rpms/ca-certificates
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- update to certdata.txt r1.63

Browse Source 
- use upstream RCS version in Version
This commit is contained in:
jorton 2010-04-07 09:40:17 +00:00
parent dc70b1f07b
commit b62ba6e474
5 changed files with 224 additions and 1444 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile
View File

@ -1,5 +1,5 @@
# Makefile for source rpm: ca-certificates # Makefile for source rpm: ca-certificates
# $Id: Makefile,v 1.3 2010/01/15 20:22:01 jorton Exp $ # $Id: Makefile,v 1.4 2010/01/18 09:23:31 jorton Exp $
NAME := ca-certificates NAME := ca-certificates
SPECFILE = $(firstword $(wildcard *.spec)) SPECFILE = $(firstword $(wildcard *.spec))
@ -19,3 +19,8 @@ MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif endif
include $(MAKEFILE_COMMON) include $(MAKEFILE_COMMON)
regenerate:
cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot \
co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
> certdata.txt

5
blacklist.txt
View File

@ -1,5 +0,0 @@
# One blacklist entry per line, corresponding to the label in certdata.txt.
# MD5 Collision Proof of Concept CA
"MD5 Collisions Forged Rogue CA 25c3"

19
ca-certificates.spec
View File

@ -1,13 +1,18 @@
### Note that mkcabundle.pl is used to generate ca-bundle.crt # certdata.txt is generated by extracting it from Mozilla CVS.
### before generating a source RPM, and is not used during the # This is done by running:
### build. #
# cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot \
# co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
# > certdata.txt
#
# Keep the RCS version in sync with the spec Version.
%define pkidir %{_sysconfdir}/pki %define pkidir %{_sysconfdir}/pki
Summary: The Mozilla CA root certificate bundle Summary: The Mozilla CA root certificate bundle
Name: ca-certificates Name: ca-certificates
Version: 2010 Version: 2010.63
Release: 4%{?dist} Release: 1%{?dist}
License: Public Domain License: Public Domain
Group: System Environment/Base Group: System Environment/Base
URL: http://www.mozilla.org/ URL: http://www.mozilla.org/
@ -107,6 +112,10 @@ rm -rf $RPM_BUILD_ROOT
%{pkidir}/tls/cert.pem %{pkidir}/tls/cert.pem
%changelog %changelog
* Wed Apr 7 2010 Joe Orton <jorton@redhat.com> - 2010.63-1
- update to certdata.txt r1.63
- use upstream RCS version in Version
* Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4 * Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4
- fix ca-bundle.crt (#575111) - fix ca-bundle.crt (#575111)

1587
certdata.txt
View File

File diff suppressed because it is too large Load Diff

50
mkcabundle.pl
View File

@ -1,50 +0,0 @@
#!/usr/bin/perl -w
#
# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
# Run as ./mkcabundle.pl > ca-bundle.crt
#
my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
open(IN, "cvs -d $cvsroot co -p $certdata|")
|| die "could not check out certdata.txt";
my $incert = 0;
my $skipcert = 0;
print<<EOH;
# This is a bundle of X.509 certificates of public Certificate
# Authorities. It was generated from the Mozilla root CA list.
#
# Source: $certdata
#
EOH
while (<IN>) {
if (/^CKA_VALUE MULTILINE_OCTAL/) {
$incert = 1;
if (!$skipcert) {
open(OUT, "|openssl x509 -text -inform DER -fingerprint")
|| die "could not pipe to openssl x509";
}
} elsif (/^END/ && $incert) {
if (!$skipcert) {
close(OUT);
print "\n\n";
}
$incert = 0;
$skipcert = 0;
} elsif ($incert && !$skipcert) {
my @bs = split(/\\/);
foreach my $b (@bs) {
chomp $b;
printf(OUT "%c", oct($b)) unless $b eq '';
}
} elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
print "# Generated from certdata.txt RCS revision $1\n#\n";
} elsif (/^CKA_LABEL.*ECC.*/) {
# Ugly hack to avoid picking up ECC certs.
$skipcert = 1;
}
}