source: spec/trunk/SPECS/ca-certificates.spec@ 689

Last change on this file since 689 was 258, checked in by Yuri Dario, 14 years ago

spec: CA certificates, initial build.
File size: 3.5 KB
Line 
1#
2# YD must point to local java installation!
3%define java_dir d:/os2/java160
4
5# certdata.txt is generated by extracting it from Mozilla CVS.
6# This is done by running:
7#
8# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot \
9# co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
10# > certdata.txt
11#
12# Keep the RCS version in sync with the spec Version.
13
14%define pkidir %{_sysconfdir}/pki
15
16Summary: The Mozilla CA root certificate bundle
17Name: ca-certificates
18Version: 2011.80
19Release: 1%{?dist}
20License: Public Domain
21Group: System Environment/Base
22URL: http://www.mozilla.org/
23
24Source0: ca-certificates.zip
25
26BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
27#BuildRequires: java-openjdk, rcs
28BuildRequires: perl, python
29BuildArch: noarch
30
31%description
32This package contains the set of CA certificates chosen by the
33Mozilla Foundation for use with the Internet PKI.
34
35%prep
36%setup -c
37mkdir certs java
38
39%build
40
41cp certdata.txt certs
42cp blacklist.txt certs
43cd certs
44python ../certdata2pem.py
45cd ..
46
47 (
48 cat <<EOF
49# This is a bundle of X.509 certificates of public Certificate
50# Authorities. It was generated from the Mozilla root CA list.
51#
52# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
53#
54# Generated from:
55EOF
56 ident -q certdata.txt | sed '1d;s/^/#/';
57 echo '#';
58 ) > ca-bundle.crt
59 (
60 cat <<EOF
61# This is a bundle of X.509 certificates of public Certificate
62# Authorities. It was generated from the Mozilla root CA list.
63# These certificates are in the OpenSSL "TRUSTED CERTIFICATE"
64# format and have trust bits set accordingly.
65#
66# Source: mozilla/security/nss/lib/ckfw/builtins/certdata.txt
67#
68# Generated from:
69EOF
70 ident -q certdata.txt | sed '1d;s/^/#/';
71 echo '#';
72 ) > ca-bundle.trust.crt
73 for f in certs/*.crt; do
74 tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
75 case $tbits in
76 *serverAuth*) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
77 esac
78 if [ -n "$tbits" ]; then
79 targs=""
80 for t in $tbits; do
81 targs="${targs} -addtrust $t"
82 done
83 openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
84 fi
85 done
86
87 export PATH="%{java_dir}/bin${PATH:+;$PATH}"
88 export BEGINLIBPATH="%{java_dir}/bin${BEGINLIBPATH:+;$BEGINLIBPATH}"
89
90 cd java
91 test -s ../ca-bundle.crt || exit 1
92 %{__perl} ../generate-cacerts.pl %{java_dir}/bin/keytool.exe ../ca-bundle.crt
93 touch -r ../certdata.txt cacerts
94 cd ..
95
96%install
97rm -rf $RPM_BUILD_ROOT
98
99mkdir -p $RPM_BUILD_ROOT%{pkidir}/tls/certs
100mkdir -p $RPM_BUILD_ROOT%{pkidir}/java
101
102install -p -m 644 ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
103install -p -m 644 ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
104ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
105touch -r certdata.txt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
106touch -r certdata.txt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
107
108# Install Java cacerts file.
109mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
110install -p -m 644 java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
111
112# /etc/ssl/certs symlink for 3rd-party tools
113mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
114ln -s ../pki/tls/certs $RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs
115
116%clean
117rm -rf $RPM_BUILD_ROOT
118
119%files
120%defattr(-,root,root,-)
121%dir %{pkidir}/java
122%config(noreplace) %{pkidir}/java/cacerts
123%dir %{pkidir}/tls
124%dir %{pkidir}/tls/certs
125%config(noreplace) %{pkidir}/tls/certs/ca-bundle.*crt
126%{pkidir}/tls/cert.pem
127%dir %{_sysconfdir}/ssl
128%{_sysconfdir}/ssl/certs
129
130%changelog
131* Thu Jan 5 2012 yd
132- initial build
Note: See TracBrowser for help on using the repository browser.