diff options
Diffstat (limited to 'repo')
-rw-r--r-- | repo/core/cacerts.xibuild | 94 | ||||
-rw-r--r-- | repo/core/gnutls.xibuild | 14 | ||||
-rw-r--r-- | repo/core/keyutils.xibuild | 11 | ||||
-rw-r--r-- | repo/core/libldap.xibuild | 2 | ||||
-rw-r--r-- | repo/core/libp11-kit.xibuild | 28 | ||||
-rw-r--r-- | repo/core/libsasl.xibuild | 17 | ||||
-rw-r--r-- | repo/core/libsigsegv.xibuild | 14 | ||||
-rw-r--r-- | repo/core/libtasn1.xibuild | 14 | ||||
-rw-r--r-- | repo/core/libunistring.xibuild | 14 | ||||
-rw-r--r-- | repo/core/make-ca.xibuild | 12 | ||||
-rw-r--r-- | repo/core/nettle.xibuild | 14 | ||||
-rw-r--r-- | repo/core/nspr.xibuild | 18 | ||||
-rw-r--r-- | repo/tip/cacert-utils.xibuild | 35 |
13 files changed, 196 insertions, 91 deletions
diff --git a/repo/core/cacerts.xibuild b/repo/core/cacerts.xibuild index b0b395a..d80d220 100644 --- a/repo/core/cacerts.xibuild +++ b/repo/core/cacerts.xibuild @@ -1,96 +1,10 @@ #!/bin/bash -DEPS=() +DEPS=(make-ca) -SOURCE=https://hg.mozilla.org/projects/nss -DESC="Root certificates needed by ssl" - -build () { - mkdir -p certs - ln -srft certs lib/ckfw/builtins/{certdata.txt,nssckbi.h} - - cd certs - - # wholesome curling into python. Thanks for the script jan - curl -SsL https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/nss/trunk/certdata2pem.py | python - - cd .. - - ( - cat <<EOF - # This is a bundle of X.509 certificates of public Certificate - # Authorities. It was generated from the Mozilla root CA list. - # These certificates and trust/distrust attributes use the file format accepted - # by the p11-kit-trust module. - # - # Source: nss/lib/ckfw/builtins/certdata.txt - # Source: nss/lib/ckfw/builtins/nssckbi.h - # - # Generated from: -EOF - cat certs/nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}' - echo '#' - ) > ca-bundle.trust.p11-kit - - for p in certs/*.tmp-p11-kit; do - cat "$p" >> ca-bundle.trust.p11-kit - done - - ./build.sh \ - --target x64 \ - --opt \ - --system-sqlite \ - --system-nspr \ - --enable-libpkix \ - --disable-tests - -} +SOURCE=https://github.com/djlucas/make-ca/releases/download/v1.7/make-ca-1.7.tar.xz +DESC="Root certificates needed by ssl built using make-ca" package () { - - # more copied from arch - local libdir=/usr/lib - local nsprver="unknown" - - sed pkg/pkg-config/nss.pc.in \ - -e "s,%libdir%,$libdir,g" \ - -e "s,%prefix%,/usr,g" \ - -e "s,%exec_prefix%,/usr/bin,g" \ - -e "s,%includedir%,/usr/include/nss,g" \ - -e "s,%NSPR_VERSION%,$nsprver,g" \ - -e "s,%NSS_VERSION%,$VER_HASH,g" | - install -Dm644 /dev/stdin "$PKG_DEST$libdir/pkgconfig/nss.pc" - - ln -s nss.pc "$PKG_DEST/usr/lib/pkgconfig/mozilla-nss.pc" - - install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so - install -Dt "$PKG_DEST$libdir" ../dist/Release/lib/*.so - - local vmajor vminor vpatch - { read vmajor; read vminor; read vpatch; } \ - < <(awk '/#define.*NSS_V(MAJOR|MINOR|PATCH)/ {print $3}' lib/nss/nss.h) - - sed pkg/pkg-config/nss-config.in \ - -e "s,@libdir@,$libdir,g" \ - -e "s,@prefix@,/usr/bin,g" \ - -e "s,@exec_prefix@,/usr/bin,g" \ - -e "s,@includedir@,/usr/include/nss,g" \ - -e "s,@MOD_MAJOR_VERSION@,$vmajor,g" \ - -e "s,@MOD_MINOR_VERSION@,$vminor,g" \ - -e "s,@MOD_PATCH_VERSION@,$vpatch,g" | - install -D /dev/stdin "$PKG_DEST/usr/bin/nss-config" - - install -Dt "$PKG_DEST/usr/bin" \ - ../dist/Release/bin/{*util,shlibsign,signtool,signver,ssltap} - - install -Dt "$PKG_DEST/usr/include/nss" -m644 ../dist/public/nss/*.h - - install -Dt "$PKG_DEST/usr/share/man/man1" -m644 \ - doc/nroff/{*util,signtool,signver,ssltap}.1 - - # Replace built-in trust with p11-kit connection - ln -s pkcs11/p11-kit-trust.so "$PKG_DEST$libdir/p11-kit-trust.so" - ln -sf p11-kit-trust.so "$PKG_DEST$libdir/libnssckbi.so" - + bash make-ca -g --force -D $PKG_DEST } - diff --git a/repo/core/gnutls.xibuild b/repo/core/gnutls.xibuild new file mode 100644 index 0000000..b2e0fa3 --- /dev/null +++ b/repo/core/gnutls.xibuild @@ -0,0 +1,14 @@ +#!/bin/bash + +DEPS=(libtasn readline zlib nettle p11-kit libidn2 libunistring) + +SOURCE=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz +DESC="Library which provides a secure layer over a transport layer" + +build () { + + ./configure \ + --prefix=/usr + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/keyutils.xibuild b/repo/core/keyutils.xibuild new file mode 100644 index 0000000..a2341dc --- /dev/null +++ b/repo/core/keyutils.xibuild @@ -0,0 +1,11 @@ +#!/bin/bash + +DEPS=(glibc sh) + +SOURCE=https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/keyutils.git/snapshot/keyutils-1.6.3.tar.gz +DESC="Linux Key Management Utils" + +build () { + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/libldap.xibuild b/repo/core/libldap.xibuild index 98d3e05..f6caccb 100644 --- a/repo/core/libldap.xibuild +++ b/repo/core/libldap.xibuild @@ -1,6 +1,6 @@ #!/bin/bash -DEPS=(libidn) +DEPS=(libidn libsasl) SOURCE=http://repository.linagora.org/OpenLDAP/openldap-release/openldap-2.6.0.tgz DESC="An open source implementation of the Lightweight Directory Access Protocol" diff --git a/repo/core/libp11-kit.xibuild b/repo/core/libp11-kit.xibuild new file mode 100644 index 0000000..e9e5e4a --- /dev/null +++ b/repo/core/libp11-kit.xibuild @@ -0,0 +1,28 @@ +#!/bin/bash + +DEPS=(glibc libtasn1 libffi) + +SOURCE=https://github.com/p11-glue/p11-kit +DESC="Loads and enumerates PKCS#11 modules" + +build () { + + sed '20,$ d' -i trust/trust-extract-compat && + cat >> trust/trust-extract-compat << "EOF" +# Copy existing anchor modifications to /etc/ssl/local +/usr/libexec/make-ca/copy-trust-modifications + +# Generate a new trust store +/usr/sbin/make-ca -f -g +EOF + + ./autogen.sh + ./configure --prefix=/usr \ + --sysconfdir=/etc \ + --with-trust-paths=/etc/pki/anchors + make + make DESTDIR=$PKG_DEST install + ln -sfv $PKG_DEST/usr/libexec/p11-kit/trust-extract-compat \ + $PKG_DEST/usr/bin/update-ca-certificates +} + diff --git a/repo/core/libsasl.xibuild b/repo/core/libsasl.xibuild new file mode 100644 index 0000000..8cb4491 --- /dev/null +++ b/repo/core/libsasl.xibuild @@ -0,0 +1,17 @@ +#!/bin/bash + +DEPS=(gmp) + +SOURCE=https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz +DESC="A library for Simple Authentication and Security Layer" + +build () { + ./configure \ + --prefix=/usr + make + make DESTDIR=$PKG_DEST install +} + +#package () { + #mv $PKG_DEST/usr/local/* $PKG_DEST/usr/ +#} diff --git a/repo/core/libsigsegv.xibuild b/repo/core/libsigsegv.xibuild new file mode 100644 index 0000000..559e1eb --- /dev/null +++ b/repo/core/libsigsegv.xibuild @@ -0,0 +1,14 @@ +#!/bin/bash + +DEPS=(libtasn readline zlib nettle p11-kit libidn2 libunistring) + +SOURCE=https://ftp.gnu.org/gnu/libsigsegv/libsigsegv-2.13.tar.gz +DESC="A library for handling page faults in user mode" + +build () { + + ./configure \ + --prefix=/usr --enable-shared --disable-static + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/libtasn1.xibuild b/repo/core/libtasn1.xibuild new file mode 100644 index 0000000..2f6fccd --- /dev/null +++ b/repo/core/libtasn1.xibuild @@ -0,0 +1,14 @@ +#!/bin/bash + +DEPS=(glibc) + +SOURCE=https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.18.0.tar.gz +DESC="The ASN.1 library used in GNUTLS" + +build () { + + ./configure \ + --prefix=/usr + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/libunistring.xibuild b/repo/core/libunistring.xibuild new file mode 100644 index 0000000..3a5b3d4 --- /dev/null +++ b/repo/core/libunistring.xibuild @@ -0,0 +1,14 @@ +#!/bin/bash + +DEPS=(glibc) + +SOURCE=https://ftp.gnu.org/gnu/libunistring/libunistring-0.9.10.tar.gz +DESC="Library for manipulating Unicode strings and C strings" + +build () { + + ./configure \ + --prefix=/usr + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/make-ca.xibuild b/repo/core/make-ca.xibuild new file mode 100644 index 0000000..ff1ed76 --- /dev/null +++ b/repo/core/make-ca.xibuild @@ -0,0 +1,12 @@ +#!/bin/bash + +DEPS=(p11-kit nss) + +SOURCE=https://github.com/djlucas/make-ca/releases/download/v1.7/make-ca-1.7.tar.xz +DESC="A utility to deliver and manage a complete PKI configuration" + +build () { + + make DESTDIR=$PKG_DEST install && + install -vdm755 $PKG_DEST/etc/ssl/local +} diff --git a/repo/core/nettle.xibuild b/repo/core/nettle.xibuild new file mode 100644 index 0000000..398a722 --- /dev/null +++ b/repo/core/nettle.xibuild @@ -0,0 +1,14 @@ +#!/bin/bash + +DEPS=(gmp) + +SOURCE=https://ftp.gnu.org/gnu/nettle/nettle-3.7.tar.gz +DESC="A low-level cryptographic library" + +build () { + + ./configure \ + --prefix=/usr + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/core/nspr.xibuild b/repo/core/nspr.xibuild new file mode 100644 index 0000000..733c333 --- /dev/null +++ b/repo/core/nspr.xibuild @@ -0,0 +1,18 @@ +#!/bin/bash + +DEPS=(glibc bash) + +SOURCE=https://archive.mozilla.org/pub/nspr/releases/v4.33/src/nspr-4.33.tar.gz +DESC="Netscape Portable Runtime" + +build () { + sed -ri '/^RELEASE/s/^/#/' pr/src/misc/Makefile.in + sed -i 's#$(LIBRARY) ##' config/rules.mk + + + cd nspr + ./configure \ + --prefix=/usr --with-mozilla --with-pthreads --enable-64bit + make + make DESTDIR=$PKG_DEST install +} diff --git a/repo/tip/cacert-utils.xibuild b/repo/tip/cacert-utils.xibuild new file mode 100644 index 0000000..f88b9d2 --- /dev/null +++ b/repo/tip/cacert-utils.xibuild @@ -0,0 +1,35 @@ +#!/bin/bash + +DEPS=(bash coreutils findutils p11-kit) + +SOURCE=https://src.fedoraproject.org/rpms/ca-certificates +DESC="CA certificate utilities" + +build() { + asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt + xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml +} + +package () { + rm update-ca-trust + wget https://raw.githubusercontent.com/archlinux/svntogit-packages/packages/ca-certificates/trunk/update-ca-trust + + install -Dt "$PKG_DEST/usr/bin" update-ca-trust + install -Dt "$PKG_DEST/usr/share/man/man8" -m644 update-ca-trust.8 + install -Dt "$PKG_DEST/usr/share/libalpm/hooks" -m644 *.hook + + # Trust source directories + # Upstream also adds "blocklist" but that's useless without support in p11-kit + install -d "$PKG_DEST"/{etc,usr/share}/ca-certificates/trust-source/{anchors,blocklist} + + # Directories used by update-ca-trust (aka "trust extract-compat") + install -d "$PKG_DEST"/etc/{ssl/certs/{edk2,java},ca-certificates/extracted} + + # Compatibility link for OpenSSL using /etc/ssl as CAdir + # Used in preference to the individual links in /etc/ssl/certs + ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/cert.pem" + + # Compatiblity link for legacy bundle + ln -sr "$PKG_DEST/etc/ca-certificates/extracted/tls-ca-bundle.pem" "$PKG_DEST/etc/ssl/certs/ca-certificates.crt" + +} |