summaryrefslogtreecommitdiff
path: root/repo/core/cacerts.xibuild
diff options
context:
space:
mode:
authordavidovski <david@davidovski.xyz>2022-01-03 16:44:09 +0000
committerdavidovski <david@davidovski.xyz>2022-01-03 16:44:09 +0000
commit93d60f57780b9f1e9206f411e183bf28e6272334 (patch)
treed278fe89abb43e459cd80ebd4d67f2ba3d2e9901 /repo/core/cacerts.xibuild
parent924ee9d18af78b561fc78b0239b9ae38d5f808b3 (diff)
added new files; git works
Diffstat (limited to 'repo/core/cacerts.xibuild')
-rw-r--r--repo/core/cacerts.xibuild94
1 files changed, 4 insertions, 90 deletions
diff --git a/repo/core/cacerts.xibuild b/repo/core/cacerts.xibuild
index b0b395a..d80d220 100644
--- a/repo/core/cacerts.xibuild
+++ b/repo/core/cacerts.xibuild
@@ -1,96 +1,10 @@
#!/bin/bash
-DEPS=()
+DEPS=(make-ca)
-SOURCE=https://hg.mozilla.org/projects/nss
-DESC="Root certificates needed by ssl"
-
-build () {
- mkdir -p certs
- ln -srft certs lib/ckfw/builtins/{certdata.txt,nssckbi.h}
-
- cd certs
-
- # wholesome curling into python. Thanks for the script jan
- curl -SsL https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/nss/trunk/certdata2pem.py | python
-
- cd ..
-
- (
- cat <<EOF
- # This is a bundle of X.509 certificates of public Certificate
- # Authorities. It was generated from the Mozilla root CA list.
- # These certificates and trust/distrust attributes use the file format accepted
- # by the p11-kit-trust module.
- #
- # Source: nss/lib/ckfw/builtins/certdata.txt
- # Source: nss/lib/ckfw/builtins/nssckbi.h
- #
- # Generated from:
-EOF
- cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}'
- echo '#'
- ) > ca-bundle.trust.p11-kit
-
- for p in certs/*.tmp-p11-kit; do
- cat "$p" >> ca-bundle.trust.p11-kit
- done
-
- ./build.sh \
- --target x64 \
- --opt \
- --system-sqlite \
- --system-nspr \
- --enable-libpkix \
- --disable-tests
-
-}
+SOURCE=https://github.com/djlucas/make-ca/releases/download/v1.7/make-ca-1.7.tar.xz
+DESC="Root certificates needed by ssl built using make-ca"
package () {
-
- # more copied from arch
- local libdir=/usr/lib
- local nsprver="unknown"
-
- sed pkg/pkg-config/nss.pc.in \
- -e "s,%libdir%,$libdir,g" \
- -e "s,%prefix%,/usr,g" \
- -e "s,%exec_prefix%,/usr/bin,g" \
- -e "s,%includedir%,/usr/include/nss,g" \
- -e "s,%NSPR_VERSION%,$nsprver,g" \
- -e "s,%NSS_VERSION%,$VER_HASH,g" |
- install -Dm644 /dev/stdin "$PKG_DEST$libdir/pkgconfig/nss.pc"
-
- ln -s nss.pc "$PKG_DEST/usr/lib/pkgconfig/mozilla-nss.pc"
-
- install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so
- install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so
-
- local vmajor vminor vpatch
- { read vmajor; read vminor; read vpatch; } \
- < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' lib/nss/nss.h)
-
- sed pkg/pkg-config/nss-config.in \
- -e "s,@libdir@,$libdir,g" \
- -e "s,@prefix@,/usr/bin,g" \
- -e "s,@exec_prefix@,/usr/bin,g" \
- -e "s,@includedir@,/usr/include/nss,g" \
- -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \
- -e "s,@MOD_MINOR_VERSION@,$vminor,g" \
- -e "s,@MOD_PATCH_VERSION@,$vpatch,g" |
- install -D /dev/stdin "$PKG_DEST/usr/bin/nss-config"
-
- install -Dt "$PKG_DEST/usr/bin" \
- ../dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap}
-
- install -Dt "$PKG_DEST/usr/include/nss" -m644 ../dist/public/nss/*.h
-
- install -Dt "$PKG_DEST/usr/share/man/man1" -m644 \
- doc/nroff/{*util,signtool,signver,ssltap}.1
-
- # Replace built-in trust with p11-kit connection
- ln -s pkcs11/p11-kit-trust.so "$PKG_DEST$libdir/p11-kit-trust.so"
- ln -sf p11-kit-trust.so "$PKG_DEST$libdir/libnssckbi.so"
-
+ bash make-ca -g --force -D $PKG_DEST
}
-