|
@@ -5,10 +5,10 @@
|
|
|
|
|
|
# latest nss release.
|
|
# latest nss release.
|
|
# reference: https://hg.mozilla.org/projects/nss
|
|
# reference: https://hg.mozilla.org/projects/nss
|
|
-%define nss_version 3_67
|
|
|
|
|
|
+%define nss_version 3_72
|
|
|
|
|
|
# NSS_BUILTINS_LIBRARY_VERSION from https://hg.mozilla.org/projects/nss/file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/nssckbi.h
|
|
# NSS_BUILTINS_LIBRARY_VERSION from https://hg.mozilla.org/projects/nss/file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/nssckbi.h
|
|
-%define ckbi_version 2.50
|
|
|
|
|
|
+%define ckbi_version 2.52
|
|
|
|
|
|
%define java_version 1.8.0
|
|
%define java_version 1.8.0
|
|
|
|
|
|
@@ -24,31 +24,33 @@ Distribution: Vine Linux.
|
|
License: MPL2
|
|
License: MPL2
|
|
# see also: https://nss-crypto.org/
|
|
# see also: https://nss-crypto.org/
|
|
URL: http://www.mozilla.org/
|
|
URL: http://www.mozilla.org/
|
|
-Source0: https://hg.mozilla.org/projects/nss/raw-file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/certdata.txt
|
|
|
|
|
|
+Source0: https://hg.mozilla.org/projects/nss/raw-file/NSS_%{nss_version}_RTM/lib/ckfw/builtins/certdata.txt#/certdata-%{version}.txt
|
|
Source1: blacklist.txt
|
|
Source1: blacklist.txt
|
|
Source2: generate-cacerts.pl
|
|
Source2: generate-cacerts.pl
|
|
Source3: certdata2pem.py
|
|
Source3: certdata2pem.py
|
|
|
|
|
|
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
|
|
|
-BuildRequires: perl, java-%{java_version}-openjdk-headless, python, rcs
|
|
|
|
BuildArch: noarch
|
|
BuildArch: noarch
|
|
|
|
|
|
|
|
+BuildRequires: perl, java-%{java_version}-openjdk-headless, python3, rcs
|
|
|
|
+
|
|
%description
|
|
%description
|
|
This package contains the set of CA certificates chosen by the
|
|
This package contains the set of CA certificates chosen by the
|
|
Mozilla Foundation for use with the Internet PKI.
|
|
Mozilla Foundation for use with the Internet PKI.
|
|
|
|
|
|
|
|
|
|
%prep
|
|
%prep
|
|
-rm -rf %{name}
|
|
|
|
-mkdir %{name} %{name}/certs %{name}/java
|
|
|
|
|
|
+%setup -T -c -n %{name}
|
|
|
|
+mkdir certs java
|
|
|
|
+mkdir certs/legacy-default
|
|
|
|
+mkdir certs/legacy-disable
|
|
|
|
|
|
|
|
|
|
%build
|
|
%build
|
|
-pushd %{name}/certs
|
|
|
|
- cp %{SOURCE0} %{SOURCE1} .
|
|
|
|
- python %{SOURCE3}
|
|
|
|
|
|
+pushd certs
|
|
|
|
+ cp %{SOURCE0} certdata.txt
|
|
|
|
+ cp %{SOURCE1} .
|
|
|
|
+ python3 %{SOURCE3}
|
|
popd
|
|
popd
|
|
-pushd %{name}
|
|
|
|
(
|
|
(
|
|
cat <<EOF
|
|
cat <<EOF
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
# This is a bundle of X.509 certificates of public Certificate
|
|
@@ -76,7 +78,7 @@ EOF
|
|
echo '#';
|
|
echo '#';
|
|
) > ca-bundle.trust.crt
|
|
) > ca-bundle.trust.crt
|
|
for f in certs/*.crt; do
|
|
for f in certs/*.crt; do
|
|
- tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
|
|
|
|
|
|
+ tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' "$f"`
|
|
case $tbits in
|
|
case $tbits in
|
|
*serverAuth*) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
|
|
*serverAuth*) openssl x509 -text -in "$f" >> ca-bundle.crt ;;
|
|
esac
|
|
esac
|
|
@@ -88,8 +90,7 @@ EOF
|
|
openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
|
|
openssl x509 -text -in "$f" -trustout $targs >> ca-bundle.trust.crt
|
|
fi
|
|
fi
|
|
done
|
|
done
|
|
-popd
|
|
|
|
-pushd %{name}/java
|
|
|
|
|
|
+pushd java
|
|
test -s ../ca-bundle.crt || exit 1
|
|
test -s ../ca-bundle.crt || exit 1
|
|
%{__perl} %{SOURCE2} %{_bindir}/keytool ../ca-bundle.crt
|
|
%{__perl} %{SOURCE2} %{_bindir}/keytool ../ca-bundle.crt
|
|
touch -r %{SOURCE0} cacerts
|
|
touch -r %{SOURCE0} cacerts
|
|
@@ -101,15 +102,15 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
|
|
mkdir -p $RPM_BUILD_ROOT{%{pkidir}/tls/certs,%{pkidir}/java}
|
|
|
|
|
|
-install -p -m 644 %{name}/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
|
|
|
|
-install -p -m 644 %{name}/ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
|
|
|
|
|
|
+install -p -m 644 ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
|
|
|
|
+install -p -m 644 ca-bundle.trust.crt $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
|
|
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
|
|
ln -s certs/ca-bundle.crt $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem
|
|
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
|
|
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.crt
|
|
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
|
|
touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pkidir}/tls/certs/ca-bundle.trust.crt
|
|
|
|
|
|
# Install Java cacerts file.
|
|
# Install Java cacerts file.
|
|
mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
|
|
mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
|
|
-install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
|
|
|
|
|
|
+install -p -m 644 java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
|
|
|
|
|
|
# /etc/ssl/certs symlink for 3rd-party tools
|
|
# /etc/ssl/certs symlink for 3rd-party tools
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
|
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
|
|
@@ -133,6 +134,9 @@ rm -rf $RPM_BUILD_ROOT
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
%changelog
|
|
|
|
+* Wed Nov 24 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2021.2.52-1
|
|
|
|
+- updated to 2.52.
|
|
|
|
+
|
|
* Fri Jun 25 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2021.2.50-1
|
|
* Fri Jun 25 2021 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 2021.2.50-1
|
|
- updated to 2.50.
|
|
- updated to 2.50.
|
|
|
|
|