bed248a516
* Update Mozilla certificate authority bundle to version 2.40. * Add distrusted Symantec CA list to blacklist for explicit removal. * Blacklist expired root certificate, "AddTrust External Root". The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" Changes for pkgsrc packaging: * Add README.pkgsrc, replacing MESSAGE. * Improve DESCR to better describe the functionality of the package. * Install changelog and README.source from the distribution package.
81 lines
2.6 KiB
Makefile
81 lines
2.6 KiB
Makefile
# $NetBSD: Makefile,v 1.2 2020/06/08 09:55:36 kim Exp $
|
|
|
|
PKGNAME= ca-certificates-20200601
|
|
DISTNAME= ${PKGNAME:C/-([^-]*)$/_\1/}
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://deb.debian.org/debian/pool/main/c/ca-certificates/
|
|
EXTRACT_SUFX= .tar.xz
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= https://packages.debian.org/source/sid/ca-certificates
|
|
COMMENT= Root CA certificates from the Mozilla Project
|
|
LICENSE= gnu-gpl-v2 AND mpl-2.0
|
|
|
|
NO_CONFIGURE= yes
|
|
PYTHON_FOR_BUILD_ONLY= yes
|
|
|
|
USE_TOOLS= echo:run find:run ln:run openssl:run rm:run sed:run sort:run wc:run
|
|
|
|
WRKSRC= ${WRKDIR}/${PKGNAME_NOREV}
|
|
DATADIR= ${PREFIX}/share/${PKGBASE}
|
|
DOCDIR= ${PREFIX}/share/doc/${PKGBASE}
|
|
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
|
|
MANDIR= ${PREFIX}/share/man/man8
|
|
|
|
# Set paths depending on whether we depend on builtin or pkgsrc
|
|
# openssl. \todo Arguably, we should consider installing into both
|
|
# builtin and pkgsrc, if both exist, but this requires much more
|
|
# thought.
|
|
CHECK_BUILTIN.openssl= yes
|
|
.include "../../security/openssl/builtin.mk"
|
|
CHECK_BUILTIN.openssl= no
|
|
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
|
|
SSLDIR= /etc/openssl
|
|
.else
|
|
SSLDIR= ${PKG_SYSCONFDIR}/openssl
|
|
.endif
|
|
|
|
SUBST_CLASSES= conf paths
|
|
SUBST_MESSAGE.conf= Adjusting configuration file.
|
|
SUBST_STAGE.conf= post-build
|
|
SUBST_FILES.conf= ca-certificates.conf
|
|
SUBST_SED.conf= -e 's,^share/ca-certificates/,,'
|
|
SUBST_MESSAGE.paths= Replacing hard-coded paths.
|
|
SUBST_STAGE.paths= post-build
|
|
SUBST_FILES.paths= Makefile sbin/Makefile
|
|
SUBST_FILES.paths+= ca-certificates.conf
|
|
SUBST_FILES.paths+= sbin/update-ca-certificates sbin/update-ca-certificates.8
|
|
SUBST_FILES.paths+= README.pkgsrc
|
|
SUBST_SED.paths= -e 's,/usr/sbin,${PREFIX}/sbin,g'
|
|
SUBST_SED.paths+= -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g'
|
|
SUBST_SED.paths+= -e 's,/etc/ssl,${SSLDIR},g'
|
|
SUBST_SED.paths+= -e 's,/usr/share/ca-certificates,${DATADIR},g'
|
|
|
|
INSTALLATION_DIRS= sbin ${DATADIR} ${DOCDIR} ${EGDIR} ${MANDIR}
|
|
|
|
CONF_FILES= ${EGDIR}/ca-certificates.conf \
|
|
${PKG_SYSCONFDIR}/ca-certificates.conf
|
|
|
|
pre-build:
|
|
@${CP} ${FILESDIR}/ca-certificates.conf ${FILESDIR}/README.pkgsrc ${WRKSRC}/
|
|
@${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \
|
|
>> ${WRKSRC}/ca-certificates.conf
|
|
|
|
post-extract:
|
|
${MV} ${WRKDIR}/work ${WRKSRC}
|
|
|
|
post-install:
|
|
${INSTALL_MAN} \
|
|
${WRKSRC}/sbin/update-ca-certificates.8 \
|
|
${DESTDIR}${MANDIR}/
|
|
${INSTALL_DATA} \
|
|
${WRKSRC}/README.pkgsrc \
|
|
${WRKSRC}/debian/README.source \
|
|
${WRKSRC}/debian/changelog \
|
|
${DESTDIR}${DOCDIR}/
|
|
${INSTALL_DATA} \
|
|
${WRKSRC}/ca-certificates.conf \
|
|
${DESTDIR}${EGDIR}/
|
|
|
|
.include "../../lang/python/tool.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|