[arch-commits] Commit in nss/trunk (3 files)
Jan Steffens
heftig at archlinux.org
Sun Aug 24 14:47:45 UTC 2014
Date: Sunday, August 24, 2014 @ 16:47:45
Author: heftig
Revision: 220623
Implement CA rethink
Added:
nss/trunk/ca-certificates-mozilla.install
nss/trunk/certdata2pem.py-loudness.patch
Modified:
nss/trunk/PKGBUILD
---------------------------------+
PKGBUILD | 59 ++++++++++++++++++++++++++++----------
ca-certificates-mozilla.install | 11 +++++++
certdata2pem.py-loudness.patch | 13 ++++++++
3 files changed, 69 insertions(+), 14 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-08-24 14:32:31 UTC (rev 220622)
+++ PKGBUILD 2014-08-24 14:47:45 UTC (rev 220623)
@@ -1,8 +1,9 @@
# $Id$
# Maintainer: Jan de Groot <jgc at archlinux.org>
-pkgname=nss
-pkgver=3.16.3
+pkgbase=nss
+pkgname=(nss ca-certificates-mozilla)
+pkgver=3.17
pkgrel=1
pkgdesc="Mozilla Network Security Services"
arch=(i686 x86_64)
@@ -9,21 +10,28 @@
url="http://www.mozilla.org/projects/security/pki/nss/"
license=('MPL' 'GPL')
_nsprver=4.10.6
-depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh')
-makedepends=('perl')
+depends=("nspr>=${_nsprver}" 'sqlite' 'zlib' 'sh' 'p11-kit')
+makedepends=('perl' 'python2')
options=('!strip' '!makeflags' 'staticlibs')
-source=(ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgname}-${pkgver}.tar.gz
+source=("ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${pkgbase}-${pkgver}.tar.gz"
+ "certdata2pem.py::http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/plain/mozilla/certdata2pem.py?id=15470c64b5464d273556a290b1e7b50b32a2e5a0"
nss.pc.in
nss-config.in
- ssl-renegotiate-transitional.patch)
-sha1sums=('a1937de60e03a24526591d883bcfe31a3acc8ef4'
- 'aa5b2c0aa38d3c1066d511336cf28d1333e3aebd'
- 'cb744cc3e56b604e4754bc3c7d9f25bb9a0a136c'
- '8a964a744ba098711b80c0d279a2993524e8eb92')
+ ssl-renegotiate-transitional.patch
+ certdata2pem.py-loudness.patch)
+sha256sums=('3b1abcd8f89211dda2cc739bfa76552d080f7ea80482ef2727b006548a7f0c81'
+ '57bd6f309736825fc0edbf7d522726224764520595dfdddd0dba59158839e863'
+ 'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd'
+ 'e44ac5095b4d88f24ec7b2e6a9f1581560bd3ad41a3d198596d67ef22f67adb9'
+ '12df04bccbf674db1eef7a519a28987927b5e9c107b1dc386686f05e64f49a97'
+ '90f8e72fbcca9ce907dcf6565bcd95ca23d2da5d87caee64c141ac54680f8703')
prepare() {
- cd $pkgname-$pkgver
+ mkdir certs
+ patch --follow-symlinks certdata2pem.py certdata2pem.py-loudness.patch
+ cd nss-$pkgver
+
# Adds transitional SSL renegotiate support - patch from Debian
patch -Np3 -i ../ssl-renegotiate-transitional.patch
@@ -30,12 +38,18 @@
# Respect LDFLAGS
sed -e 's/\$(MKSHLIB) -o/\$(MKSHLIB) \$(LDFLAGS) -o/' \
-i nss/coreconf/rules.mk
+
+ ln -sr nss/lib/ckfw/builtins/certdata.txt ../certs/
}
build() {
- cd $pkgname-$pkgver/nss
+ cd certs
+ python2 ../certdata2pem.py
+ printf "mozilla/%s\n" *.crt > mozilla.conf
+ test -s mozilla.conf
+ cd ../nss-$pkgver/nss
export BUILD_OPT=1
export NSS_USE_SYSTEM_SQLITE=1
export NSS_ENABLE_ECC=1
@@ -50,8 +64,8 @@
make
}
-package() {
- cd $pkgname-$pkgver
+package_nss() {
+ cd nss-$pkgver
install -d "$pkgdir"/usr/{bin,include/nss,lib/pkgconfig}
NSS_VMAJOR=$(grep '#define.*NSS_VMAJOR' nss/lib/nss/nss.h | awk '{print $3}')
@@ -88,4 +102,21 @@
cd ../../public/nss
install -t "$pkgdir/usr/include/nss" -m644 *.h
+
+ rm "$pkgdir/usr/lib/libnssckbi.so"
+ ln -s p11-kit-proxy.so "$pkgdir/usr/lib/libnssckbi.so"
}
+
+package_ca-certificates-mozilla() {
+ pkgdesc="Mozilla's set of trusted CA certificates"
+ depends=(ca-certificates-utils)
+ install=ca-certificates-mozilla.install
+
+ cd certs
+
+ local _certdir="$pkgdir/usr/share/ca-certificates/mozilla"
+ install -d "$_certdir"
+ install -t "$_certdir" -m644 *.crt
+
+ install -Dm644 mozilla.conf "$pkgdir/etc/ca-certificates/conf.d/mozilla.conf"
+}
Added: ca-certificates-mozilla.install
===================================================================
--- ca-certificates-mozilla.install (rev 0)
+++ ca-certificates-mozilla.install 2014-08-24 14:47:45 UTC (rev 220623)
@@ -0,0 +1,11 @@
+post_install() {
+ usr/bin/update-ca-certificates --fresh &>/dev/null
+}
+
+post_upgrade() {
+ post_install
+}
+
+pre_remove() {
+ post_install
+}
Added: certdata2pem.py-loudness.patch
===================================================================
--- certdata2pem.py-loudness.patch (rev 0)
+++ certdata2pem.py-loudness.patch 2014-08-24 14:47:45 UTC (rev 220623)
@@ -0,0 +1,13 @@
+--- certdata2pem.py 2014-08-24 15:16:24.927192958 +0200
++++ certdata2pem.py.loudness 2014-08-24 15:17:30.193535402 +0200
+@@ -104,9 +104,7 @@
+ trust[obj['CKA_LABEL']] = True
+ elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
+ 'CKT_NSS_NOT_TRUSTED'):
+- print '!'*74
+- print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
+- print '!'*74
++ print "Certificate %s untrusted, ignoring." % obj['CKA_LABEL']
+ else:
+ print "Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
+ (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
More information about the arch-commits
mailing list