ports

morpheus ports
git clone git://git.2f30.org/ports
Log | Files | Refs | LICENSE
commit 8e39fd36a3b0a023b87b1da9267840e62601de60
parent 0e9c33c9d751a51749c2600b9f681123b8f6f9ec
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Mon, 28 Apr 2014 20:13:21 +0000

add ca-certificates

Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org>

Diffstat:

Acacertificates/ca-certificates.patch | 56++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Acacertificates/cacertificates.mk | 23+++++++++++++++++++++++


Acacertificates/certdata2pem.c | 143+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Acacertificates/mkfile | 6++++++


Acacertificates/mozilla_Makefile | 10++++++++++


Acacertificates/v.mk | 1+


6 files changed, 239 insertions(+), 0 deletions(-)

diff --git a/cacertificates/ca-certificates.patch b/cacertificates/ca-certificates.patch
@@ -0,0 +1,56 @@
+--- ca-certificates.org/Makefile
++++ ca-certificates/Makefile
+@@ -2,7 +2,7 @@
+ # Makefile
+ #
+ 
+-CERTSDIR = /usr/share/ca-certificates
++CERTSDIR = /share/ca-certificates
+ SUBDIRS = mozilla spi-inc.org
+ 
+ all:
+diff -ur ca-certificates-20120212.orig//mozilla/Makefile ca-certificates-20120212/mozilla/Makefile
+--- ca-certificates-20120212.orig//mozilla/Makefile	2011-11-06 19:23:24.000000000 -0600
++++ ca-certificates-20120212/mozilla/Makefile	2012-04-11 02:45:30.691561468 -0500
+@@ -10,5 +10,5 @@
+ 
+ install:
+ 	for p in *.crt; do \
+-	 install -m 644 $$p $(CERTSDIR)/$$p ; \
++	 install -D -m 644 $$p $(CERTSDIR)/$$p ; \
+ 	done
+diff -ur ca-certificates-20120212.orig//sbin/Makefile ca-certificates-20120212/sbin/Makefile
+--- ca-certificates-20120212.orig//sbin/Makefile	2007-02-02 00:23:19.000000000 -0600
++++ ca-certificates-20120212/sbin/Makefile	2012-04-11 02:53:36.755557626 -0500
+@@ -8,4 +8,5 @@
+ clean:
+ 
+ install:
+-	install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
++	mkdir -p $(DESTDIR)/bin
++	install -m755 update-ca-certificates $(DESTDIR)/bin/
+diff -ur ca-certificates-20120212.orig//sbin/update-ca-certificates ca-certificates-20120212/sbin/update-ca-certificates
+--- ca-certificates-20120212.orig//sbin/update-ca-certificates	2011-11-06 19:23:24.000000000 -0600
++++ ca-certificates-20120212/sbin/update-ca-certificates	2012-04-11 02:35:01.190560840 -0500
+@@ -38,8 +38,8 @@
+ done
+ 
+ CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
++CERTSDIR=/share/ca-certificates
++LOCALCERTSDIR=/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+ ETCCERTSDIR=/etc/ssl/certs
+ 
+diff -ur ca-certificates-20120212.orig//spi-inc.org/Makefile ca-certificates-20120212/spi-inc.org/Makefile
+--- ca-certificates-20120212.orig//spi-inc.org/Makefile	2007-02-02 00:23:19.000000000 -0600
++++ ca-certificates-20120212/spi-inc.org/Makefile	2012-04-11 02:44:35.435558255 -0500
+@@ -8,6 +8,6 @@
+ 
+ install:
+ 	for p in *.crt; do \
+-	 install -m 644 $$p $(CERTSDIR)/$$p ; \
++	 install -D -m 644 $$p $(CERTSDIR)/$$p ; \
+ 	done
+ 
diff --git a/cacertificates/cacertificates.mk b/cacertificates/cacertificates.mk
@@ -0,0 +1,23 @@
+TARG = cacertificates
+
+<$mkbuild/mk.common-noinst
+
+cacertificates:QV:
+	patch -p1 -N --silent --dry-run < ../ca-certificates.patch &&
+		patch -p1 -N < ../ca-certificates.patch
+	cp ../certdata2pem.c mozilla/
+	cp ../mozilla_Makefile mozilla/Makefile
+	make
+
+install:QV:
+	make DESTDIR="$ROOT" install
+	mkdir -p "$ROOT/etc/ssl/certs"
+	( cd "$ROOT/share/ca-certificates/"
+	  find . -name '*.crt' | sort | cut -b3- > "$ROOT/etc/ca-certificates.conf" )
+	cp sbin/update-ca-certificates .
+	sed -e 's#=/etc/#=${DESTDIR}/etc/#' -i update-ca-certificates
+	sed -e 's#=/share/#=${DESTDIR}/share/#' -i update-ca-certificates
+	sed -e 's#=/local/#=${DESTDIR}/local/#' -i update-ca-certificates
+	# create dir update.d, called in script update-ca-certificates.
+	mkdir -p "$ROOT/etc/ca-certificates/update.d"
+	DESTDIR="$ROOT" sh ./update-ca-certificates --fresh
diff --git a/cacertificates/certdata2pem.c b/cacertificates/certdata2pem.c
@@ -0,0 +1,142 @@
+/* Copyright (C) 2013, Felix Janda <felix.janda@posteo.de>
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <err.h>
+
+void xwrite(FILE *f, void *p, size_t size)
+{
+  if (fwrite(p, 1, size, f) != size) err(1, 0);
+}
+
+int main(void)
+{
+  FILE *f;
+  char cert[4096], ecert[4096*4/3 + 100];
+  char *line = 0, *tmp, *filename, *label, *pcert = 0;
+  ssize_t len;
+  size_t size, certsize;
+  int trust;
+  char **blacklist = 0, **node;
+
+  filename = "./blacklist.txt";
+  if (!(f = fopen(filename, "r"))) err(1, "%s", filename);
+  while ((len = getline(&line, &size, f)) != -1) {
+    if ((line[0] != '#') && (len > 1)) {
+      if (!(node = malloc(sizeof(void*) + len))) err(1, 0);
+      *node = (char*)blacklist;
+      memcpy(node + 1, line, len);
+      blacklist = node;
+    }
+  }
+  fclose(f);
+
+  filename = "./certdata.txt";
+  if (!(f = fopen(filename, "r"))) err(1, "%s", filename);
+  while ((len = getline(&line, &size, f)) != -1) {
+    tmp = line;
+    if (line[0] == '#') continue;
+    if (pcert) {
+      if (!strcmp(line, "END\n")) {
+        char *base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                       "abcdefghijklmnopqrstuvwxyz0123456789+/";
+        size_t i, j, k, val;
+
+        for (i = 0, val = 0, tmp = ecert; i < (size_t)(pcert - cert); i++) {
+          val = (val << 8) + (unsigned char)cert[i];
+          if (i % 3 == 2) {
+            for (j = 0; j < 4; j++, val >>= 6) tmp[3 - j] = base64[val & 0x3f];
+            tmp += 4;
+          }
+          if (i && !(i % 48)) {
+            *tmp = '\n';
+            tmp++;
+          }
+        }
+        if (k = i % 3) {
+          tmp[2] = '=';
+          tmp[3] = '=';
+          val <<= 6 - 2*k;
+          for (j = 0; j < k + 1; j++, val >>= 6) tmp[k - j] = base64[val & 0x3f];
+          tmp += 4;
+        }
+        certsize = tmp - ecert;
+        pcert = 0;
+      } else while (sscanf(tmp, "\\%hho", pcert) == 1) pcert++, tmp += 4;
+    } else if (!memcmp(line, "CKA_LABEL UTF8 ", 15)) {
+
+      char *p2, *tmp2;
+      len -= 15;
+      if (!(label = malloc(len))) err(1, 0);
+      memcpy(label, line + 15, len);
+      trust = 0;
+      for (node = blacklist; node; node = (char**)*node)
+        if (!strcmp(label, (char*)(node + 1))) trust = 4;
+      if (!(p2 = malloc(len + 2))) err(1, 0);
+      for (tmp = label + 1, tmp2 = p2; *tmp != '"'; tmp++, tmp2++) {
+        switch (*tmp) {
+        case '\\':
+          if (sscanf(tmp, "\\x%hhx", tmp2)!=1) errx(1, "Bad triple: %s\n", tmp);
+          tmp += 3;
+          break;
+        case '/':
+        case ' ':
+          *tmp2 = '_';
+          break;
+        case '(':
+        case ')':
+          *tmp2 = '=';
+          break;
+        default:
+          *tmp2 = *tmp;
+        }
+      }
+      strcpy(tmp2, ".crt");
+      free(label);
+      label = p2;
+    } else if (!strcmp(line, "CKA_VALUE MULTILINE_OCTAL\n")) pcert = cert;
+    else if (!memcmp(line, "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_", 39)) {
+      tmp += 39;
+      if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1;
+      else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2;
+    } else if (!memcmp(line,
+                       "CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_", 44)) {
+      tmp += 44;
+      if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1;
+      else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2;
+      if (!trust) printf("Ignoring %s\n", label);
+      if (trust == 1) {
+        FILE *out;
+        if (!(out = fopen(label, "w"))) err(1, "%s", label);
+        xwrite(out, "-----BEGIN CERTIFICATE-----\n", 28);
+        xwrite(out, ecert, certsize);
+        xwrite(out, "\n-----END CERTIFICATE-----\n", 27);
+        fclose(out);
+      }
+    }
+  }
+  fclose(f);
+  
+  while (blacklist) {
+    node = (char**)*blacklist;
+    free(blacklist);
+    blacklist = node;
+  }
+  free(line);
+  free(label);
+  return 0;
+}
+\ No newline at end of file
diff --git a/cacertificates/mkfile b/cacertificates/mkfile
@@ -0,0 +1,6 @@
+<$mkbuild/mk.3rdparty
+
+<v.mk
+src = ca-certificates
+url = http://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_$v.tar.xz
+mkfile = ../cacertificates.mk
diff --git a/cacertificates/mozilla_Makefile b/cacertificates/mozilla_Makefile
@@ -0,0 +1,10 @@
+all: a.out
+	./a.out
+a.out:
+	cc -Wall -Wextra -O0 -g certdata2pem.c
+clean:
+	-rm -f *.crt
+install:
+	for p in *.crt; do\
+		install -D -m 644 "$$p" "$(CERTSDIR)/$$p";\
+	done
diff --git a/cacertificates/v.mk b/cacertificates/v.mk
@@ -0,0 +1 @@
+v = 20140325