aboutsummaryrefslogtreecommitdiffstats
path: root/main/ca-certificates/APKBUILD
blob: 6a4d7ab8d616df8908ed4c73726d6ac38f8f4b75 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20191127
pkgrel=7
pkgdesc="Common CA certificates PEM files from Mozilla"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
# There is a GPL-2.0-or-later script inside the source but it is not shipped
license="MPL-2.0 AND MIT"
makedepends_build="perl"
makedepends_host="openssl1.1-compat-dev"
subpackages="$pkgname-doc $pkgname-bundle"
# c_rehash is either in libcrypto1.0 or openssl depending on package, grr.  replace both of them
replaces="libcrypto1.0 openssl openssl1.0"
options="!fhs !check"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2
	0001-update-ca-fix-compiler-warning.patch
	0002-replace-python-script-with-perl-script.patch
	0003-update-ca-insert-newline-between-certs.patch
	"

build() {
	make
	# remove expired cert (https://gitlab.alpinelinux.org/alpine/aports/issues/11607)
	rm AddTrust_External_Root.crt
}

package() {
	make install DESTDIR="$pkgdir"

	(
		echo "# Automatically generated by $pkgname-$pkgver-$pkgrel"
		echo "# $(date -u)"
		echo "# Do not edit."
		cd "$pkgdir"/usr/share/ca-certificates
		find . -name '*.crt' | sort | cut -b3-
	) > "$pkgdir"/etc/ca-certificates.conf

	# generate the bundle in similar way as update-ca-certificates would do
	for i in $(ls *.crt | sort); do
		cat "$i"
		printf "\n"
	done > "$pkgdir"/etc/ssl/certs/ca-certificates.crt

	mkdir -p "$pkgdir"/etc/apk/protected_paths.d
	cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
		-etc/ssl/certs/ca-certificates.crt
		-etc/ssl/certs/ca-cert-*.pem
		-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
	EOF

	cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
		#!/bin/sh
		exec /usr/bin/c_rehash /etc/ssl/certs
	EOF
	chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash
}

bundle() {
	pkgdesc="Pre generated bundle of Mozilla certificates"
	replaces="libressl2.7-libcrypto"
	provides="$pkgname-cacert=$pkgver-r$pkgrel"
	mkdir -p "$subpkgdir"/etc/ssl/certs
	mv "$pkgdir"/etc/ssl/certs/ca-certificates.crt \
		"$subpkgdir"/etc/ssl/certs/
	ln -s certs/ca-certificates.crt \
		"$subpkgdir"/etc/ssl/cert.pem
}

sha512sums="05e3a11efd80ea88eb81774e084febe4b8d1fa48f01f49e5ed3d469e10a2769260a264faed42ea3a0b725659cda1cc4a67ce5575fe04cdff9dc1c08207911c9b  ca-certificates-20191127.tar.bz2
aafe6d9047380fc403792fbf27146dc9c0532ef401e6eb9bd8b533c110f902cad0a66701cf3563ad625d07ae54619e9f2f3091ec14772b92e178dbed142ecd97  0001-update-ca-fix-compiler-warning.patch
4d9c71b9ea0596f5efaa188f244b7ab587f96c218bb6fed01f11e34c553909f65bbe660156f8300be9511ae50614661c5dcd3b493ac146a8e888f62fc52bd9d4  0002-replace-python-script-with-perl-script.patch
051b5d78916ee7389dfbd4e8871aab720415bd6e9ee0313dba770fc40ee7c68ac67d7918f2503458a3218e3bfc10691b5e379b65269106fde02c7e7a36eb7595  0003-update-ca-insert-newline-between-certs.patch"