mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-04-21 05:26:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/main/ca-certificates/APKBUILD

76 lines
2.7 KiB
Text
Raw Permalink Blame History

# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20241121
pkgrel=2
pkgdesc="Common CA certificates PEM files from Mozilla"
url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
arch="all"
# There is a GPL-2.0-or-later script inside the source but it is not shipped
license="MPL-2.0 AND MIT"
makedepends_build="perl"
makedepends_host="openssl-dev>3"
subpackages="$pkgname-doc $pkgname-bundle::noarch"
replaces="openssl"
options="!fhs !check"
triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
install="$pkgname.post-deinstall"
source="https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/$pkgver/ca-certificates-$pkgver.tar.bz2
0001-mk-ca-bundle-remove-CKA_NSS_SERVER_DISTRUST_AFTER-co.patch
"
build() {
make
}
package() {
make install DESTDIR="$pkgdir"
(
echo "# Automatically generated by $pkgname-$pkgver-r$pkgrel"
echo "# $(date -ud@$SOURCE_DATE_EPOCH)"
echo "#"
cd "$pkgdir"/usr/share/ca-certificates
find . -name '*.crt' | sort | cut -b3-
) > "$pkgdir"/etc/ca-certificates.conf
# generate the bundle in similar way as update-ca-certificates would do
find -- *.crt | sort | while read -r i; do
cat "$i"
printf "\n"
done > "$pkgdir"/etc/ssl/certs/ca-certificates.crt
mkdir -p "$pkgdir"/etc/apk/protected_paths.d
cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
-etc/ssl/certs/ca-certificates.crt
-etc/ssl/certs/ca-cert-*.pem
-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
EOF
cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
#!/bin/sh
exec /usr/bin/c_rehash /etc/ssl/certs
EOF
chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash
}
bundle() {
pkgdesc="Pre generated bundle of Mozilla certificates"
replaces="libressl2.7-libcrypto libcrypto1.1"
provides="$pkgname-cacert=$pkgver-r$pkgrel"
mkdir -p "$subpkgdir"/etc/ssl/certs
mv "$pkgdir"/etc/ssl/certs/ca-certificates.crt \
"$subpkgdir"/etc/ssl/certs/
ln -s certs/ca-certificates.crt \
"$subpkgdir"/etc/ssl/cert.pem
# Symlinks for OpenSSL 1.1 compatibility
mkdir -p "$subpkgdir"/etc/ssl1.1/
ln -s /etc/ssl/certs "$subpkgdir"/etc/ssl1.1/
ln -s /etc/ssl/cert.pem "$subpkgdir"/etc/ssl1.1/
}
sha512sums="
b24fba0f1f30933c9a27f1b2232ce3fcfddc6ad4de9f6bf42b5517ddc20268604823ed6e57821fe08ab9a5da7f2a4926ba0ecb08e095380eccc5c33cbe63df75 ca-certificates-20241121.tar.bz2
b053077948458a50e013edac1434c684c19092fe47bbbbbd0e4a945db59011f8793530211065dda0198c87226928a8aa40c14dbced51dc3955c8c24558ef8826 0001-mk-ca-bundle-remove-CKA_NSS_SERVER_DISTRUST_AFTER-co.patch
"
Reference in a new issue View git blame Copy permalink