Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security Add ca-certificates-20190110



details:   https://anonhg.NetBSD.org/pkgsrc/rev/be8bd4504937
branches:  trunk
changeset: 433174:be8bd4504937
user:      kim <kim%pkgsrc.org@localhost>
date:      Sun May 31 15:53:44 2020 +0000

description:
Add ca-certificates-20190110

This package provides the certificates distributed by the Mozilla
Project.

It also provides a script, update-ca-certs, which can be used to manage
a location that makes certificates usable by TLS implementations,
including installing select certificates from this package.

diffstat:

 security/Makefile                                   |    3 +-
 security/ca-certificates/DESCR                      |    6 +
 security/ca-certificates/INSTALL                    |    7 +
 security/ca-certificates/MESSAGE                    |   24 +++
 security/ca-certificates/Makefile                   |   68 ++++++++++
 security/ca-certificates/PLIST                      |  132 ++++++++++++++++++++
 security/ca-certificates/distinfo                   |    6 +
 security/ca-certificates/files/ca-certificates.conf |    8 +
 8 files changed, 253 insertions(+), 1 deletions(-)

diffs (296 lines):

diff -r dcac54b8b9ec -r be8bd4504937 security/Makefile
--- a/security/Makefile Sun May 31 15:49:15 2020 +0000
+++ b/security/Makefile Sun May 31 15:53:44 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.761 2020/05/26 22:33:20 adam Exp $
+# $NetBSD: Makefile,v 1.762 2020/05/31 15:53:44 kim Exp $
 #
 
 COMMENT=       Security tools
@@ -34,6 +34,7 @@
 SUBDIR+=       boringssl
 SUBDIR+=       botan
 SUBDIR+=       botan-devel
+SUBDIR+=       ca-certificates
 SUBDIR+=       caff
 SUBDIR+=       ccid
 SUBDIR+=       cfs
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/DESCR
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/DESCR    Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,6 @@
+This package provides the certificates distributed by the Mozilla
+Project.
+
+It also provides a script, update-ca-certs, which can be used to manage
+a location that makes certificates usable by TLS implementations,
+including installing select certificates from this package.
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/INSTALL
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/INSTALL  Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,7 @@
+# $NetBSD: INSTALL,v 1.1 2020/05/31 15:53:44 kim Exp $
+
+case ${STAGE} in
+POST-INSTALL)
+       @PREFIX@/sbin/update-ca-certificates
+       ;;
+esac
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/MESSAGE
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/MESSAGE  Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,24 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2020/05/31 15:53:44 kim Exp $
+
+Execute this command to install and rehash select CA root certificates
+distributed by the Mozilla Project, so that they can be used by third
+party applications using OpenSSL. It also creates a single file
+certificate bundle in PEM format which can be used by applications using
+GnuTLS.
+
+       # update-ca-certificates
+
+You can edit /etc/ca-certificates.conf to configure which certificates are
+installed. Additionally any certificates in /usr/local/share/ca-certificates
+will be installed.
+
+To mark these certificates as trusted for users of gnupg2, do
+the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
+
+       # mkdir -p /usr/pkg/etc/gnupg
+       # cd /usr/pkg/etc/gnupg
+       # for c in /etc/openssl/certs/*.pem; do
+       > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
+       > done > trustlist.txt
+===========================================================================
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/Makefile Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,68 @@
+# $NetBSD: Makefile,v 1.1 2020/05/31 15:53:44 kim Exp $
+
+PKGNAME=       ca-certificates-20190110
+DISTNAME=      ${PKGNAME:C/-([^-]*)$/_\1/}
+CATEGORIES=    security
+MASTER_SITES=  http://deb.debian.org/debian/pool/main/c/ca-certificates/
+EXTRACT_SUFX=  .tar.xz
+
+MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=      https://packages.debian.org/source/sid/ca-certificates
+COMMENT=       Root CA certificates from the Mozilla Project
+LICENSE=       gnu-gpl-v2 AND mpl-2.0
+
+NO_CONFIGURE=          yes
+PYTHON_FOR_BUILD_ONLY= yes
+
+USE_TOOLS=     awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run
+
+WRKSRC=                ${WRKDIR}/${PKGNAME_NOREV}
+DATADIR=       ${PREFIX}/share/${PKGBASE}
+EGDIR=         ${PREFIX}/share/examples/${PKGBASE}
+
+# Set paths depending on whether we depend on builtin or pkgsrc
+# openssl.  \todo Arguably, we should consider installing into both
+# builtin and pkgsrc, if both exist, but this requires much more
+# thought.
+CHECK_BUILTIN.openssl= yes
+.include "../../security/openssl/builtin.mk"
+CHECK_BUILTIN.openssl= no
+.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
+SSLDIR=                /etc/openssl
+.else
+SSLDIR=                ${PKG_SYSCONFDIR}/openssl
+.endif
+
+SUBST_CLASSES=         conf paths
+SUBST_MESSAGE.conf=    Adjusting configuration file.
+SUBST_STAGE.conf=      post-build
+SUBST_FILES.conf=      ca-certificates.conf
+SUBST_SED.conf=                -e 's,^share/ca-certificates/,,'
+SUBST_MESSAGE.paths=   Replacing hard-coded paths.
+SUBST_STAGE.paths=     post-build
+SUBST_FILES.paths=     Makefile sbin/Makefile
+SUBST_FILES.paths+=    ca-certificates.conf
+SUBST_FILES.paths+=    sbin/update-ca-certificates sbin/update-ca-certificates.8
+SUBST_SED.paths=       -e 's,/usr/sbin,${PREFIX}/sbin,g'
+SUBST_SED.paths+=      -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g'
+SUBST_SED.paths+=      -e 's,/etc/ssl,${SSLDIR},g'
+SUBST_SED.paths+=      -e 's,/usr/share/ca-certificates,${DATADIR},g'
+
+INSTALLATION_DIRS=     sbin ${DATADIR} ${EGDIR} share/man/man8
+
+CONF_FILES=            ${EGDIR}/ca-certificates.conf \
+                       ${PKG_SYSCONFDIR}/ca-certificates.conf
+
+pre-build:
+       @${CP} ${FILESDIR}/ca-certificates.conf ${WRKSRC}/
+       @${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \
+           >> ${WRKSRC}/ca-certificates.conf
+
+post-install:
+       ${INSTALL_MAN} ${WRKSRC}/sbin/update-ca-certificates.8 \
+           ${DESTDIR}${PREFIX}/share/man/man8/update-ca-certificates.8
+       ${INSTALL_DATA} ${WRKSRC}/ca-certificates.conf \
+           ${DESTDIR}${EGDIR}/ca-certificates.conf
+
+.include "../../lang/python/tool.mk"
+.include "../../mk/bsd.pkg.mk"
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/PLIST
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/PLIST    Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,132 @@
+@comment $NetBSD: PLIST,v 1.1 2020/05/31 15:53:44 kim Exp $
+sbin/update-ca-certificates
+share/ca-certificates/mozilla/ACCVRAIZ1.crt
+share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
+share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
+share/ca-certificates/mozilla/AddTrust_External_Root.crt
+share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
+share/ca-certificates/mozilla/AffirmTrust_Networking.crt
+share/ca-certificates/mozilla/AffirmTrust_Premium.crt
+share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
+share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
+share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
+share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
+share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
+share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
+share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
+share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
+share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
+share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
+share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
+share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
+share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
+share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
+share/ca-certificates/mozilla/Certigna.crt
+share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
+share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
+share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
+share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
+share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
+share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
+share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
+share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
+share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
+share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
+share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
+share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
+share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
+share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
+share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
+share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
+share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
+share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
+share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
+share/ca-certificates/mozilla/EC-ACC.crt
+share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt
+share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
+share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
+share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
+share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
+share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
+share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
+share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
+share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
+share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
+share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
+share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
+share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
+share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
+share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
+share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
+share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
+share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
+share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
+share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
+share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
+share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
+share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
+share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
+share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
+share/ca-certificates/mozilla/ISRG_Root_X1.crt
+share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
+share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
+share/ca-certificates/mozilla/Izenpe.com.crt
+share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt
+share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
+share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
+share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
+share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
+share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
+share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
+share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
+share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
+share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
+share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
+share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
+share/ca-certificates/mozilla/SecureSign_RootCA11.crt
+share/ca-certificates/mozilla/SecureTrust_CA.crt
+share/ca-certificates/mozilla/Secure_Global_CA.crt
+share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
+share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
+share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
+share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
+share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
+share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
+share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
+share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
+share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
+share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
+share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
+share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
+share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
+share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
+share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
+share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
+share/ca-certificates/mozilla/Taiwan_GRCA.crt
+share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
+share/ca-certificates/mozilla/TrustCor_ECA-1.crt
+share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
+share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
+share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
+share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
+share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
+share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
+share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
+share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
+share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
+share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
+share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
+share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
+share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
+share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt
+share/examples/ca-certificates/ca-certificates.conf
+share/man/man8/update-ca-certificates.8
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/distinfo
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/distinfo Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1 2020/05/31 15:53:44 kim Exp $
+
+SHA1 (ca-certificates_20190110.tar.xz) = 47d4584eae85fc905e4994766eb3930a8a84e2e1
+RMD160 (ca-certificates_20190110.tar.xz) = cbf8f474fba527dc96413632ac5874385bd38e17
+SHA512 (ca-certificates_20190110.tar.xz) = 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
+Size (ca-certificates_20190110.tar.xz) = 243472 bytes
diff -r dcac54b8b9ec -r be8bd4504937 security/ca-certificates/files/ca-certificates.conf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/ca-certificates/files/ca-certificates.conf       Sun May 31 15:53:44 2020 +0000
@@ -0,0 +1,8 @@
+# $NetBSD: ca-certificates.conf,v 1.1 2020/05/31 15:53:44 kim Exp $
+#
+# This file lists certificates that update-ca-certificates(8) will
+# select or deselect for installing in /etc/ssl/certs.
+#
+# A line beginning with # is a comment.
+# A line beginning with ! deselects the matching certificate file.
+#


Home | Main Index | Thread Index | Old Index