summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--repo/core/cacerts.xibuild94
-rw-r--r--repo/core/gnutls.xibuild14
-rw-r--r--repo/core/keyutils.xibuild11
-rw-r--r--repo/core/libldap.xibuild2
-rw-r--r--repo/core/libp11-kit.xibuild28
-rw-r--r--repo/core/libsasl.xibuild17
-rw-r--r--repo/core/libsigsegv.xibuild14
-rw-r--r--repo/core/libtasn1.xibuild14
-rw-r--r--repo/core/libunistring.xibuild14
-rw-r--r--repo/core/make-ca.xibuild12
-rw-r--r--repo/core/nettle.xibuild14
-rw-r--r--repo/core/nspr.xibuild18
-rw-r--r--repo/tip/cacert-utils.xibuild35
13 files changed, 196 insertions, 91 deletions
diff --git a/repo/core/cacerts.xibuild b/repo/core/cacerts.xibuild
index b0b395a..d80d220 100644
--- a/repo/core/cacerts.xibuild
+++ b/repo/core/cacerts.xibuild
@@ -1,96 +1,10 @@
#!/bin/bash
-DEPS=()
+DEPS=(make-ca)
-SOURCE=https://hg.mozilla.org/projects/nss
-DESC="Root certificates needed by ssl"
-
-build () {
- mkdir -p certs
- ln -srft certs lib/ckfw/builtins/{certdata.txt,nssckbi.h}
-
- cd certs
-
- # wholesome curling into python. Thanks for the script jan
- curl -SsL https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/nss/trunk/certdata2pem.py | python
-
- cd ..
-
- (
- cat <<EOF
- # This is a bundle of X.509 certificates of public Certificate
- # Authorities. It was generated from the Mozilla root CA list.
- # These certificates and trust/distrust attributes use the file format accepted
- # by the p11-kit-trust module.
- #
- # Source: nss/lib/ckfw/builtins/certdata.txt
- # Source: nss/lib/ckfw/builtins/nssckbi.h
- #
- # Generated from:
-EOF
- cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}'
- echo '#'
- ) > ca-bundle.trust.p11-kit
-
- for p in certs/*.tmp-p11-kit; do
- cat "$p" >> ca-bundle.trust.p11-kit
- done
-
- ./build.sh \
- --target x64 \
- --opt \
- --system-sqlite \
- --system-nspr \
- --enable-libpkix \
- --disable-tests
-
-}
+SOURCE=https://github.com/djlucas/make-ca/releases/download/v1.7/make-ca-1.7.tar.xz
+DESC="Root certificates needed by ssl built using make-ca"
package () {
-
- # more copied from arch
- local libdir=/usr/lib
- local nsprver="unknown"
-
- sed pkg/pkg-config/nss.pc.in \
- -e "s,%libdir%,$libdir,g" \
- -e "s,%prefix%,/usr,g" \
- -e "s,%exec_prefix%,/usr/bin,g" \
- -e "s,%includedir%,/usr/include/nss,g" \
- -e "s,%NSPR_VERSION%,$nsprver,g" \
- -e "s,%NSS_VERSION%,$VER_HASH,g" |
- install -Dm644 /dev/stdin "$PKG_DEST$libdir/pkgconfig/nss.pc"
-
- ln -s nss.pc "$PKG_DEST/usr/lib/pkgconfig/mozilla-nss.pc"
-
- install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so
- install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so
-
- local vmajor vminor vpatch
- { read vmajor; read vminor; read vpatch; } \
- < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' lib/nss/nss.h)
-
- sed pkg/pkg-config/nss-config.in \
- -e "s,@libdir@,$libdir,g" \
- -e "s,@prefix@,/usr/bin,g" \
- -e "s,@exec_prefix@,/usr/bin,g" \
- -e "s,@includedir@,/usr/include/nss,g" \
- -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \
- -e "s,@MOD_MINOR_VERSION@,$vminor,g" \
- -e "s,@MOD_PATCH_VERSION@,$vpatch,g" |
- install -D /dev/stdin "$PKG_DEST/usr/bin/nss-config"
-
- install -Dt "$PKG_DEST/usr/bin" \
- ../dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap}
-
- install -Dt "$PKG_DEST/usr/include/nss" -m644 ../dist/public/nss/*.h
-
- install -Dt "$PKG_DEST/usr/share/man/man1" -m644 \
- doc/nroff/{*util,signtool,signver,ssltap}.1
-
- # Replace built-in trust with p11-kit connection
- ln -s pkcs11/p11-kit-trust.so "$PKG_DEST$libdir/p11-kit-trust.so"
- ln -sf p11-kit-trust.so "$PKG_DEST$libdir/libnssckbi.so"
-
+ bash make-ca -g --force -D $PKG_DEST
}
-
diff --git a/repo/core/gnutls.xibuild b/repo/core/gnutls.xibuild
new file mode 100644
index 0000000..b2e0fa3
--- /dev/null
+++ b/repo/core/gnutls.xibuild
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+DEPS=(libtasn readline zlib nettle p11-kit libidn2 libunistring)
+
+SOURCE=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz
+DESC="Library which provides a secure layer over a transport layer"
+
+build () {
+
+ ./configure \
+ --prefix=/usr
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/keyutils.xibuild b/repo/core/keyutils.xibuild
new file mode 100644
index 0000000..a2341dc
--- /dev/null
+++ b/repo/core/keyutils.xibuild
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+DEPS=(glibc sh)
+
+SOURCE=https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-1.6.3.tar.gz
+DESC="Linux Key Management Utils"
+
+build () {
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/libldap.xibuild b/repo/core/libldap.xibuild
index 98d3e05..f6caccb 100644
--- a/repo/core/libldap.xibuild
+++ b/repo/core/libldap.xibuild
@@ -1,6 +1,6 @@
#!/bin/bash
-DEPS=(libidn)
+DEPS=(libidn libsasl)
SOURCE=http://repository.linagora.org/OpenLDAP/openldap-release/openldap-2.6.0.tgz
DESC="An open source implementation of the Lightweight Directory Access Protocol"
diff --git a/repo/core/libp11-kit.xibuild b/repo/core/libp11-kit.xibuild
new file mode 100644
index 0000000..e9e5e4a
--- /dev/null
+++ b/repo/core/libp11-kit.xibuild
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+DEPS=(glibc libtasn1 libffi)
+
+SOURCE=https://github.com/p11-glue/p11-kit
+DESC="Loads and enumerates PKCS#11 modules"
+
+build () {
+
+ sed '20,$ d' -i trust/trust-extract-compat &&
+ cat >> trust/trust-extract-compat << "EOF"
+# Copy existing anchor modifications to /etc/ssl/local
+/usr/libexec/make-ca/copy-trust-modifications
+
+# Generate a new trust store
+/usr/sbin/make-ca -f -g
+EOF
+
+ ./autogen.sh
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-trust-paths=/etc/pki/anchors
+ make
+ make DESTDIR=$PKG_DEST install
+ ln -sfv $PKG_DEST/usr/libexec/p11-kit/trust-extract-compat \
+ $PKG_DEST/usr/bin/update-ca-certificates
+}
+
diff --git a/repo/core/libsasl.xibuild b/repo/core/libsasl.xibuild
new file mode 100644
index 0000000..8cb4491
--- /dev/null
+++ b/repo/core/libsasl.xibuild
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+DEPS=(gmp)
+
+SOURCE=https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz
+DESC="A library for Simple Authentication and Security Layer"
+
+build () {
+ ./configure \
+ --prefix=/usr
+ make
+ make DESTDIR=$PKG_DEST install
+}
+
+#package () {
+ #mv $PKG_DEST/usr/local/* $PKG_DEST/usr/
+#}
diff --git a/repo/core/libsigsegv.xibuild b/repo/core/libsigsegv.xibuild
new file mode 100644
index 0000000..559e1eb
--- /dev/null
+++ b/repo/core/libsigsegv.xibuild
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+DEPS=(libtasn readline zlib nettle p11-kit libidn2 libunistring)
+
+SOURCE=https://ftp.gnu.org/gnu/libsigsegv/libsigsegv-2.13.tar.gz
+DESC="A library for handling page faults in user mode"
+
+build () {
+
+ ./configure \
+ --prefix=/usr --enable-shared --disable-static
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/libtasn1.xibuild b/repo/core/libtasn1.xibuild
new file mode 100644
index 0000000..2f6fccd
--- /dev/null
+++ b/repo/core/libtasn1.xibuild
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+DEPS=(glibc)
+
+SOURCE=https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.18.0.tar.gz
+DESC="The ASN.1 library used in GNUTLS"
+
+build () {
+
+ ./configure \
+ --prefix=/usr
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/libunistring.xibuild b/repo/core/libunistring.xibuild
new file mode 100644
index 0000000..3a5b3d4
--- /dev/null
+++ b/repo/core/libunistring.xibuild
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+DEPS=(glibc)
+
+SOURCE=https://ftp.gnu.org/gnu/libunistring/libunistring-0.9.10.tar.gz
+DESC="Library for manipulating Unicode strings and C strings"
+
+build () {
+
+ ./configure \
+ --prefix=/usr
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/make-ca.xibuild b/repo/core/make-ca.xibuild
new file mode 100644
index 0000000..ff1ed76
--- /dev/null
+++ b/repo/core/make-ca.xibuild
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+DEPS=(p11-kit nss)
+
+SOURCE=https://github.com/djlucas/make-ca/releases/download/v1.7/make-ca-1.7.tar.xz
+DESC="A utility to deliver and manage a complete PKI configuration"
+
+build () {
+
+ make DESTDIR=$PKG_DEST install &&
+ install -vdm755 $PKG_DEST/etc/ssl/local
+}
diff --git a/repo/core/nettle.xibuild b/repo/core/nettle.xibuild
new file mode 100644
index 0000000..398a722
--- /dev/null
+++ b/repo/core/nettle.xibuild
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+DEPS=(gmp)
+
+SOURCE=https://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz
+DESC="A low-level cryptographic library"
+
+build () {
+
+ ./configure \
+ --prefix=/usr
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/core/nspr.xibuild b/repo/core/nspr.xibuild
new file mode 100644
index 0000000..733c333
--- /dev/null
+++ b/repo/core/nspr.xibuild
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+DEPS=(glibc bash)
+
+SOURCE=https://archive.mozilla.org/pub/nspr/releases/v4.33/src/nspr-4.33.tar.gz
+DESC="Netscape Portable Runtime"
+
+build () {
+ sed -ri '/^RELEASE/s/^/#/' pr/src/misc/Makefile.in
+ sed -i 's#$(LIBRARY) ##' config/rules.mk
+
+
+ cd nspr
+ ./configure \
+ --prefix=/usr --with-mozilla --with-pthreads --enable-64bit
+ make
+ make DESTDIR=$PKG_DEST install
+}
diff --git a/repo/tip/cacert-utils.xibuild b/repo/tip/cacert-utils.xibuild
new file mode 100644
index 0000000..f88b9d2
--- /dev/null
+++ b/repo/tip/cacert-utils.xibuild
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+DEPS=(bash coreutils findutils p11-kit)
+
+SOURCE=https://src.fedoraproject.org/rpms/ca-certificates
+DESC="CA certificate utilities"
+
+build() {
+ asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
+ xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
+}
+
+package () {
+ rm update-ca-trust
+ wget https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/ca-certificates/trunk/update-ca-trust
+
+ install -Dt "$PKG_DEST/usr/bin" update-ca-trust
+ install -Dt "$PKG_DEST/usr/share/man/man8" -m644 update-ca-trust.8
+ install -Dt "$PKG_DEST/usr/share/libalpm/hooks" -m644 *.hook
+
+ # Trust source directories
+ # Upstream also adds "blocklist" but that's useless without support in p11-kit
+ install -d "$PKG_DEST"/{etc,usr/share}/ca-certificates/trust-source/{anchors,blocklist}
+
+ # Directories used by update-ca-trust (aka "trust extract-compat")
+ install -d "$PKG_DEST"/etc/{ssl/certs/{edk2,java},ca-certificates/extracted}
+
+ # Compatibility link for OpenSSL using /etc/ssl as CAdir
+ # Used in preference to the individual links in /etc/ssl/certs
+ ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/cert.pem"
+
+ # Compatiblity link for legacy bundle
+ ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/certs/ca-certificates.crt"
+
+}