openwrt/package/system/ca-certificates/Makefile

#
# Copyright (C) 2006-2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk

PKG_NAME:=ca-certificates
PKG_VERSION:=20240203
PKG_RELEASE:=1
PKG_MAINTAINER:=

PKG_LICENSE:=GPL-2.0-or-later MPL-2.0
PKG_LICENSE_FILES:=debian/copyright

PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
PKG_HASH:=3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6
PKG_INSTALL:=1

include $(INCLUDE_DIR)/package.mk

TAR_OPTIONS+= --strip-components 1
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)

define Package/ca-certificates
  SECTION:=base
  CATEGORY:=Base system
  TITLE:=System CA certificates
  PKGARCH:=all
  PROVIDES:=ca-certs
endef

define Package/ca-bundle
  SECTION:=base
  CATEGORY:=Base system
  TITLE:=System CA certificates as a bundle
  PKGARCH:=all
  PROVIDES:=ca-certs
endef

define Build/Install
	mkdir -p \
		$(PKG_INSTALL_DIR)/usr/sbin \
		$(PKG_INSTALL_DIR)/usr/share/ca-certificates
	$(call Build/Install/Default,)
endef

define Package/ca-certificates/install
	$(INSTALL_DIR) $(1)/etc/ssl/certs
	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/

	for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
		HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
		SUFFIX=0 ; \
		while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
			let "SUFFIX += 1" ; \
		done ; \
		$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
	done
endef

define Package/ca-bundle/install
	$(INSTALL_DIR) $(1)/etc/ssl/certs
	cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
	$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
endef
$(eval $(call BuildPackage,ca-bundle))
$(eval $(call BuildPackage,ca-certificates))
ca-certificates: update to version 20150426 update to version 20150426 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 45858 2015-05-31 19:45:54 +02:00			`#`
ca-certificates: Update to 20170717 Update to 20170717 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> 2017-08-15 20:44:17 +02:00			`# Copyright (C) 2006-2017 OpenWrt.org`
ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`#`
			`# This is free software, licensed under the GNU General Public License v2.`
			`# See /LICENSE for more information.`
			`#`
			`include $(TOPDIR)/rules.mk`

			`PKG_NAME:=ca-certificates`
ca-certificates: update to version 20240203 Update Mozilla certificate authority bundle to version 2.64 Signed-off-by: Seo Suchan <tjtncks@gmail.com> 2024-02-18 00:58:54 +01:00			`PKG_VERSION:=20240203`
ca-certificates: update to version 20200601 This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> 2020-06-07 17:22:02 +02:00			`PKG_RELEASE:=1`
ca-caertificates: remove myself as PKG_MAINTAINER remove myself as PKG_MAINTAINER Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> 2018-07-30 21:28:00 +02:00			`PKG_MAINTAINER:=`
ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00
ca-certificates: add missing license information The package has no licence information. So let's fix it. Signed-off-by: Florian Eckert <fe@dev.tdt.de> 2024-03-13 12:41:38 +01:00			`PKG_LICENSE:=GPL-2.0-or-later MPL-2.0`
			`PKG_LICENSE_FILES:=debian/copyright`

ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz`
download: add mirror alias for Debian Add an alias for Debian packages and download them from the Debian mirror redirector. Signed-off-by: David Bauer <mail@david-bauer.net> 2021-02-20 21:17:26 +01:00			`PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates`
ca-certificates: update to version 20240203 Update Mozilla certificate authority bundle to version 2.64 Signed-off-by: Seo Suchan <tjtncks@gmail.com> 2024-02-18 00:58:54 +01:00			`PKG_HASH:=3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6`
ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`PKG_INSTALL:=1`

			`include $(INCLUDE_DIR)/package.mk`

ca-certificates: Update to version 20230311 Update the ca-certificates and ca-bundle package from version 20211016 to version 20230311. Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches. Debian change-log entry [1]: \|[...] \|[ Đoàn Trần Công Danh ] \|* ca-certificates: compat with non-GNU mktemp (closes: #1000847) \| \|[ Ilya Lipnitskiy ] \|* certdata2pem.py: use UTC time when checking cert validity \| \|[ Julien Cristau ] \|* Update Mozilla certificate authority bundle to version 2.60 \| The following certificate authorities were added (+): \| + "Autoridad de Certificacion Firmaprofesional CIF A62634068" \| + "Certainly Root E1" \| + "Certainly Root R1" \| + "D-TRUST BR Root CA 1 2020" \| + "D-TRUST EV Root CA 1 2020" \| + "DigiCert TLS ECC P384 Root G5" \| + "DigiCert TLS RSA4096 Root G5" \| + "E-Tugra Global Root CA ECC v3" \| + "E-Tugra Global Root CA RSA v3" \| + "HARICA TLS ECC Root CA 2021" \| + "HARICA TLS RSA Root CA 2021" \| + "HiPKI Root CA - G1" \| + "ISRG Root X2" \| + "Security Communication ECC RootCA1" \| + "Security Communication RootCA3" \| + "Telia Root CA v2" \| + "TunTrust Root CA" \| + "vTrus ECC Root CA" \| + "vTrus Root CA" \| The following certificate authorities were removed (-): \| - "Cybertrust Global Root" (expired) \| - "EC-ACC" \| - "GlobalSign Root CA - R2" (expired) \| - "Hellenic Academic and Research Institutions RootCA 2011" \| - "Network Solutions Certificate Authority" \| - "Staat der Nederlanden EV Root CA" (expired) \|* Drop trailing space from debconf template causing misformatting \| (closes: #980821) \| \|[ Wataru Ashihara ] \|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) \|[...] [1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> 2023-05-26 06:09:47 +02:00			`TAR_OPTIONS+= --strip-components 1`
			`TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)`

ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`define Package/ca-certificates`
			`SECTION:=base`
			`CATEGORY:=Base system`
			`TITLE:=System CA certificates`
ca-certificates: update to version 20160104 - update to latest version 20160104 - remove cpu dependency (PKGARCH:=all) - set myself as package maintainer Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 48271 2016-01-17 12:03:36 +01:00			`PKGARCH:=all`
ca-certificates: provide ca-certs by both ca-certificates and ca-bundle - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com> 2019-12-12 11:02:19 +01:00			`PROVIDES:=ca-certs`
ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`endef`

ca-certificates: Add certificate bundle package Some SSL applications requires a certificates bundle rather than a directory containing certificates. For thos applications we build the ca-bundle package Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com> 2016-05-13 12:30:25 +02:00			`define Package/ca-bundle`
			`SECTION:=base`
			`CATEGORY:=Base system`
			`TITLE:=System CA certificates as a bundle`
			`PKGARCH:=all`
ca-certificates: provide ca-certs by both ca-certificates and ca-bundle - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com> 2019-12-12 11:02:19 +01:00			`PROVIDES:=ca-certs`
ca-certificates: Add certificate bundle package Some SSL applications requires a certificates bundle rather than a directory containing certificates. For thos applications we build the ca-bundle package Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com> 2016-05-13 12:30:25 +02:00			`endef`

ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`define Build/Install`
			`mkdir -p \`
			`$(PKG_INSTALL_DIR)/usr/sbin \`
			`$(PKG_INSTALL_DIR)/usr/share/ca-certificates`
			`$(call Build/Install/Default,)`
			`endef`

			`define Package/ca-certificates/install`
ca-certificates: install to /etc/ssl/certs/ directly instead of installing a symlink (fixes #15351) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40007 2014-03-23 12:59:37 +01:00			`$(INSTALL_DIR) $(1)/etc/ssl/certs`
			`$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates//.crt $(1)/etc/ssl/certs/`
ca-certificates: create symbolic link for certificate hashes Implementing "add-cert.sh" functionality described at http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile otherwise you need to create symbolic links for certificate hashes yourself. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 42660 2014-09-25 09:38:02 +02:00
			for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
			HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
			`SUFFIX=0 ; \`
			`while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \`
			`let "SUFFIX += 1" ; \`
			`done ; \`
packages: use $(LN) macro, make symlinks relative Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45250 2015-04-03 02:07:43 +02:00			`$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \`
ca-certificates: create symbolic link for certificate hashes Implementing "add-cert.sh" functionality described at http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile otherwise you need to create symbolic links for certificate hashes yourself. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 42660 2014-09-25 09:38:02 +02:00			`done`
ca-certificates: add system CA certificates package (based on the debian one) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984 2014-03-21 16:54:22 +01:00			`endef`

ca-certificates: Add certificate bundle package Some SSL applications requires a certificates bundle rather than a directory containing certificates. For thos applications we build the ca-bundle package Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com> 2016-05-13 12:30:25 +02:00			`define Package/ca-bundle/install`
			`$(INSTALL_DIR) $(1)/etc/ssl/certs`
			`cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates//.crt >$(1)/etc/ssl/certs/ca-certificates.crt`
ca-certificates: ca-bundle: add symlink for openssl default setting OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is needed for wget-ssl and possibly others to work seamlessly with fresh ca-bundle installation Fixes openwrt/packages#6152 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 2018-07-05 12:51:54 +02:00			`$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem`
ca-certificates: Add certificate bundle package Some SSL applications requires a certificates bundle rather than a directory containing certificates. For thos applications we build the ca-bundle package Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com> 2016-05-13 12:30:25 +02:00			`endef`
			`$(eval $(call BuildPackage,ca-bundle))`
ca-certificates: provide ca-certs by both ca-certificates and ca-bundle - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com> 2019-12-12 11:02:19 +01:00			`$(eval $(call BuildPackage,ca-certificates))`