- update to certdata.txt r1.63

- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00 · 2010-04-07 09:40:17 +00:00 · b62ba6e474
commit b62ba6e474
parent dc70b1f07b
5 changed files with 224 additions and 1444 deletions
--- a/7
+++ b/7
@ -1,5 +1,5 @@
 # Makefile for source rpm: ca-certificates
-# $Id: Makefile,v 1.3 2010/01/15 20:22:01 jorton Exp $
+# $Id: Makefile,v 1.4 2010/01/18 09:23:31 jorton Exp $
 NAME := ca-certificates
 SPECFILE = $(firstword $(wildcard *.spec))

@ -19,3 +19,8 @@ MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
 endif

 include $(MAKEFILE_COMMON)
+
+regenerate:
+	cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot   \
+	   co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
+	   > certdata.txt
--- a/blacklist.txt
+++ b/blacklist.txt
@ -1,5 +0,0 @@
-# One blacklist entry per line, corresponding to the label in certdata.txt.
-
-# MD5 Collision Proof of Concept CA
-"MD5 Collisions Forged Rogue CA 25c3"
-
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -1,13 +1,18 @@
-### Note that mkcabundle.pl is used to generate ca-bundle.crt
-### before generating a source RPM, and is not used during the
-### build.
+# certdata.txt is generated by extracting it from Mozilla CVS.
+# This is done by running:
+#
+#   cvs -d :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot   \
+#     co -p mozilla/security/nss/lib/ckfw/builtins/certdata.txt \
+#     > certdata.txt
+# 
+# Keep the RCS version in sync with the spec Version.

 %define pkidir %{_sysconfdir}/pki

 Summary: The Mozilla CA root certificate bundle
 Name: ca-certificates
-Version: 2010
-Release: 4%{?dist}
+Version: 2010.63
+Release: 1%{?dist}
 License: Public Domain
 Group: System Environment/Base
 URL: http://www.mozilla.org/
@ -107,6 +112,10 @@ rm -rf $RPM_BUILD_ROOT
 %{pkidir}/tls/cert.pem

 %changelog
+* Wed Apr  7 2010 Joe Orton <jorton@redhat.com> - 2010.63-1
+- update to certdata.txt r1.63
+- use upstream RCS version in Version
+
 * Fri Mar 19 2010 Joe Orton <jorton@redhat.com> - 2010-4
 - fix ca-bundle.crt (#575111)

--- a/certdata.txt
+++ b/certdata.txt
--- a/mkcabundle.pl
+++ b/mkcabundle.pl
@ -1,50 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
-# Run as ./mkcabundle.pl > ca-bundle.crt
-#
-
-my $cvsroot = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
-my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
-
-open(IN, "cvs -d $cvsroot co -p $certdata|")
-    || die "could not check out certdata.txt";
-
-my $incert = 0;
-my $skipcert = 0;
-
-print<<EOH;
-# This is a bundle of X.509 certificates of public Certificate
-# Authorities.  It was generated from the Mozilla root CA list.
-#
-# Source: $certdata
-#
-EOH
-
-while (<IN>) {
-    if (/^CKA_VALUE MULTILINE_OCTAL/) {
-        $incert = 1;
-        if (!$skipcert) {
-            open(OUT, "|openssl x509 -text -inform DER -fingerprint")
-                || die "could not pipe to openssl x509";
-        }
-    } elsif (/^END/ && $incert) {
-        if (!$skipcert) {
-            close(OUT);
-            print "\n\n";
-        }
-        $incert = 0;
-        $skipcert = 0;
-    } elsif ($incert && !$skipcert) {
-        my @bs = split(/\\/);
-        foreach my $b (@bs) {
-            chomp $b;
-            printf(OUT "%c", oct($b)) unless $b eq '';
-        }
-    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
-        print "# Generated from certdata.txt RCS revision $1\n#\n";
-    } elsif (/^CKA_LABEL.*ECC.*/) {
-        # Ugly hack to avoid picking up ECC certs.
-        $skipcert = 1;
-    }
-}