Minix/pkgsrc-ng
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import of pkgsrc-2013Q2

Browse Source
This commit is contained in:
Lionel Sambuc
2013-09-26 17:14:40 +02:00
commit 785076ae39
74991 changed files with 4380255 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
security/mozilla-rootcerts/DESCR Normal file
View File

@@ -0,0 +1,5 @@
This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates. The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".

20
security/mozilla-rootcerts/MESSAGE Normal file
View File

@@ -0,0 +1,20 @@
===========================================================================
$NetBSD: MESSAGE,v 1.4 2013/03/15 16:14:55 bsiegert Exp $
Execute this command to extract and rehash all CA root certificates
distributed by the Mozilla Project, so that they can be used by third
party applications using OpenSSL. It also creates a single file
certificate bundle in PEM format which can be used by applications using
GnuTLS.
# mozilla-rootcerts install
To mark these certificates as trusted for users of gnupg2, do
the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
# mkdir /usr/pkg/etc/gnupg
# cd /usr/pkg/etc/gnupg
# for c in /etc/openssl/certs/*.pem; do
> openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
> done > trustlist.txt
===========================================================================

50
security/mozilla-rootcerts/Makefile Normal file
View File

@@ -0,0 +1,50 @@
# $NetBSD: Makefile,v 1.12 2013/03/15 16:14:55 bsiegert Exp $
DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE}
PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_LOCAL}
DISTFILES= ${CERTDATA}
EXTRACT_SUFX= # empty
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
COMMENT= Root CA certificates from the Mozilla Project
LICENSE= mpl-1.1 OR gnu-gpl-v2 OR gnu-lgpl-v2.1
USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run
CERTDATA_DATE= 20121229
CERTDATA= certdata-${CERTDATA_DATE}.txt
WRKSRC= ${WRKDIR}
BUILD_DIRS= # empty
DATADIR= ${PREFIX}/share/${PKGBASE}
CHECK_BUILTIN.openssl= yes
.include "../../security/openssl/builtin.mk"
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
SSLDIR= /etc/openssl/certs
.else
SSLDIR= ${PKG_SYSCONFDIR}/openssl/certs
.endif
SUBST_CLASSES= paths
SUBST_MESSAGE.paths= Replacing hard-coded paths.
SUBST_STAGE.paths= post-configure
SUBST_FILES.paths= mozilla-rootcerts.sh
SUBST_VARS.paths= AWK ECHO EXPR LN LS RM DATADIR MKDIR SSLDIR
SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g'
INSTALLATION_DIRS= sbin ${DATADIR}
do-extract:
${CP} ${FILESDIR}/mozilla-rootcerts.sh ${WRKSRC}
${CP} ${DISTDIR}/${CERTDATA} ${WRKSRC}
do-install:
${INSTALL_SCRIPT} ${WRKSRC}/mozilla-rootcerts.sh \
${DESTDIR}${PREFIX}/sbin/mozilla-rootcerts
${INSTALL_DATA} ${WRKSRC}/${CERTDATA} ${DESTDIR}${DATADIR}/certdata.txt
.include "../../mk/bsd.pkg.mk"

3
security/mozilla-rootcerts/PLIST Normal file
View File

@@ -0,0 +1,3 @@
@comment $NetBSD: PLIST,v 1.2 2009/06/14 18:13:33 joerg Exp $
sbin/mozilla-rootcerts
share/mozilla-rootcerts/certdata.txt

5
security/mozilla-rootcerts/distinfo Normal file
View File

@@ -0,0 +1,5 @@
$NetBSD: distinfo,v 1.6 2013/01/31 09:39:00 wiz Exp $
SHA1 (certdata-20121229.txt) = 07f9f6c8a3be4473497fe89174a32d32eb66bdd7
RMD160 (certdata-20121229.txt) = bc21321abe4cf27418880c4ce8e6ebd329df82a1
Size (certdata-20121229.txt) = 1306494 bytes

200
security/mozilla-rootcerts/files/mozilla-rootcerts.sh Normal file
View File

@@ -0,0 +1,200 @@
#!/bin/sh
#
# $NetBSD: mozilla-rootcerts.sh,v 1.5 2013/03/15 16:14:55 bsiegert Exp $
#
# This script is meant to be used as follows:
#
# # cd /etc/openssl/certs
# # mozilla-rootcerts extract
# # mozilla-rootcerts rehash
#
: ${AWK=@AWK@}
: ${ECHO=@ECHO@}
: ${EXPR=@EXPR@}
: ${LN=@LN@}
: ${LS=@LS@}
: ${MKDIR=@MKDIR@}
: ${OPENSSL=@OPENSSL@}
: ${SSLDIR=@SSLDIR@}
: ${RM=@RM@}
self="mozilla-rootcerts"
certfile="@DATADIR@/certdata.txt"
certdir="/etc/ssl/certs"
usage()
{
${ECHO} 1>&2 "usage: $self [-f certfile] extract|rehash|install"
exit $1
}
while [ $# -gt 0 ]; do
case "$1" in
-f) certfile="$2"; shift 2 ;;
--) shift; break ;;
-*) ${ECHO} 1>&2 "$self: unknown option -- $1"
usage 128 ;;
*) break ;;
esac
done
[ $# -eq 1 ] || usage 128
action="$1"; shift
#
# link_hash pemtype pemfile
#
# Link a certificate or CRL to its subject name hash value.
# Each hash is of the form <hash>.<n> for certificates and
# <hash>.r<n> for CRLs, where n is an integer. If the hash
# value already exists, then we need to up the value of n, unless
# it's a duplicate, in which case we skip the link. We check
# for duplicates by comparing fingerprints.
#
link_hash()
{
_pemtype="$1"; _pemfile="$2"; shift 2
_hash=`${OPENSSL} "$_pemtype" -hash -noout -in "$_pemfile"`
_fprint=`${OPENSSL} "$_pemtype" -fingerprint -noout -in "$_pemfile"`
_suffix=0
while [ 1 = 1 ] ; do
case $_pemtype in
crl) _hashfile="$_hash.r$_suffix" ;;
x509|*) _hashfile="$_hash.$_suffix" ;;
esac
if [ ! -f "$_hashfile" ]; then
${ECHO} "$_pemfile => $_hashfile"
${LN} -sf "$_pemfile" "$_hashfile"
break
fi
_fprintold=`${OPENSSL} "$_pemtype" -fingerprint -noout -in "$_hashfile"`
if [ "$_fprint" = "$_fprintold" ]; then
${ECHO} 1>&2 "WARNING: Skipping duplicate certificate $_pemfile"
return
fi
_suffix=`${EXPR} $_suffix + 1`
done
}
case $action in
rehash)
# Delete any existing symbolic links.
${LS} | while read entry; do
[ ! -h "$entry" ] || ${RM} -f "$entry"
done
${LS} | while read pemfile; do
case $pemfile in
*.pem) ;;
*) continue ;;
esac
pemtype=
while read line; do
case $line in
"-----BEGIN CERTIFICATE-----"|\
"-----BEGIN X509 CERTIFICATE-----"|\
"-----BEGIN TRUSTED CERTIFICATE-----")
pemtype=x509
break
;;
"-----BEGIN X509 CRL-----")
pemtype=crl
break
;;
esac
done < "$pemfile"
case $pemtype in
x509|crl)
link_hash "$pemtype" "$pemfile"
;;
*)
${ECHO} 1>&2 "WARNING: $pemfile does not contain a certificate or CRL: skipping"
continue
;;
esac
done
;;
extract)
#
# Certificates in octal-encoded DER format are delimited by
# "CKA_VALUE MULTILINE_OCTAL"/"END" pairs. Convert them into
# long character strings and pipe them through openssl to
# convert from DER to PEM format.
#
# The resulting PEM format certificates are saved as
# "mozilla-rootcert-<n>.pem" in the current working directory.
#
cat "$certfile" | ${AWK} -v OPENSSL=${OPENSSL} '
function base8to10(o, octal, decimal, power, i, n) {
decimal = 0
n = split(o, octal, "")
while (n > 0) {
power = 1
for (i = 1; i < n; i++)
power *= 8
decimal += octal[4-n] * power
n--
}
return decimal
}
BEGIN {
filenum = 0
while (getline) {
if ($0 !~ /^CKA_VALUE MULTILINE_OCTAL/) continue
filename = "mozilla-rootcert-" filenum ".pem"
filenum++
cmd = OPENSSL " x509 -inform der -outform pem -text >" filename
print filename
while (getline) {
if ($0 ~ /^END/) break
n = split($0, line, "\\")
for (i = 2; i <= n; i++) {
printf("%c", base8to10(line[i])) | cmd
}
}
close(cmd)
# kill untrusted certificates (not clean, but the script which comes
# with "curl" works the same way)
untrusted = 0
while (getline) {
if ($0 ~ /^#$/) break
if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NSS_NOT_TRUSTED$/)
untrusted = 1
if ($0 ~ /^CKA_TRUST_SERVER_AUTH.*CK_TRUST.*CKT_NETSCAPE_UNTRUSTED$/)
untrusted = 1
}
if (untrusted) {
print filename " untrusted"
system("rm -f " filename)
}
}
}'
;;
install)
if [ ! -d $SSLDIR ]; then
${ECHO} 1>&2 "ERROR: $SSLDIR does not exist, aborting."
exit 1
fi
cd $SSLDIR
if [ -n "`${LS}`" ]; then
${ECHO} 1>&2 "ERROR: $SSLDIR already contains certificates, aborting."
exit 1
fi
set -e
$self extract
$self rehash
set +e
if [ -d $certdir ]; then
${ECHO} 1>&2 "ERROR: $certdir already exists, aborting."
exit 1
fi
set -e
$MKDIR $certdir
cat $SSLDIR/*.pem > $certdir/ca-certificates.crt
esac