diff options
author | davidovski <david@davidovski.xyz> | 2021-12-11 18:20:54 +0000 |
---|---|---|
committer | davidovski <david@davidovski.xyz> | 2021-12-11 18:20:54 +0000 |
commit | f67f96be9b135b05e06a31feb1a1a050ae2bf0d0 (patch) | |
tree | ca0f65fd6271c0e89381afcaaf353b5bef518e6f /repo | |
parent | df58243b7b763347314a71636ea776ad8211748a (diff) |
added ca certs package
Diffstat (limited to 'repo')
-rw-r--r-- | repo/core/cacerts.xibuild | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/repo/core/cacerts.xibuild b/repo/core/cacerts.xibuild new file mode 100644 index 0000000..b0b395a --- /dev/null +++ b/repo/core/cacerts.xibuild @@ -0,0 +1,96 @@ +#!/bin/bash + +DEPS=() + +SOURCE=https://hg.mozilla.org/projects/nss +DESC="Root certificates needed by ssl" + +build () { + mkdir -p certs + ln -srft certs lib/ckfw/builtins/{certdata.txt,nssckbi.h} + + cd certs + + # wholesome curling into python. Thanks for the script jan + curl -SsL https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/nss/trunk/certdata2pem.py | python + + cd .. + + ( + cat <<EOF + # This is a bundle of X.509 certificates of public Certificate + # Authorities. It was generated from the Mozilla root CA list. + # These certificates and trust/distrust attributes use the file format accepted + # by the p11-kit-trust module. + # + # Source: nss/lib/ckfw/builtins/certdata.txt + # Source: nss/lib/ckfw/builtins/nssckbi.h + # + # Generated from: +EOF + cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}' + echo '#' + ) > ca-bundle.trust.p11-kit + + for p in certs/*.tmp-p11-kit; do + cat "$p" >> ca-bundle.trust.p11-kit + done + + ./build.sh \ + --target x64 \ + --opt \ + --system-sqlite \ + --system-nspr \ + --enable-libpkix \ + --disable-tests + +} + +package () { + + # more copied from arch + local libdir=/usr/lib + local nsprver="unknown" + + sed pkg/pkg-config/nss.pc.in \ + -e "s,%libdir%,$libdir,g" \ + -e "s,%prefix%,/usr,g" \ + -e "s,%exec_prefix%,/usr/bin,g" \ + -e "s,%includedir%,/usr/include/nss,g" \ + -e "s,%NSPR_VERSION%,$nsprver,g" \ + -e "s,%NSS_VERSION%,$VER_HASH,g" | + install -Dm644 /dev/stdin "$PKG_DEST$libdir/pkgconfig/nss.pc" + + ln -s nss.pc "$PKG_DEST/usr/lib/pkgconfig/mozilla-nss.pc" + + install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so + install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so + + local vmajor vminor vpatch + { read vmajor; read vminor; read vpatch; } \ + < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' lib/nss/nss.h) + + sed pkg/pkg-config/nss-config.in \ + -e "s,@libdir@,$libdir,g" \ + -e "s,@prefix@,/usr/bin,g" \ + -e "s,@exec_prefix@,/usr/bin,g" \ + -e "s,@includedir@,/usr/include/nss,g" \ + -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \ + -e "s,@MOD_MINOR_VERSION@,$vminor,g" \ + -e "s,@MOD_PATCH_VERSION@,$vpatch,g" | + install -D /dev/stdin "$PKG_DEST/usr/bin/nss-config" + + install -Dt "$PKG_DEST/usr/bin" \ + ../dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap} + + install -Dt "$PKG_DEST/usr/include/nss" -m644 ../dist/public/nss/*.h + + install -Dt "$PKG_DEST/usr/share/man/man1" -m644 \ + doc/nroff/{*util,signtool,signver,ssltap}.1 + + # Replace built-in trust with p11-kit connection + ln -s pkcs11/p11-kit-trust.so "$PKG_DEST$libdir/p11-kit-trust.so" + ln -sf p11-kit-trust.so "$PKG_DEST$libdir/libnssckbi.so" + +} + |