pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/ca-certificates
Module Name: pkgsrc
Committed By: kim
Date: Mon Jun 8 09:55:37 UTC 2020
Modified Files:
pkgsrc/security/ca-certificates: DESCR Makefile PLIST distinfo
Added Files:
pkgsrc/security/ca-certificates/files: README.pkgsrc
Removed Files:
pkgsrc/security/ca-certificates: MESSAGE
Log Message:
Upgrade to 20200601
* Update Mozilla certificate authority bundle to version 2.40.
* Add distrusted Symantec CA list to blacklist for explicit removal.
* Blacklist expired root certificate, "AddTrust External Root".
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
Changes for pkgsrc packaging:
* Add README.pkgsrc, replacing MESSAGE.
* Improve DESCR to better describe the functionality of the package.
* Install changelog and README.source from the distribution package.
To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/ca-certificates/DESCR \
pkgsrc/security/ca-certificates/Makefile \
pkgsrc/security/ca-certificates/PLIST \
pkgsrc/security/ca-certificates/distinfo
cvs rdiff -u -r1.1 -r0 pkgsrc/security/ca-certificates/MESSAGE
cvs rdiff -u -r0 -r1.1 pkgsrc/security/ca-certificates/files/README.pkgsrc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/ca-certificates/DESCR
diff -u pkgsrc/security/ca-certificates/DESCR:1.1 pkgsrc/security/ca-certificates/DESCR:1.2
--- pkgsrc/security/ca-certificates/DESCR:1.1 Sun May 31 15:53:44 2020
+++ pkgsrc/security/ca-certificates/DESCR Mon Jun 8 09:55:36 2020
@@ -1,6 +1,7 @@
This package provides the certificates distributed by the Mozilla
-Project.
+Project and will, by default, install certificates trusted by the
+Mozilla Project in the system certificate store.
-It also provides a script, update-ca-certs, which can be used to manage
-a location that makes certificates usable by TLS implementations,
-including installing select certificates from this package.
+The sysadmin can configure the list of trusted certificates and also
+add local certificates as needed by editing ca-certificates.conf and
+re-running update-ca-certificates.
Index: pkgsrc/security/ca-certificates/Makefile
diff -u pkgsrc/security/ca-certificates/Makefile:1.1 pkgsrc/security/ca-certificates/Makefile:1.2
--- pkgsrc/security/ca-certificates/Makefile:1.1 Sun May 31 15:53:44 2020
+++ pkgsrc/security/ca-certificates/Makefile Mon Jun 8 09:55:36 2020
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.1 2020/05/31 15:53:44 kim Exp $
+# $NetBSD: Makefile,v 1.2 2020/06/08 09:55:36 kim Exp $
-PKGNAME= ca-certificates-20190110
+PKGNAME= ca-certificates-20200601
DISTNAME= ${PKGNAME:C/-([^-]*)$/_\1/}
CATEGORIES= security
MASTER_SITES= http://deb.debian.org/debian/pool/main/c/ca-certificates/
@@ -14,11 +14,13 @@ LICENSE= gnu-gpl-v2 AND mpl-2.0
NO_CONFIGURE= yes
PYTHON_FOR_BUILD_ONLY= yes
-USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run
+USE_TOOLS= echo:run find:run ln:run openssl:run rm:run sed:run sort:run wc:run
WRKSRC= ${WRKDIR}/${PKGNAME_NOREV}
DATADIR= ${PREFIX}/share/${PKGBASE}
+DOCDIR= ${PREFIX}/share/doc/${PKGBASE}
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
+MANDIR= ${PREFIX}/share/man/man8
# Set paths depending on whether we depend on builtin or pkgsrc
# openssl. \todo Arguably, we should consider installing into both
@@ -43,26 +45,37 @@ SUBST_STAGE.paths= post-build
SUBST_FILES.paths= Makefile sbin/Makefile
SUBST_FILES.paths+= ca-certificates.conf
SUBST_FILES.paths+= sbin/update-ca-certificates sbin/update-ca-certificates.8
+SUBST_FILES.paths+= README.pkgsrc
SUBST_SED.paths= -e 's,/usr/sbin,${PREFIX}/sbin,g'
SUBST_SED.paths+= -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g'
SUBST_SED.paths+= -e 's,/etc/ssl,${SSLDIR},g'
SUBST_SED.paths+= -e 's,/usr/share/ca-certificates,${DATADIR},g'
-INSTALLATION_DIRS= sbin ${DATADIR} ${EGDIR} share/man/man8
+INSTALLATION_DIRS= sbin ${DATADIR} ${DOCDIR} ${EGDIR} ${MANDIR}
CONF_FILES= ${EGDIR}/ca-certificates.conf \
${PKG_SYSCONFDIR}/ca-certificates.conf
pre-build:
- @${CP} ${FILESDIR}/ca-certificates.conf ${WRKSRC}/
+ @${CP} ${FILESDIR}/ca-certificates.conf ${FILESDIR}/README.pkgsrc ${WRKSRC}/
@${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \
>> ${WRKSRC}/ca-certificates.conf
+post-extract:
+ ${MV} ${WRKDIR}/work ${WRKSRC}
+
post-install:
- ${INSTALL_MAN} ${WRKSRC}/sbin/update-ca-certificates.8 \
- ${DESTDIR}${PREFIX}/share/man/man8/update-ca-certificates.8
- ${INSTALL_DATA} ${WRKSRC}/ca-certificates.conf \
- ${DESTDIR}${EGDIR}/ca-certificates.conf
+ ${INSTALL_MAN} \
+ ${WRKSRC}/sbin/update-ca-certificates.8 \
+ ${DESTDIR}${MANDIR}/
+ ${INSTALL_DATA} \
+ ${WRKSRC}/README.pkgsrc \
+ ${WRKSRC}/debian/README.source \
+ ${WRKSRC}/debian/changelog \
+ ${DESTDIR}${DOCDIR}/
+ ${INSTALL_DATA} \
+ ${WRKSRC}/ca-certificates.conf \
+ ${DESTDIR}${EGDIR}/
.include "../../lang/python/tool.mk"
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/ca-certificates/PLIST
diff -u pkgsrc/security/ca-certificates/PLIST:1.1 pkgsrc/security/ca-certificates/PLIST:1.2
--- pkgsrc/security/ca-certificates/PLIST:1.1 Sun May 31 15:53:44 2020
+++ pkgsrc/security/ca-certificates/PLIST Mon Jun 8 09:55:36 2020
@@ -1,9 +1,8 @@
-@comment $NetBSD: PLIST,v 1.1 2020/05/31 15:53:44 kim Exp $
+@comment $NetBSD: PLIST,v 1.2 2020/06/08 09:55:36 kim Exp $
sbin/update-ca-certificates
share/ca-certificates/mozilla/ACCVRAIZ1.crt
share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
-share/ca-certificates/mozilla/AddTrust_External_Root.crt
share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
share/ca-certificates/mozilla/AffirmTrust_Networking.crt
share/ca-certificates/mozilla/AffirmTrust_Premium.crt
@@ -23,8 +22,7 @@ share/ca-certificates/mozilla/COMODO_Cer
share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
share/ca-certificates/mozilla/Certigna.crt
-share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
-share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
+share/ca-certificates/mozilla/Certigna_Root_CA.crt
share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
@@ -33,7 +31,6 @@ share/ca-certificates/mozilla/Cybertrust
share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
share/ca-certificates/mozilla/DST_Root_CA_X3.crt
-share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
@@ -49,12 +46,12 @@ share/ca-certificates/mozilla/Entrust.ne
share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
+share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt
share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
-share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
-share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
-share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
-share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
-share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
+share/ca-certificates/mozilla/GTS_Root_R1.crt
+share/ca-certificates/mozilla/GTS_Root_R2.crt
+share/ca-certificates/mozilla/GTS_Root_R3.crt
+share/ca-certificates/mozilla/GTS_Root_R4.crt
share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
@@ -69,6 +66,7 @@ share/ca-certificates/mozilla/Hellenic_A
share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
+share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt
share/ca-certificates/mozilla/ISRG_Root_X1.crt
share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
@@ -116,17 +114,20 @@ share/ca-certificates/mozilla/TrustCor_E
share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
+share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt
+share/ca-certificates/mozilla/UCA_Global_G2_Root.crt
share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
-share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
-share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
-share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
-share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
-share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
-share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt
+share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt
+share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt
+share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt
+share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt
+share/doc/ca-certificates/README.pkgsrc
+share/doc/ca-certificates/README.source
+share/doc/ca-certificates/changelog
share/examples/ca-certificates/ca-certificates.conf
share/man/man8/update-ca-certificates.8
Index: pkgsrc/security/ca-certificates/distinfo
diff -u pkgsrc/security/ca-certificates/distinfo:1.1 pkgsrc/security/ca-certificates/distinfo:1.2
--- pkgsrc/security/ca-certificates/distinfo:1.1 Sun May 31 15:53:44 2020
+++ pkgsrc/security/ca-certificates/distinfo Mon Jun 8 09:55:36 2020
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.1 2020/05/31 15:53:44 kim Exp $
+$NetBSD: distinfo,v 1.2 2020/06/08 09:55:36 kim Exp $
-SHA1 (ca-certificates_20190110.tar.xz) = 47d4584eae85fc905e4994766eb3930a8a84e2e1
-RMD160 (ca-certificates_20190110.tar.xz) = cbf8f474fba527dc96413632ac5874385bd38e17
-SHA512 (ca-certificates_20190110.tar.xz) = 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
-Size (ca-certificates_20190110.tar.xz) = 243472 bytes
+SHA1 (ca-certificates_20200601.tar.xz) = f17235bc9c3aec538065a655681815c242a6d7d5
+RMD160 (ca-certificates_20200601.tar.xz) = a9f1f232f46ecb06c53d5d814c29d3b9aca88323
+SHA512 (ca-certificates_20200601.tar.xz) = 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
+Size (ca-certificates_20200601.tar.xz) = 245668 bytes
Added files:
Index: pkgsrc/security/ca-certificates/files/README.pkgsrc
diff -u /dev/null pkgsrc/security/ca-certificates/files/README.pkgsrc:1.1
--- /dev/null Mon Jun 8 09:55:37 2020
+++ pkgsrc/security/ca-certificates/files/README.pkgsrc Mon Jun 8 09:55:37 2020
@@ -0,0 +1,36 @@
+$NetBSD: README.pkgsrc,v 1.1 2020/06/08 09:55:37 kim Exp $
+
+This package provides the certificates distributed by the Mozilla
+Project and will, by default, install certificates trusted by the
+Mozilla Project in the system certificate store (/etc/ssl),
+so that they can be used by third party applications using OpenSSL.
+
+Edit /etc/ca-certificates.conf to further configure which
+certificates are installed.
+
+To install local certificate authorities to be implicitly trusted,
+place the certificate files in /usr/local/share/ca-certificates/
+as single files ending with ".crt".
+
+After changing the configuration and adding local certificates run this
+command to install and rehash the certificates:
+
+ # /usr/sbin/update-ca-certificates
+
+After removing local certificates run this command to remove dangling
+symlinks from /etc/ssl/certs:
+
+ # /usr/sbin/update-ca-certificates --fresh
+
+The update-ca-certificates tool also creates a single file certificate
+bundle in PEM format in /etc/ssl/certs/ca-certificates.crt
+which can be used by applications using GnuTLS.
+
+To mark the installed certificates as trusted for users of gnupg2 do
+the following (assuming default PKG_SYSCONFBASE and a Bourne shell):
+
+ # mkdir -p /usr/pkg/etc/gnupg
+ # cd /usr/pkg/etc/gnupg
+ # for c in /etc/ssl/certs/*.pem; do
+ > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|'
+ > done > trustlist.txt
Home |
Main Index |
Thread Index |
Old Index