# TODO
# - cleanup dead links from /etc/openssl/certs after -update uninstall
+# - deal with removed (renamed) certs on upgrade (as new config is created as
+# .rpmnew). create some merge tool (or split /etc/ca-certificates.conf to
+# /etc/ca-certificates.d): http://pastebin.com/04hZd2x0
#
# - https://bugzilla.mozilla.org/show_bug.cgi?id=549701 and
# http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/b6493a285ba79998#
+# - add certs noted in TODO file
#
Summary: Common CA Certificates PEM files
Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
Name: ca-certificates
-Version: 20090814
-Release: 13
+Version: 20110502+nmu1
+Release: 1
License: distributable
Group: Libraries
-Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}+nmu3.tar.gz
-# Source0-md5: 578be1c5a459cea3b243777c08610727
+Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.gz
+# Source0-md5: 13aed718a5cdd05b4086c93dafd4e1e2
Source1: https://www.verisign.com/support/thawte-roots.zip
# Source1-md5: a3709cc0279ef3fca4f86ea775066b18
Source2: http://www.certum.pl/keys/CA.pem
# Source19-md5: 805784c06c9eff3771a4b9bd631cd3f5
Source20: http://www.sk.ee/upload/files/ESTEID-SK.PEM.cer
# Source20-md5: 387beee5b8539ab7d91628f486295899
-Source21: http://www.sk.ee/upload/files/ESTEID-SK%202007.PEM.cer
+Source21: http://www.sk.ee/upload/files/ESTEID-SK%202007.PEM.cer#/ESTEID-SK_2007.PEM.cer
# Source21-md5: 2b1a2a77f565d68fdf5f19f6cc3a5600
-Source22: http://www.sk.ee/upload/files/ESTEID-SK%202011.pem.cer
+Source22: http://www.sk.ee/upload/files/ESTEID-SK%202011.pem.cer#/ESTEID-SK_2011.pem.cer
# Source22-md5: cfcc1e592cb0ff305158a7e32730546c
Patch0: %{name}-undebianize.patch
Patch1: %{name}-more-certs.patch
Skrypt i dane do odświeżania bazy certyfikatów CA.
%prep
-%setup -q -n %{name}-%{version}+nmu3
+%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
nname=$(basename "$ff" .pem)
nname=$(basename "$nname" .txt)
nname=$(basename "$nname" _b64)
- cp -i "$f" "thawte/${nname}.crt"
+ cp -pi "$f" "thawte/${nname}.crt"
else
echo "Skipping $f, doesn't look like PEM CERT"
fi
done
install -d certum
-cp -ai %{SOURCE2} certum
-cp -ai %{SOURCE3} certum
-cp -ai %{SOURCE4} certum
-cp -ai %{SOURCE5} certum
-cp -ai %{SOURCE6} certum
-cp -ai %{SOURCE7} certum
-cp -ai %{SOURCE8} certum
-cp -ai %{SOURCE9} certum
-cp -ai %{SOURCE10} certum
-cp -ai %{SOURCE11} certum
-cp -ai %{SOURCE12} certum
-cp -ai %{SOURCE13} certum
+cp -pi %{SOURCE2} certum
+cp -pi %{SOURCE3} certum
+cp -pi %{SOURCE4} certum
+cp -pi %{SOURCE5} certum
+cp -pi %{SOURCE6} certum
+cp -pi %{SOURCE7} certum
+cp -pi %{SOURCE8} certum
+cp -pi %{SOURCE9} certum
+cp -pi %{SOURCE10} certum
+cp -pi %{SOURCE11} certum
+cp -pi %{SOURCE12} certum
+cp -pi %{SOURCE13} certum
for a in certum/*.pem; do
mv -i "$a" "${a%.pem}.crt"
done
openssl x509 -inform DER -in %{SOURCE17} -outform PEM -out terena/$(basename %{SOURCE17})
openssl x509 -inform DER -in %{SOURCE18} -outform PEM -out terena/$(basename %{SOURCE18})
-# http://www.sk.ee/pages.php/0203040502#Root_certificates
-# JUUR-SK, ESTEID-SK and ESTEID-SK 2007
+# http://www.sk.ee/en/Repository/certs/rootcertificates
+# JUUR-SK, ESTEID-SK and ESTEID-SK 2007, ESTEID-SK 2011
install -d esteid
-cp -ai %{SOURCE19} esteid
-cp -ai %{SOURCE20} esteid
-cp -ai %{SOURCE21} esteid/ESTEID-SK_2007.crt
-cp -ai %{SOURCE22} esteid/ESTEID-SK_2011.crt
+cp -pi %{SOURCE19} esteid
+cp -pi %{SOURCE20} esteid
+cp -pi %{SOURCE21} esteid/ESTEID-SK_2007.crt
+cp -pi %{SOURCE22} esteid/ESTEID-SK_2011.crt
for a in esteid/*.PEM.cer; do
mv -i "$a" "${a%.PEM.cer}.crt"
done
%{__make}
# We have those and more in specific dirs
-rm mozilla/{Thawte,thawte,Certum,IGC_A,Deutsche_Telekom_Root_CA_2}*.crt
+rm mozilla/{Thawte,thawte,Certum,IGC_A,Deutsche_Telekom_Root_CA_2,Juur-SK}*.crt
# See TODO
# rm mozilla/RSA_Security_1024_v3.crt