@ -1,20 +1,13 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.3 2011/06/10 16:23:45 drochner Exp $ +$NetBSD: MESSAGE,v 1.4 2013/03/15 16:14:55 bsiegert Exp $ -Execute these commands to extract and rehash all CA root certificates +Execute this command to extract and rehash all CA root certificates distributed by the Mozilla Project, so that they can be used by third -party applications using OpenSSL: +party applications using OpenSSL. It also creates a single file +certificate bundle in PEM format which can be used by applications using +GnuTLS. - # cd /etc/openssl/certs # Default SSLCERTS path for NetBSD - # mozilla-rootcerts extract - # mozilla-rootcerts rehash - -To create a single file certificate bundle in PEM format which can -be used by applications using GnuTLS, do the following: - - # mkdir -p /etc/ssl/certs - # cd /etc/ssl/certs - # cat ../../openssl/certs/*.pem >ca-certificates.crt + # mozilla-rootcerts install To mark these certificates as trusted for users of gnupg2, do the following (assuming default PKG_SYSCONFBASE and a Bourne shell): diff --git a/security/mozilla-rootcerts/Makefile b/security/mozilla-rootcerts/Makefile index b556716707f..3505a9d9053 100644 --- a/security/mozilla-rootcerts/Makefile +++ b/security/mozilla-rootcerts/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.11 2013/03/15 12:36:25 fhajny Exp $ +# $NetBSD: Makefile,v 1.12 2013/03/15 16:14:55 bsiegert Exp $ DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_LOCAL} DISTFILES= ${CERTDATA} @@ -11,7 +12,7 @@ HOMEPAGE= http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/c COMMENT= Root CA certificates from the Mozilla Project LICENSE= mpl-1.1 OR gnu-gpl-v2 OR gnu-lgpl-v2.1 -USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run +USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run CERTDATA_DATE= 20121229 CERTDATA= certdata-${CERTDATA_DATE}.txt @@ -20,11 +21,19 @@ WRKSRC= ${WRKDIR} BUILD_DIRS= # empty DATADIR= ${PREFIX}/share/${PKGBASE} +CHECK_BUILTIN.openssl= yes +.include "../../security/openssl/builtin.mk" +.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +SSLDIR= /etc/openssl/certs +.else +SSLDIR= ${PKG_SYSCONFDIR}/openssl/certs +.endif + SUBST_CLASSES= paths SUBST_MESSAGE.paths= Replacing hard-coded paths. SUBST_STAGE.paths= post-configure SUBST_FILES.paths= mozilla-rootcerts.sh -SUBST_VARS.paths= AWK ECHO EXPR LN LS RM DATADIR +SUBST_VARS.paths= AWK ECHO EXPR LN LS RM DATADIR MKDIR SSLDIR SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g' INSTALLATION_DIRS= sbin ${DATADIR} diff --git a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh index 4638303ec3e..aacb1a2c106 100644 --- a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh +++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: mozilla-rootcerts.sh,v 1.4 2011/09/08 19:46:01 drochner Exp $ +# $NetBSD: mozilla-rootcerts.sh,v 1.5 2013/03/15 16:14:55 bsiegert Exp $ # # This script is meant to be used as follows: # @@ -14,15 +14,18 @@ : ${EXPR=@EXPR@} : ${LN=@LN@} : ${LS=@LS@} +: ${MKDIR=@MKDIR@} : ${OPENSSL=@OPENSSL@} +: ${SSLDIR=@SSLDIR@} : ${RM=@RM@} self="mozilla-rootcerts" certfile="@DATADIR@/certdata.txt" +certdir="/etc/ssl/certs" usage() { - ${ECHO} 1>&2 "usage: $self [-f certfile] extract|rehash" + ${ECHO} 1>&2 "usage: $self [-f certfile] extract|rehash|install" exit $1 } @@ -173,4 +176,25 @@ extract) } }' ;; +install) + if [ ! -d $SSLDIR ]; then + ${ECHO} 1>&2 "ERROR: $SSLDIR does not exist, aborting." + exit 1 + fi + cd $SSLDIR + if [ -n "`${LS}`" ]; then + ${ECHO} 1>&2 "ERROR: $SSLDIR already contains certificates, aborting." + exit 1 + fi + set -e + $self extract + $self rehash + set +e + if [ -d $certdir ]; then + ${ECHO} 1>&2 "ERROR: $certdir already exists, aborting." + exit 1 + fi + set -e + $MKDIR $certdir + cat $SSLDIR/*.pem > $certdir/ca-certificates.crt esac |