pkgsrc/security/ca-certificates/Makefile
kim bed248a516 Upgrade to 20200601
* Update Mozilla certificate authority bundle to version 2.40.
* Add distrusted Symantec CA list to blacklist for explicit removal.
* Blacklist expired root certificate, "AddTrust External Root".

The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"

The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"

Changes for pkgsrc packaging:
* Add README.pkgsrc, replacing MESSAGE.
* Improve DESCR to better describe the functionality of the package.
* Install changelog and README.source from the distribution package.
2020-06-08 09:55:36 +00:00

81 lines
2.6 KiB
Makefile

# $NetBSD: Makefile,v 1.2 2020/06/08 09:55:36 kim Exp $
PKGNAME= ca-certificates-20200601
DISTNAME= ${PKGNAME:C/-([^-]*)$/_\1/}
CATEGORIES= security
MASTER_SITES= http://deb.debian.org/debian/pool/main/c/ca-certificates/
EXTRACT_SUFX= .tar.xz
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= https://packages.debian.org/source/sid/ca-certificates
COMMENT= Root CA certificates from the Mozilla Project
LICENSE= gnu-gpl-v2 AND mpl-2.0
NO_CONFIGURE= yes
PYTHON_FOR_BUILD_ONLY= yes
USE_TOOLS= echo:run find:run ln:run openssl:run rm:run sed:run sort:run wc:run
WRKSRC= ${WRKDIR}/${PKGNAME_NOREV}
DATADIR= ${PREFIX}/share/${PKGBASE}
DOCDIR= ${PREFIX}/share/doc/${PKGBASE}
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
MANDIR= ${PREFIX}/share/man/man8
# Set paths depending on whether we depend on builtin or pkgsrc
# openssl. \todo Arguably, we should consider installing into both
# builtin and pkgsrc, if both exist, but this requires much more
# thought.
CHECK_BUILTIN.openssl= yes
.include "../../security/openssl/builtin.mk"
CHECK_BUILTIN.openssl= no
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
SSLDIR= /etc/openssl
.else
SSLDIR= ${PKG_SYSCONFDIR}/openssl
.endif
SUBST_CLASSES= conf paths
SUBST_MESSAGE.conf= Adjusting configuration file.
SUBST_STAGE.conf= post-build
SUBST_FILES.conf= ca-certificates.conf
SUBST_SED.conf= -e 's,^share/ca-certificates/,,'
SUBST_MESSAGE.paths= Replacing hard-coded paths.
SUBST_STAGE.paths= post-build
SUBST_FILES.paths= Makefile sbin/Makefile
SUBST_FILES.paths+= ca-certificates.conf
SUBST_FILES.paths+= sbin/update-ca-certificates sbin/update-ca-certificates.8
SUBST_FILES.paths+= README.pkgsrc
SUBST_SED.paths= -e 's,/usr/sbin,${PREFIX}/sbin,g'
SUBST_SED.paths+= -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g'
SUBST_SED.paths+= -e 's,/etc/ssl,${SSLDIR},g'
SUBST_SED.paths+= -e 's,/usr/share/ca-certificates,${DATADIR},g'
INSTALLATION_DIRS= sbin ${DATADIR} ${DOCDIR} ${EGDIR} ${MANDIR}
CONF_FILES= ${EGDIR}/ca-certificates.conf \
${PKG_SYSCONFDIR}/ca-certificates.conf
pre-build:
@${CP} ${FILESDIR}/ca-certificates.conf ${FILESDIR}/README.pkgsrc ${WRKSRC}/
@${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \
>> ${WRKSRC}/ca-certificates.conf
post-extract:
${MV} ${WRKDIR}/work ${WRKSRC}
post-install:
${INSTALL_MAN} \
${WRKSRC}/sbin/update-ca-certificates.8 \
${DESTDIR}${MANDIR}/
${INSTALL_DATA} \
${WRKSRC}/README.pkgsrc \
${WRKSRC}/debian/README.source \
${WRKSRC}/debian/changelog \
${DESTDIR}${DOCDIR}/
${INSTALL_DATA} \
${WRKSRC}/ca-certificates.conf \
${DESTDIR}${EGDIR}/
.include "../../lang/python/tool.mk"
.include "../../mk/bsd.pkg.mk"