ca-certificates-2021.2.52-1

c/ca-certificates/ca-certificates-vl.spec

@@ -5,10 +5,10 @@
 
 # latest nss release.
 # reference: https://hg.mozilla.org/projects/nss
-%define nss_version 3_67
+%define nss_version 3_72
 
 # NSS_BUILTINS_LIBRARY_VERSION from https://hg.mozilla.org/projects/nss/file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/nssckbi.h
-%define ckbi_version 2.50
+%define ckbi_version 2.52
 
 %define java_version 1.8.0
 
@@ -24,31 +24,33 @@ Distribution: Vine Linux.
 License: MPL2
 # see also: https://nss-crypto.org/
 URL: http://www.mozilla.org/
-Source0: https://hg.mozilla.org/projects/nss/raw-file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/certdata.txt
+Source0: https://hg.mozilla.org/projects/nss/raw-file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/certdata.txt#/certdata-%{version}.txt
 Source1: blacklist.txt
 Source2: generate-cacerts.pl
 Source3: certdata2pem.py
 
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: perl, java-%{java_version}-openjdk-headless, python, rcs
 BuildArch: noarch
 
+BuildRequires: perl, java-%{java_version}-openjdk-headless, python3, rcs
+
 %description
 This package contains the set of CA certificates chosen by the
 Mozilla Foundation for use with the Internet PKI.
 
 
 %prep
-rm -rf %{name}
-mkdir %{name} %{name}/certs %{name}/java
+%setup -T -c -n %{name}
+mkdir certs java
+mkdir certs/legacy-default
+mkdir certs/legacy-disable
 
 
 %build
-pushd %{name}/certs
- cp %{SOURCE0} %{SOURCE1} .
- python %{SOURCE3} 
+pushd certs
+ cp %{SOURCE0} certdata.txt
+ cp %{SOURCE1} .
+ python3 %{SOURCE3} 
 popd
-pushd %{name}
  (
    cat <<EOF
 # This is a bundle of X.509 certificates of public Certificate
@@ -76,7 +78,7 @@ EOF
    echo '#';
  ) > ca-bundle.trust.crt
  for f in certs/*.crt; do 
-   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
+   tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' "$f"`
    case $tbits in
    *serverAuth*) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
    esac
@@ -88,8 +90,7 @@ EOF
       openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
    fi
  done
-popd
-pushd %{name}/java
+pushd java
  test -s ../ca-bundle.crt || exit 1
  %{__perl} %{SOURCE2} %{_bindir}/keytool ../ca-bundle.crt
  touch -r %{SOURCE0} cacerts
@@ -101,15 +102,15 @@ rm -rf $RPM_BUILD_ROOT
 
 mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
 
-install -p -m 644 %{name}/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
-install -p -m 644 %{name}/ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
+install -p -m 644 ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
+install -p -m 644 ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
 ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
 touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
 touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
 
 # Install Java cacerts file.
 mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
-install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
+install -p -m 644 java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
 
 # /etc/ssl/certs symlink for 3rd-party tools
 mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
@@ -133,6 +134,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Wed Nov 24 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2021.2.52-1
+- updated to 2.52.
+
 * Fri Jun 25 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2021.2.50-1
 - updated to 2.50.