[Midnightbsd-cvs] mports: mports/security: Add ca_roots_nss.

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Mon Oct 1 05:42:17 EDT 2007 

Log Message:
-----------
Add ca_roots_nss.  

This is the updated root certs going forward and replaces ca-roots.  Ports should be changed to use this instead.

Modified Files:
--------------
    mports/security:
        Makefile (r1.57 -> r1.58)

Added Files:
-----------
    mports/security/ca_root_nss:
        Makefile (r1.1)
        distinfo (r1.1)
        pkg-descr (r1.1)
    mports/security/ca_root_nss/files:
        patch-ca-bundle.pl (r1.1)

-------------- next part --------------
--- /dev/null
+++ security/ca_root_nss/pkg-descr
@@ -0,0 +1,2 @@
+Root certificates from certificate authorities included in the Mozilla
+NSS library and thus in Firefox and Thunderbird.
--- /dev/null
+++ security/ca_root_nss/Makefile
@@ -0,0 +1,59 @@
+# New ports collection makefile for:    ca-root-nss
+# Date created:				Mon Oct 1 5:39:39 EST 2007
+# Whom:	      				Lucas Holt <luke at midnightbsd.org>
+#
+# $MidnightBSD: mports/security/ca_root_nss/Makefile,v 1.1 2007/10/01 09:42:15 laffer1 Exp $
+# $FreeBSD: ports/security/ca_root_nss/Makefile,v 1.2 2007/07/11 17:07:13 brooks Exp $
+#
+
+PORTNAME=	ca_root_nss
+PORTVERSION=	${VERSION_NSS}
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_MOZILLA} \
+		${MASTER_SITES_MODSSL:S/$/:mod_ssl/}
+MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
+DISTFILES=	${NSS_FILE} ${MODSSL_FILE}:mod_ssl
+
+MAINTAINER=	ports at MidnightBSD.org
+COMMENT=	The root certificate bundle from the Mozilla Project
+
+USE_PERL5_BUILD=	yes
+NO_WRKSUBDIR=	yes
+
+CERTDIR?=	share/certs
+PLIST_DIRS=	${CERTDIR}
+PLIST_FILES=	${CERTDIR}/ca-root-nss.crt
+
+VERSION_NSS=	3.11.7
+VERSION_APACHE=	1.3.37
+VERSION_MODSSL=	2.8.28
+MASTER_SITES_MODSSL=	http://www.modssl.org/source/ \
+		ftp://ftp.modssl.org/source/ \
+		ftp://ftp.blatzheim.com/pub/mod_ssl/ \
+		ftp://ftp.fu-berlin.de/unix/security/mod_ssl/ \
+		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/mod_ssl/source,}
+MODSSL_FILE=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}${EXTRACT_SUFX}
+NSS_FILE=	nss-${VERSION_NSS}${EXTRACT_SUFX}
+CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+CA_BUNDLE_PL_PATH=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}/pkg.sslcfg/ca-bundle.pl
+
+do-extract:
+	@${MKDIR} ${WRKDIR}
+	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/${MODSSL_FILE} \
+	    ${CA_BUNDLE_PL_PATH}
+	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${EXTRACT_SUFX} \
+	    ${CERTDATA_TXT_PATH}
+	@${CP} ${WRKDIR}/${CA_BUNDLE_PL_PATH} ${WRKDIR}
+	@${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR}
+	@${RM} -rf ${WRKDIR}/mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE} \
+	    ${WRKDIR}/nss-${VERSION_NSS}
+
+do-build:
+	@${PERL} ${WRKDIR}/ca-bundle.pl < ${WRKDIR}/certdata.txt > \
+	    ${WRKDIR}/ca-root-nss.crt
+
+do-install:
+	${MKDIR} ${PREFIX}/${CERTDIR}
+	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR}
+
+.include <bsd.port.mk>
--- /dev/null
+++ security/ca_root_nss/distinfo
@@ -0,0 +1,6 @@
+MD5 (nss-3.11.7.tar.gz) = 82594a0773cedd7bb7aa25009a25f5a3
+SHA256 (nss-3.11.7.tar.gz) = e0cb80cbd08d677f9e73d19bbdedfd75fe931777ea732ec352dc1f133f999b98
+SIZE (nss-3.11.7.tar.gz) = 3731160
+MD5 (mod_ssl-2.8.28-1.3.37.tar.gz) = 5e9486a86fcd4efef395f58fd795aaea
+SHA256 (mod_ssl-2.8.28-1.3.37.tar.gz) = 76437105b5b5593a7dbd8ee45af417233897dcaf910cbc337a68b0db24e35489
+SIZE (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417
Index: Makefile
===================================================================
RCS file: /home/cvs/mports/security/Makefile,v
retrieving revision 1.57
retrieving revision 1.58
diff -Lsecurity/Makefile -Lsecurity/Makefile -u -r1.57 -r1.58
--- security/Makefile
+++ security/Makefile
@@ -5,6 +5,7 @@
 
     SUBDIR += aide
     SUBDIR += ca-roots
+    SUBDIR += ca_roots_nss
     SUBDIR += chroot_safe
     SUBDIR += clamav 
     SUBDIR += courier-authlib
--- /dev/null
+++ security/ca_root_nss/files/patch-ca-bundle.pl
@@ -0,0 +1,39 @@
+
+$FreeBSD: ports/security/ca_root_nss/files/patch-ca-bundle.pl,v 1.1 2007/07/06 21:37:35 brooks Exp $
+
+--- ca-bundle.pl.orig
++++ ca-bundle.pl
+@@ -3,30 +3,18 @@
+ ##
+ 
+ #   configuration
+-my $cvsroot  = ':pserver:anonymous at cvs-mirror.mozilla.org:/cvsroot';
+-my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
+-
+-my $date = `date`;
+-$date =~ s/\n$//s;
+ print <<EOH;
+ ##
+ ##  ca-bundle.crt -- Bundle of CA Root Certificates
+ ##
+ ##  This is a bundle of X.509 certificates of public Certificate
+ ##  Authorities (CA). These were automatically extracted from Mozilla's
+-##  root CA list (the file `certdata.txt'). It contains the certificates
+-##  in both plain text and PEM format and therefore can be directly used
+-##  with an Apache/mod_ssl webserver for SSL client authentication. Just
+-##  configure this file as the SSLCACertificateFile.
+-##
+-##  (SKIPME)
++##  root CA list (the file `certdata.txt').
+ ##
+-##  Last Modified: $date
++##  Extracted from nss-%%VERSION_NSS%%
+ EOH
+-open(IN, "cvs -d $cvsroot co -p $certdata|")
+-    || die "could not check out certdata.txt";
+ my $incert = 0;
+-while (<IN>) {
++while (<STDIN>) {
+     if (/^CKA_VALUE MULTILINE_OCTAL/) {
+         $incert = 1;
+         open(OUT, "|openssl x509 -text -inform DER -fingerprint")

More information about the Midnightbsd-cvs mailing list