summaryrefslogtreecommitdiff
path: root/system/ca-certificates
diff options
context:
space:
mode:
Diffstat (limited to 'system/ca-certificates')
-rw-r--r--system/ca-certificates/APKBUILD54
-rw-r--r--system/ca-certificates/ca-certificates.post-deinstall7
-rw-r--r--system/ca-certificates/ca-certificates.trigger3
3 files changed, 64 insertions, 0 deletions
diff --git a/system/ca-certificates/APKBUILD b/system/ca-certificates/APKBUILD
new file mode 100644
index 000000000..81194471e
--- /dev/null
+++ b/system/ca-certificates/APKBUILD
@@ -0,0 +1,54 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ca-certificates
+pkgver=20170801
+pkgrel=0
+pkgdesc="Common CA certificates PEM files"
+url="https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/"
+arch="all"
+license="MPL 2.0 GPL2+"
+depends=""
+makedepends_build="python3"
+makedepends_host="openssl-dev"
+subpackages="$pkgname-doc"
+# c_rehash is either in libcrypto1.0 or openssl depending on package, grr. replace both of them
+replaces="libcrypto1.0 openssl"
+options="!fhs !check"
+triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
+install="$pkgname.post-deinstall"
+source="https://git.alpinelinux.org/cgit/ca-certificates/snapshot/ca-certificates-$pkgver.tar.bz2"
+builddir="$srcdir/ca-certificates-$pkgver"
+
+build() {
+ cd "$builddir"
+ make
+}
+
+package() {
+ cd "$builddir"
+ make install DESTDIR="$pkgdir"
+
+ (
+ echo "# Automatically generated by ${pkgname}-${pkgver}-${pkgrel}"
+ echo "# $(date -u)"
+ echo "# Do not edit."
+ cd "$pkgdir"/usr/share/ca-certificates
+ find . -name '*.crt' | sort | cut -b3-
+ ) > "$pkgdir"/etc/ca-certificates.conf
+
+ mkdir -p "$pkgdir"/etc/apk/protected_paths.d
+ cat > "$pkgdir"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
+ -etc/ssl/certs/ca-certificates.crt
+ -etc/ssl/certs/ca-cert-*.pem
+ -etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
+ EOF
+
+ cat > "$pkgdir"/etc/ca-certificates/update.d/certhash <<-EOF
+ #!/bin/sh
+ exec /usr/bin/c_rehash /etc/ssl/certs
+ EOF
+ chmod +x "$pkgdir"/etc/ca-certificates/update.d/certhash
+}
+
+sha512sums="2b3de9f4ed1ae2ee66d428598f5878e3c773a7475102a234332c1430e202fa1d23889365a725a1aef3531c8c56718d206f95e02284af994d2330b3fc92f96ea2 ca-certificates-20170801.tar.bz2"
diff --git a/system/ca-certificates/ca-certificates.post-deinstall b/system/ca-certificates/ca-certificates.post-deinstall
new file mode 100644
index 000000000..ead634716
--- /dev/null
+++ b/system/ca-certificates/ca-certificates.post-deinstall
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# clean up broken symlinks and ca-certificates.crt store
+find -L /etc/ssl/certs -maxdepth 1 \( -type l -o -name ca-certificates.crt \) \
+ -delete
+rmdir /etc/ssl/certs 2>/dev/null || true
+
diff --git a/system/ca-certificates/ca-certificates.trigger b/system/ca-certificates/ca-certificates.trigger
new file mode 100644
index 000000000..eff198163
--- /dev/null
+++ b/system/ca-certificates/ca-certificates.trigger
@@ -0,0 +1,3 @@
+#!/bin/sh
+/usr/sbin/update-ca-certificates --fresh &> /dev/null
+exit 0