rpm/ca-certificates-mozilla
SHA256
1
0
Fork 0
forked from pool/ca-certificates-mozilla
Code Pull Requests Activity
23cff08e56
ca-certificates-mozilla/ca-certificates-mozilla.spec
Ismail Dönmez 23cff08e56 Accepting request 137754 from home:msmeissn:branches:Base:System 
- updated certificates to revision 1.85 (bnc#783509)
  * new "Actalis Authentication Root CA"
  * new "Trustis FPS Root CA"
  * new "StartCom Certification Authority"
  * new "StartCom Certification Authority G2"
  * new "Buypass Class 2 Root CA"
  * new "Buypass Class 3 Root CA"
  * updated: "Sonera Class2 CA": remove code-signing
  * updated: "thawte Primary Root CA": added code-signing
  * updated: "Trustis_FPS_Root_CA.pem": added code-signing
  * updated: VeriSign Class 3 Public Primary Certification Authority - G5":
    added code-signing, email-protection

OBS-URL: https://build.opensuse.org/request/show/137754
OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=30
2012-10-10 19:34:14 +00:00

109 lines
3.1 KiB
RPMSpec
Raw Blame History

#
# spec file for package ca-certificates-mozilla
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%bcond_with trustedcerts
BuildRequires: openssl
Name: ca-certificates-mozilla
%define sslusrdir %{_datadir}/ca-certificates
Version: 1.85
Release: 0
Summary: CA certificates for OpenSSL
License: MPL-2.0
Group: Productivity/Networking/Security
Url: http://www.mozilla.org
# IMPORTANT: procedure to update certificates:
# - Check the CVS log of the cert file:
# http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/ckfw/builtins/certdata.txt&rev=HEAD
# Alternatively hg:
# http://hg.mozilla.org/releases/mozilla-release/file/tip/security/nss/lib/ckfw/builtins/certdata.txt
# - download the new certdata.txt
# wget -O certdata.txt "http://mxr.mozilla.org/mozilla/source//security/nss/lib/ckfw/builtins/certdata.txt?raw=1"
# - run compareoldnew to show fingerprints of new and changed certificates
# - check the bugs referenced in cvs log and compare the checksum
# to output of compareoldnew
# - Watch out that blacklisted or untrusted certificates are not
# accidentally included!
Source: certdata.txt
Source1: extractcerts.pl
Source2: %{name}.COPYING
Source3: compareoldnew
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
# for update-ca-certificates
Requires(post): ca-certificates
Requires(postun): ca-certificates
#
Provides: openssl-certs = 0.9.9
Obsoletes: openssl-certs < 0.9.9
%description
This package contains some CA root certificates for OpenSSL extracted
from MozillaFirefox
%prep
%setup -qcT
/bin/cp %{SOURCE0} .
install -m 644 %{S:1} COPYING
%build
perl %{SOURCE1} --trustbits < certdata.txt
%install
mkdir -p %{buildroot}/%{sslusrdir}/mozilla
set +x
for i in *.pem; do
args=()
trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' "$i"`
%if %{with trustedcerts}
args+=('-trustout')
for t in $trust; do
args+=("-addtrust" "$t")
done
[ -z "$alias" ] || args+=('-setalias' "$alias")
%else
case "$trust" in
*serverAuth*) ;;
*) echo "skipping $i, not trusted for serverAuth"; continue ;;
esac
%endif
echo "$i"
{
grep '^#' "$i"
openssl x509 -in "$i" "${args[@]}"
} > "%{buildroot}/%{sslusrdir}/mozilla/$i"
done
set -x
%post
update-ca-certificates || true
%postun
update-ca-certificates || true
%files
%defattr(-, root, root)
%doc COPYING
%{sslusrdir}/mozilla
%changelog
View Git Blame Copy Permalink