]> git.pld-linux.org Git - packages/ca-certificates.git/blame - ca-certificates.spec
projects / packages / ca-certificates.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
add link to 2eecd52
[packages/ca-certificates.git] / ca-certificates.spec
CommitLineData
8b300985
JR		 1# TODO
2# - cleanup dead links from /etc/openssl/certs after -update uninstall
7d6b3825
JR		 3# - https://bugzilla.mozilla.org/show_bug.cgi?id=549701 and
4# http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998#
8afb3237
ER		 5# - make amsn use system certs
6# - make pidgin use system certs
354e0f44 7# - swap %{certsdir}/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt regards file vs symlink
7d6b3825 8#
460ad8a7
JB		 9# Conditional build:
10%bcond_without tests # skip duplicates check
9a2204c0 11
8bb152c1 12Summary: Common CA Certificates PEM files
500a6231 13Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
8bb152c1 14Name: ca-certificates
2b01365b 15Version: 20160104
2eecd52c 16Release: 3
c26c6065 17License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
9a2204c0 18Group: Base
fba66a45 19Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
2b01365b 20# Source0-md5: d9665a83d0d3ef8176a38e6aa20458e9
6c894e75 21Source1: https://www.verisign.com/support/thawte-roots.zip
59b34d92 22# Source1-md5: 21a284ebdc6e8f4178d5cc10fb9e1ef2
ed111db5
JR		 23Source2: http://www.certum.pl/keys/CA.pem
24# Source2-md5: 35610177afc9c64e70f1ce62c1885496
25Source3: http://www.certum.pl/keys/level1.pem
26# Source3-md5: ba2d2e234ef9cfd2e6e5f810c964862e
27Source4: http://www.certum.pl/keys/level2.pem
28# Source4-md5: d06578a04e8cb23071f3870430ea0cf0
29Source5: http://www.certum.pl/keys/level3.pem
30# Source5-md5: 47b67c63a52236576fc0d1150327c962
31Source6: http://www.certum.pl/keys/level4.pem
32# Source6-md5: f1f8a65d177745311a1e99f029ae5d71
33Source7: http://www.certum.pl/keys/vs.pem
34# Source7-md5: 8da19ffc48c5dcc2868b1aa55f1d5983
35Source8: http://www.certum.pl/keys/na.pem
36# Source8-md5: ba571cb35e7672ff7ae95132ac1bfec4
37Source9: http://www.certum.pl/keys/tsa.pem
38# Source9-md5: 1a7b3faf8ed00f4d80297de74862e102
39Source10: http://www.certum.pl/keys/class1.pem
40# Source10-md5: 058436b132ea2df6972821f546104a16
41Source11: http://www.certum.pl/keys/class2.pem
42# Source11-md5: 5caf7fe99b1fc6e63c40b3d081711d1b
43Source12: http://www.certum.pl/keys/class3.pem
44# Source12-md5: 07bc97e21da092ba53535c7379e1b58b
45Source13: http://www.certum.pl/keys/class4.pem
46# Source13-md5: 99ef61d509539af89f1c025b67245965
a4e3ff05
AZ		 47Source14: http://www.certum.pl/CTNCA.pem
48# Source14-md5: 231b5b8bf05c5e93a9b2ebc4186eb6f7
49Source15: http://repository.certum.pl/class1casha2.pem
50# Source15-md5: b52dde6e2618a21965afbe6d6676d09f
51Source16: http://repository.certum.pl/dvcasha2.pem
52# Source16-md5: 88ce64a84375c95ab6f7c8515dd2a117
53Source17: http://repository.certum.pl/ovcasha2.pem
54# Source17-md5: 3149c923bd23469d6b14caa6334f8b63
55Source18: http://repository.certum.pl/evcasha2.pem
56# Source18-md5: ac54dc6cf3af7e243879b1c8b4aca8a3
57#Source19: http://repository.certum.pl/dvcasha2.pem
58## Source19-md5: 88ce64a84375c95ab6f7c8515dd2a117
59Source20: http://repository.certum.pl/gscasha2.pem
60# Source20-md5: a29d37f95dafc08cef36015922e3b0d3
61Source21: http://crt.tcs.terena.org/TERENASSLCA.crt
62# Source21-md5: f62cd1546a8ef14e31ba1ce8eecd234a
63Source22: http://crt.tcs.terena.org/TERENAeScienceSSLCA.crt
64# Source22-md5: 5feea35ab01a373f115219706f1f57bd
65Source23: http://crt.tcs.terena.org/TERENAPersonalCA.crt
66# Source23-md5: 53eaa497c8fb0b79f14fe9f69693689a
67Source24: http://crt.tcs.terena.org/TERENAeSciencePersonalCA.crt
68# Source24-md5: e25cc655d3ebe920ca9c187e3dde9191
69Source25: http://crt.tcs.terena.org/TERENACodeSigningCA.crt
70# Source25-md5: 74c9f511ab03a4e6b7462e310abfa89b
71Source26: http://www.sk.ee/upload/files/JUUR-SK.PEM.cer
72# Source26-md5: 805784c06c9eff3771a4b9bd631cd3f5
73Source27: http://www.sk.ee/upload/files/ESTEID-SK.PEM.cer
74# Source27-md5: 387beee5b8539ab7d91628f486295899
75Source28: http://www.sk.ee/upload/files/ESTEID-SK%202007.PEM.cer?/ESTEID-SK_2007.PEM.cer
76# Source28-md5: 2b1a2a77f565d68fdf5f19f6cc3a5600
77Source29: http://www.sk.ee/upload/files/ESTEID-SK%202011.pem.cer?/ESTEID-SK_2011.pem.cer
78# Source29-md5: cfcc1e592cb0ff305158a7e32730546c
a0243bec
AO		 79Source30: http://www.terena.org/activities/tcs/repository/sha2/TERENA_SSL_CA_2.pem
80# Source30-md5: 96700974350cecfcfbd904d52c3a3942
81Source31: http://www.terena.org/activities/tcs/repository/sha2/TERENA_Personal_CA_2.pem
82# Source31-md5: d40e5c821f8559faf5bcd55eac5e1371
83Source32: http://www.terena.org/activities/tcs/repository/sha2/TERENA_Code_Signing_CA_2.pem
84# Source32-md5: 69ff653e730adf87ff59bf373950b357
85Source33: http://www.terena.org/activities/tcs/repository-g3/TERENA_SSL_CA_3.pem
86# Source33-md5: b22ed904900ed6b3bc129f9a35ba5a66
87Source34: http://www.terena.org/activities/tcs/repository-g3/TERENA_Personal_CA_3.pem
88# Source34-md5: eb5ddefe94750c2f8d4f11cb1f3af911
89Source35: http://www.terena.org/activities/tcs/repository-g3/TERENA_Code_Signing_CA_3.pem
90# Source35-md5: 43375a208fba0a5e73f1912faa4db86d
91Source36: http://www.terena.org/activities/tcs/repository-g3/TERENA_SSL_High_Assurance_CA_3.pem
92# Source36-md5: 6e00d9ede4460e739eb285ea023299f0
2eecd52c
AM		 93Source37: https://letsencrypt.org/certs/isrgrootx1.pem.txt
94# Source37-md5: c73c30ef692eb5be150caad88210e891
95Source38: https://letsencrypt.org/certs/letsencryptauthorityx1.pem.txt
96# Source38-md5: 7a4c9a537127f609035ad7f4019defdb
97Source39: https://letsencrypt.org/certs/letsencryptauthorityx2.pem.txt
98# Source39-md5: 27b0b8f7ef14356d8f717bc083c43ef1
4619b3d9 99Patch0: %{name}-undebianize.patch
ed111db5 100Patch1: %{name}-more-certs.patch
c7360e68 101Patch2: %{name}-etc-certs.patch
302ace1c 102Patch3: %{name}-c_rehash.sh.patch
93ad0ea1
JR		 103Patch5: %{name}-DESTDIR.patch
104Patch6: %{name}.d.patch
4d7c72ae 105URL: https://packages.debian.org/sid/ca-certificates
c3918bf2 106BuildRequires: openssl-tools
d75b32da 107BuildRequires: python >= 1:2.6
65bcbc85 108BuildRequires: python-modules
9af0daca 109BuildRequires: rpm >= 4.4.9-56
55905e01 110BuildRequires: sed >= 4.0
fba66a45 111BuildRequires: tar >= 1:1.22
ed111db5 112BuildRequires: unzip
fba66a45 113BuildRequires: xz
ed111db5 114Obsoletes: certificates
5352fc69 115BuildArch: noarch
8bb152c1
ER		 116BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
117
850133d0 118%define certsdir /etc/certs
94338ec5 119%define openssldir /etc/openssl/certs
850133d0 120
8bb152c1 121%description
500a6231
JB		 122Common CA Certificates PEM files.
123
124%description -l pl.UTF-8
125Pliki PEM popularnych certyfikatów CA.
8bb152c1 126
302ace1c
JR		 127%package update
128Summary: Script for updating CA Certificates database
129Summary(pl.UTF-8): Skrypt do odświeżania bazy certyfikatów CA
130Group: Libraries
6c894e75 131Requires: %{name} = %{version}-%{release}
74154eae 132Requires: mktemp
9af0daca 133%if "%{pld_release}" == "ac"
9b4bd725 134Requires: openssl-tools >= 0.9.7m-6.3
9af0daca 135%else
c3918bf2 136Requires: openssl-tools >= 0.9.8i-3
9af0daca 137%endif
302ace1c
JR		 138
139%description update
140Script and data for updating CA Certificates database.
141
6c894e75 142%description update -l pl.UTF-8
302ace1c
JR		 143Skrypt i dane do odświeżania bazy certyfikatów CA.
144
8bb152c1 145%prep
2b01365b
ER		 146%setup -qc
147mv %{name}/* .
ed111db5
JR		 148%patch0 -p1
149%patch1 -p1
c7360e68 150%patch2 -p1
302ace1c 151%patch3 -p1
835b9580 152%patch5 -p1
94338ec5 153%patch6 -p1
ed111db5 154
9af0daca
ER		 155%{__sed} -i -e 's,@openssldir@,%{openssldir},' sbin/update-ca-certificates*
156
156426d3 157%{__unzip} -qq %{SOURCE1} -d thawte
156426d3 158
ca146b29
AM		 159find thawte/ -name *.pem -o -name *.txt| while read f ; do
160 if (file "$f" | grep -q "PEM"); then
161 ff=$(echo $f | sed -e 's|[ ,]|_|g' -e 's|[()]|=|g')
162 nname=$(basename "$ff" .pem)
163 nname=$(basename "$nname" .txt)
164 nname=$(basename "$nname" _b64)
1180a18f 165 cp -pi "$f" "thawte/${nname}.crt"
ca146b29
AM		 166 else
167 echo "Skipping $f, doesn't look like PEM CERT"
168 fi
ed111db5
JR		 169done
170
171install -d certum
1180a18f
ER		 172cp -pi %{SOURCE2} certum
173cp -pi %{SOURCE3} certum
174cp -pi %{SOURCE4} certum
175cp -pi %{SOURCE5} certum
176cp -pi %{SOURCE6} certum
177cp -pi %{SOURCE7} certum
178cp -pi %{SOURCE8} certum
179cp -pi %{SOURCE9} certum
180cp -pi %{SOURCE10} certum
181cp -pi %{SOURCE11} certum
182cp -pi %{SOURCE12} certum
183cp -pi %{SOURCE13} certum
a4e3ff05
AZ		 184cp -pi %{SOURCE14} certum
185cp -pi %{SOURCE15} certum
186cp -pi %{SOURCE16} certum
187cp -pi %{SOURCE17} certum
188cp -pi %{SOURCE18} certum
189#cp -pi %{SOURCE19} certum
190cp -pi %{SOURCE20} certum
ebf0e82f 191for a in certum/*.pem; do
ca146b29 192 mv -i "$a" "${a%.pem}.crt"
ed111db5
JR		 193done
194
1180a18f
ER		 195# http://www.sk.ee/en/Repository/certs/rootcertificates
196# JUUR-SK, ESTEID-SK and ESTEID-SK 2007, ESTEID-SK 2011
2190f9b1 197install -d esteid
a4e3ff05
AZ		 198cp -pi %{SOURCE26} esteid
199cp -pi %{SOURCE27} esteid
200cp -pi %{SOURCE28} esteid/ESTEID-SK_2007.crt
201cp -pi %{SOURCE29} esteid/ESTEID-SK_2011.crt
2190f9b1 202for a in esteid/*.PEM.cer; do
ca146b29 203 mv -i "$a" "${a%.PEM.cer}.crt"
2190f9b1
ER		 204done
205
9bd7e1ac
ER		 206# 2eecd52 - add letsencrypt certificates (approved by mozilla) <Arkadiusz Miśkiewicz>
207# https://bugzilla.mozilla.org/show_bug.cgi?id=1204656
2eecd52c
AM		 208install -d mozilla
209cp -pi %{SOURCE37} mozilla/$(basename %{SOURCE37} .pem.txt).crt
210cp -pi %{SOURCE38} mozilla/$(basename %{SOURCE38} .pem.txt).crt
211cp -pi %{SOURCE39} mozilla/$(basename %{SOURCE39} .pem.txt).crt
212
ed111db5 213%build
277121c2 214install -d terena
a4e3ff05
AZ		 215openssl x509 -inform DER -in %{SOURCE21} -outform PEM -out terena/$(basename %{SOURCE21})
216openssl x509 -inform DER -in %{SOURCE22} -outform PEM -out terena/$(basename %{SOURCE22})
217openssl x509 -inform DER -in %{SOURCE23} -outform PEM -out terena/$(basename %{SOURCE23})
218openssl x509 -inform DER -in %{SOURCE24} -outform PEM -out terena/$(basename %{SOURCE24})
219openssl x509 -inform DER -in %{SOURCE25} -outform PEM -out terena/$(basename %{SOURCE25})
a0243bec
AO		 220cp %{SOURCE30} terena/$(basename %{SOURCE30} .pem).crt
221cp %{SOURCE31} terena/$(basename %{SOURCE31} .pem).crt
222cp %{SOURCE32} terena/$(basename %{SOURCE32} .pem).crt
223sed 's/\r//' %{SOURCE33} > terena/$(basename %{SOURCE33} .pem).crt
224sed 's/\r//' %{SOURCE34} > terena/$(basename %{SOURCE34} .pem).crt
225sed 's/\r//' %{SOURCE35} > terena/$(basename %{SOURCE35} .pem).crt
226sed 's/\r//' %{SOURCE36} > terena/$(basename %{SOURCE36} .pem).crt
277121c2 227
ed111db5
JR		 228%{__make}
229
230# We have those and more in specific dirs
460ad8a7 231%{__rm} mozilla/{thawte,Certum,IGC_A,Deutsche_Telekom_Root_CA_2,Juur-SK}*.crt
8bb152c1 232
2e4da516 233# Duplicate with Verisign_Class_3_Public_Primary_Certification_Authority_2.crt
460ad8a7 234%{__rm} thawte/Class_3_Public_Primary_Certification_Authority.crt
2e4da516 235
7d6b3825 236# See TODO
460ad8a7 237# %{__rm} mozilla/RSA_Security_1024_v3.crt
7d6b3825 238
8bb152c1
ER		 239%install
240rm -rf $RPM_BUILD_ROOT
354e0f44 241install -d $RPM_BUILD_ROOT{%{_datadir}/%{name},%{_sbindir},%{certsdir},/etc/pki/tls/certs,%{_sysconfdir}/ca-certificates.d}
8bb152c1
ER		 242%{__make} install \
243 DESTDIR=$RPM_BUILD_ROOT
244
55905e01
JR		 245find $RPM_BUILD_ROOT%{_datadir}/ca-certificates -name '*.crt' -exec sed -i -e 's/\r$//' {} \;
246
8bb152c1
ER		 247(
248cd $RPM_BUILD_ROOT%{_datadir}/ca-certificates
249find . -name '*.crt' | sort | cut -b3-
250) > $RPM_BUILD_ROOT%{_sysconfdir}/ca-certificates.conf
251
94338ec5
ER		 252# build %{certsdir}/ca-certificates.crt
253install -d $RPM_BUILD_ROOT%{openssldir}
254./sbin/update-ca-certificates --destdir $RPM_BUILD_ROOT
255rm -rf $RPM_BUILD_ROOT%{openssldir}
8bb152c1 256
354e0f44
ER		 257ln -s %{certsdir}/ca-certificates.crt $RPM_BUILD_ROOT/etc/pki/tls/certs/ca-bundle.crt
258
2e4da516
AM		 259%if %{with tests}
260install -d pld-tests
261cd pld-tests
262
263# check for duplicates (to avoid X509_STORE_add_cert "cert already in hash table" problem)
264cat $RPM_BUILD_ROOT/%{certsdir}/ca-certificates.crt | awk '/BEGIN/ { i++; } /BEGIN/, /END/ { print > i ".extracted.crt" }'
265for cert in *.extracted.crt; do
266 openssl x509 -in "$cert" -noout -sha1 -fingerprint > "$cert.fingerprint"
267done
268DUPLICATES=$(sort *.fingerprint | uniq -c | sort -nr | awk ' { if ($1 != 1) { print $0; } } ')
269if [ -n "$DUPLICATES" ]; then
270 echo -e "\n\nFound duplicates for certificates (count, type, fingerprint):\n\n$DUPLICATES\n\nFailing..."
271 exit 1
272fi
273cd ..
274%endif
275
8bb152c1
ER		 276%clean
277rm -rf $RPM_BUILD_ROOT
278
302ace1c 279%post update
ed9496cb 280%{_sbindir}/update-ca-certificates --fresh || :
8bb152c1
ER		 281
282%files
283%defattr(644,root,root,755)
3dc5e4ea 284%doc debian/README.Debian debian/changelog
a4417de9 285%dir /etc/pki/tls
354e0f44
ER		 286%dir /etc/pki/tls/certs
287%config(noreplace) %verify(not md5 mtime size) /etc/pki/tls/certs/ca-bundle.crt
850133d0 288%config(noreplace) %verify(not md5 mtime size) %{certsdir}/ca-certificates.crt
302ace1c
JR		 289
290%files update
291%defattr(644,root,root,755)
8bb152c1 292%attr(755,root,root) %{_sbindir}/update-ca-certificates
302ace1c 293%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ca-certificates.conf
53d36f70 294%dir %{_sysconfdir}/ca-certificates.d
8bb152c1 295%{_datadir}/ca-certificates
Common CA Certificates PEM files
This page took 0.080197 seconds and 4 git commands to generate.