blob: b3d7084abcdacd1b05f5979facc87571024817ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20191127
pkgrel=2
pkgdesc="Common CA certificates PEM files from Mozilla"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
license="MPL-2.0 GPL-2.0-or-later"
depends=""
makedepends="python3 openssl-dev"
subpackages="$pkgname-doc $pkgname-cacert"
# c_rehash is either in libcrypto1.0 or openssl depending on package, grr. replace both of them
replaces="libcrypto1.0 openssl openssl1.0"
options="!fhs !check"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2
0003-update-ca-insert-newline-between-certs.patch
"
builddir="$srcdir/ca-certificates-$pkgver"
build() {
cd "$builddir"
make
# remove expired cert (https://gitlab.alpinelinux.org/alpine/aports/issues/11607)
rm AddTrust_External_Root.crt
}
package() {
cd "$builddir"
make install DESTDIR="$pkgdir"
(
echo "# Automatically generated by ${pkgname}-${pkgver}-${pkgrel}"
echo "# $(date -u)"
echo "# Do not edit."
cd "$pkgdir"/usr/share/ca-certificates
find . -name '*.crt' | sort | cut -b3-
) > "$pkgdir"/etc/ca-certificates.conf
mkdir -p "$pkgdir"/etc/apk/protected_paths.d
cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
-etc/ssl/certs/ca-certificates.crt
-etc/ssl/certs/ca-cert-*.pem
-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
EOF
cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
#!/bin/sh
exec /usr/bin/c_rehash /etc/ssl/certs
EOF
chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash
}
cacert() {
pkgdesc="Mozilla bundled certificates"
replaces="libressl2.7-libcrypto"
mkdir -p "$subpkgdir"/etc/ssl
cat "$pkgdir"/usr/share/ca-certificates/mozilla/*.crt > \
"$subpkgdir"/etc/ssl/cert.pem
}
sha512sums="05e3a11efd80ea88eb81774e084febe4b8d1fa48f01f49e5ed3d469e10a2769260a264faed42ea3a0b725659cda1cc4a67ce5575fe04cdff9dc1c08207911c9b ca-certificates-20191127.tar.bz2
051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595 0003-update-ca-insert-newline-between-certs.patch"
|
