pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/mozilla-rootcerts Import security/mozilla-roo...
details: https://anonhg.NetBSD.org/pkgsrc/rev/36df5133c1ea
branches: trunk
changeset: 533508:36df5133c1ea
user: jlam <jlam%pkgsrc.org@localhost>
date: Thu Sep 20 20:02:53 2007 +0000
description:
Import security/mozilla-rootcerts:
This package provides a script which can be used to extract the root
CA certificates distributed by the Mozilla Project into the current
working directory and to rehash the existing certificates. The directory
can be used by most SSL-aware programs that expect a "CA certificate
path".
diffstat:
security/mozilla-rootcerts/DESCR | 5 +
security/mozilla-rootcerts/Makefile | 39 ++++
security/mozilla-rootcerts/PLIST | 4 +
security/mozilla-rootcerts/distinfo | 5 +
security/mozilla-rootcerts/files/mozilla-rootcerts.sh | 171 ++++++++++++++++++
5 files changed, 224 insertions(+), 0 deletions(-)
diffs (244 lines):
diff -r 5d1205a9966f -r 36df5133c1ea security/mozilla-rootcerts/DESCR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mozilla-rootcerts/DESCR Thu Sep 20 20:02:53 2007 +0000
@@ -0,0 +1,5 @@
+This package provides a script which can be used to extract the root
+CA certificates distributed by the Mozilla Project into the current
+working directory and to rehash the existing certificates. The directory
+can be used by most SSL-aware programs that expect a "CA certificate
+path".
diff -r 5d1205a9966f -r 36df5133c1ea security/mozilla-rootcerts/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mozilla-rootcerts/Makefile Thu Sep 20 20:02:53 2007 +0000
@@ -0,0 +1,39 @@
+# $NetBSD: Makefile,v 1.1.1.1 2007/09/20 20:02:53 jlam Exp $
+
+DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE}
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_LOCAL}
+DISTFILES= ${CERTDATA}
+EXTRACT_SUFX= # empty
+
+MAINTAINER= jlam%pkgsrc.org@localhost
+HOMEPAGE= http://lxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
+COMMENT= root CA certificates from the Mozilla Project
+
+USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run
+
+CERTDATA_DATE= 20070713
+CERTDATA= certdata-${CERTDATA_DATE}.txt
+
+WRKSRC= ${WRKDIR}
+BUILD_DIRS= # empty
+DATADIR= ${PREFIX}/share/${PKGBASE}
+
+SUBST_CLASSES= paths
+SUBST_MESSAGE.paths= Replacing hard-coded paths.
+SUBST_STAGE.paths= post-configure
+SUBST_FILES.paths= mozilla-rootcerts.sh
+SUBST_VARS.paths= AWK ECHO EXPR LN LS OPENSSL RM DATADIR
+
+INSTALLATION_DIRS= sbin ${DATADIR}
+
+do-extract:
+ ${CP} ${FILESDIR}/mozilla-rootcerts.sh ${WRKSRC}
+ ${CP} ${DISTDIR}/${CERTDATA} ${WRKSRC}
+
+do-install:
+ ${INSTALL_SCRIPT} ${WRKSRC}/mozilla-rootcerts.sh \
+ ${PREFIX}/sbin/mozilla-rootcerts
+ ${INSTALL_DATA} ${WRKSRC}/${CERTDATA} ${DATADIR}/certdata.txt
+
+.include "../../mk/bsd.pkg.mk"
diff -r 5d1205a9966f -r 36df5133c1ea security/mozilla-rootcerts/PLIST
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mozilla-rootcerts/PLIST Thu Sep 20 20:02:53 2007 +0000
@@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2007/09/20 20:02:53 jlam Exp $
+sbin/mozilla-rootcerts
+share/mozilla-rootcerts/certdata.txt
+@dirrm share/mozilla-rootcerts
diff -r 5d1205a9966f -r 36df5133c1ea security/mozilla-rootcerts/distinfo
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mozilla-rootcerts/distinfo Thu Sep 20 20:02:53 2007 +0000
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1.1.1 2007/09/20 20:02:53 jlam Exp $
+
+SHA1 (certdata-20070713.txt) = 2f07092e7bceb4354f9255a8455d46671831b2be
+RMD160 (certdata-20070713.txt) = c665e7265fb7fc2a04bc4405d4d650f8ff1c182e
+Size (certdata-20070713.txt) = 793526 bytes
diff -r 5d1205a9966f -r 36df5133c1ea security/mozilla-rootcerts/files/mozilla-rootcerts.sh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh Thu Sep 20 20:02:53 2007 +0000
@@ -0,0 +1,171 @@
+#!/bin/sh
+#
+# $NetBSD: mozilla-rootcerts.sh,v 1.1.1.1 2007/09/20 20:02:53 jlam Exp $
+#
+# This script is meant to be used as follows:
+#
+# # cd /etc/openssl/certs
+# # mozilla-rootcerts extract
+# # mozilla-rootcerts rehash
+#
+
+: ${AWK=@AWK@}
+: ${ECHO=@ECHO@}
+: ${EXPR=@EXPR@}
+: ${LN=@LN@}
+: ${LS=@LS@}
+: ${OPENSSL=@OPENSSL@}
+: ${RM=@RM@}
+
+self="mozilla-rootcerts"
+certfile="@DATADIR@/certdata.txt"
+
+usage()
+{
+ ${ECHO} 1>&2 "usage: $self [-f certfile] extract|rehash"
+ exit $1
+}
+
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -f) certfile="$2"; shift 2 ;;
+ --) shift; break ;;
+ -*) ${ECHO} 1>&2 "$self: unknown option -- $1"
+ usage 128 ;;
+ *) break ;;
+ esac
+done
+
+[ $# -eq 1 ] || usage 128
+
+action="$1"; shift
+
+#
+# link_hash pemtype pemfile
+#
+# Link a certificate or CRL to its subject name hash value.
+# Each hash is of the form <hash>.<n> for certificates and
+# <hash>.r<n> for CRLs, where n is an integer. If the hash
+# value already exists, then we need to up the value of n, unless
+# it's a duplicate, in which case we skip the link. We check
+# for duplicates by comparing fingerprints.
+#
+link_hash()
+{
+ _pemtype="$1"; _pemfile="$2"; shift 2
+
+ _hash=`${OPENSSL} "$_pemtype" -hash -noout -in "$_pemfile"`
+ _fprint=`${OPENSSL} "$_pemtype" -fingerprint -noout -in "$_pemfile"`
+ _suffix=0
+ while [ 1 = 1 ] ; do
+ case $_pemtype in
+ crl) _hashfile="$_hash.r$_suffix" ;;
+ x509|*) _hashfile="$_hash.$_suffix" ;;
+ esac
+ if [ ! -f "$_hashfile" ]; then
+ ${ECHO} "$_pemfile => $_hashfile"
+ ${LN} -sf "$_pemfile" "$_hashfile"
+ break
+ fi
+ _fprintold=`${OPENSSL} "$_pemtype" -fingerprint -noout -in "$_hashfile"`
+ if [ "$_fprint" = "$_fprintold" ]; then
+ ${ECHO} 1>&2 "WARNING: Skipping duplicate certificate $_pemfile"
+ return
+ fi
+ suffix=`${EXPR} $suffix + 1`
+ done
+}
+
+case $action in
+rehash)
+ # Delete any existing symbolic links.
+ ${LS} | while read entry; do
+ [ ! -h "$entry" ] || ${RM} -f "$entry"
+ done
+
+ ${LS} | while read pemfile; do
+ case $pemfile in
+ *.pem) ;;
+ *) continue ;;
+ esac
+ pemtype=
+ while read line; do
+ case $line in
+ "-----BEGIN CERTIFICATE-----"|\
+ "-----BEGIN X509 CERTIFICATE-----"|\
+ "-----BEGIN TRUSTED CERTIFICATE-----")
+ pemtype=x509
+ break
+ ;;
+ "-----BEGIN X509 CRL-----")
+ pemtype=crl
+ break
+ ;;
+ esac
+ done < "$pemfile"
+ case $pemtype in
+ x509|crl)
+ link_hash "$pemtype" "$pemfile"
+ ;;
+ *)
+ ${ECHO} 1>&2 "WARNING: $pemfile does not contain a certificate or CRL: skipping"
+ continue
+ ;;
+ esac
+ done
+ ;;
+
+extract)
+ #
+ # Certificates in octal-encoded DER format are delimited by
+ # "CKA_VALUE MULTILINE_OCTAL"/"END" pairs. Convert them into
+ # long character strings and pipe them through openssl to
+ # convert from DER to PEM format.
+ #
+ # The resulting PEM format certificates are saved as
+ # "mozilla-rootcert-<n>.pem" in the current working directory.
+ #
+ cat "$certfile" | ${AWK} -v OPENSSL=${OPENSSL} '
+ function join(array, start, end, separator, result, i) {
+ result = array[start]
+ for (i = start + 1; i <= end; i++)
+ result = result separator array[i]
+ return result
+ }
+
+ function base8to10(o, octal, decimal, power, i, n) {
+ decimal = 0
+ n = split(o, octal, "")
+ while (n > 0) {
+ power = 1
+ for (i = 1; i < n; i++)
+ power *= 8
+ decimal += octal[4-n] * power
+ n--
+ }
+ return decimal
+ }
+
+ BEGIN {
+ filenum = 0
+ while (getline) {
+ D = 0
+ if ($0 !~ /^CKA_VALUE MULTILINE_OCTAL/) continue
+
+ filename = "mozilla-rootcert-" filenum ".pem"
+ filenum++
+ cmd = OPENSSL " x509 -inform der -outform pem -text >" filename
+ print filename
+ while (getline) {
+ if ($0 ~ /^END/) break
+ n = split($0, line, "\\")
+ for (i = 2; i <= n; i++) {
+ der[D++] = sprintf("%c", base8to10(line[i]))
+ }
+ }
+ printf("%s", join(der, 0, D, "")) | cmd
+ close(cmd)
+ }
+ }'
+ ;;
+esac
Home |
Main Index |
Thread Index |
Old Index