1. photon
  2. SPECS
  3. ca-certificates
  4. ca-certificates.spec
Raw Blame History 
%define ssl_certs_dir %{_sysconfdir}/ssl/certs
%define crt_dir       %{_sysconfdir}/pki/tls/certs
%global __requires_exclude  perl

Summary:        Certificate Authority certificates
Name:           ca-certificates
Version:        20230315
Release:        5%{?dist}
License:        Custom
URL:            http://anduin.linuxfromscratch.org/BLFS/other
Group:          System Environment/Security
Vendor:         VMware, Inc.
Distribution:   Photon

Source0: certdata.txt
Source1: make-ca.sh
Source2: make-cert.pl
Source3: remove-expired-certs.sh

Requires: openssl-libs
Requires: %{name}-pki = %{version}-%{release}
Requires(posttrans): /usr/bin/ln

BuildRequires: openssl

Provides: %{name}-mozilla = %{version}-%{release}

%description
The Public Key Inrastructure is used for many security issues in a
Linux system. In order for a certificate to be trusted, it must be
signed by a trusted agent called a Certificate Authority (CA). The
certificates loaded by this section are from the list on the Mozilla
version control system and formats it into a form used by
OpenSSL-1.0.1e. The certificates can also be used by other applications
either directly of indirectly through openssl.

%package    pki
Summary:    Certificate Authority certificates (pki tls certs)
Group:      System Environment/Security

%description pki
Certificate Authority certificates (pki tls certs)

%prep
%build
cp %{SOURCE0} %{_builddir}

echo "Making certs ..."
bash %{SOURCE1}

echo "Removing expired certs ..."
bash %{SOURCE3}

%install
install -d %{buildroot}%{ssl_certs_dir}
install -d %{buildroot}%{crt_dir}
cp -v certs/*.pem %{buildroot}%{ssl_certs_dir}
install BLFS-ca-bundle*.crt %{buildroot}%{crt_dir}/ca-bundle.crt
unset SSLDIR

mkdir -p %{buildroot}%{_bindir}
cp -pv %{SOURCE1} %{SOURCE2} %{SOURCE3} %{buildroot}%{_bindir}
chmod +x %{buildroot}%{_bindir}/*

pushd %{buildroot}%{ssl_certs_dir}
for file in *.pem; do
  ln -sf $file $(openssl x509 -subject_hash -noout -in $file).0
done

bash %{buildroot}%{_bindir}/remove-expired-certs.sh "${PWD}"
popd

%{_fixperms} %{buildroot}/*

%posttrans
bash %{_bindir}/remove-expired-certs.sh %{ssl_certs_dir}

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root)
%{ssl_certs_dir}/*
%{_bindir}/make-ca.sh
%{_bindir}/remove-expired-certs.sh
%{_bindir}/make-cert.pl

%files pki
%defattr(-,root,root)
%{crt_dir}/ca-bundle.crt

%changelog
* Fri Mar 22 2024 Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> 20230315-5
- Create cert symlinks at build time
* Fri Jan 12 2024 Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> 20230315-4
- Spec cleanups, don't generate helper scripts everytime
* Mon Jan 08 2024 Shreenidhi Shedi <shreenidhi.shedi@broadcom.com> 20230315-3
- Clean up broken symlinks for which files are not present
* Sun Nov 19 2023 Shreenidhi Shedi <sshedi@vmware.com> 20230315-2
- Bump version as a part of openssl upgrade
* Thu Mar 16 2023 Gerrit Photon <photon-checkins@vmware.com> 20230315-1
- Automatic Version Bump
* Wed Mar 08 2023 Shreenidhi Shedi <sshedi@vmware.com> 20220706-2
- Require openssl-libs
* Mon Jul 11 2022 Gerrit Photon <photon-checkins@vmware.com> 20220706-1
- Automatic Version Bump
* Wed Feb 23 2022 Shreenidhi Shedi <sshedi@vmware.com> 20210429-2
- Fix binary path
* Mon May 03 2021 Gerrit Photon <photon-checkins@vmware.com> 20210429-1
- Automatic Version Bump
* Fri Apr 23 2021 Gerrit Photon <photon-checkins@vmware.com> 20210422-1
- Automatic Version Bump
* Mon Apr 12 2021 Gerrit Photon <photon-checkins@vmware.com> 20210419-1
- Automatic Version Bump
* Fri Oct 02 2020 Gerrit Photon <photon-checkins@vmware.com> 20201001-1
- Automatic Version Bump
* Wed Sep 30 2020 Gerrit Photon <photon-checkins@vmware.com> 20200924-1
- Automatic Version Bump
* Tue Sep 29 2020 Satya Naga Vasamsetty <svasamsetty@vmware.com> 20200922-2
- openssl 1.1.1
* Thu Sep 24 2020 Gerrit Photon <photon-checkins@vmware.com> 20200922-1
- Automatic Version Bump
* Wed Sep 09 2020 Gerrit Photon <photon-checkins@vmware.com> 20200903-1
- Automatic Version Bump
* Wed Aug 26 2020 Gerrit Photon <photon-checkins@vmware.com> 20200825-1
- Automatic Version Bump
* Wed Jul 15 2020 Gerrit Photon <photon-checkins@vmware.com> 20200709-1
- Automatic Version Bump
- Fix for OpenSSL CA certs not generated in latest tags move %post to %posttrans
* Thu Jul 09 2020 Gerrit Photon <photon-checkins@vmware.com> 20200708-1
- Automatic Version Bump
* Wed May 22 2019 Gerrit Photon <photon-checkins@vmware.com> 20190521-1
- Automatic Version Bump
* Tue Sep 25 2018 Ankit Jain <ankitja@vmware.com> 20180919-1
- Updating mozilla certdata.txt to latest revision
* Wed May  3 2017 Bo Gan <ganb@vmware.com> 20170406-3
- Fixed dependency on coreutils
* Fri Apr 14 2017 Alexey Makhalov <amakhalov@vmware.com> 20170406-2
- Added -pki subpackage
* Fri Apr 07 2017 Anish Swaminathan <anishs@vmware.com> 20170406-1
- Updating mozilla certdata.txt to latest revision
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 20160109-5
- GA - Bump release of all rpms
* Wed Feb 10 2016 Anish Swaminathan <anishs@vmware.com> 20160109-4
- Add Provides field
* Wed Feb 03 2016 Anish Swaminathan <anishs@vmware.com> 20160109-3
- Force create links for certificates
* Mon Feb 01 2016 Anish Swaminathan <anishs@vmware.com> 20160109-2
- Remove c_rehash dependency
* Wed Jan 13 2016 Divya Thaluru <dthaluru@vmware.com> 20160109-1
- Updating mozilla certdata.txt to latest revision
* Wed Oct 15 2014 Divya Thaluru <dthaluru@vmware.com> 20130524-1
- Initial build.  First version