Package ca-certificates: Specfile

Download ca-certificates.spec
Name: ca-certificates
Version: 2021.10.06
Release: alt0.M80P.1

Summary: Common CA Certificates
License: MPL/GPL/LGPL
Group: System/Base
BuildArch: noarch

Source0: mozilla.tar
Source1: alt.tar

BuildRequires: openssl

%description
This package contains a bundle of X.509 certificates of public Certificate
Authorities (CA).  This is useful for any applications to verify SSL/TLS
connection.
Note that certificate authorities whose certificates are included in
this package are not in any way audited for trustworthiness and RFC3647
compliance, and that full responsibility to assess them rests with
the user.

%prep
%setup -c -a1
patch -p1 < mozilla/mk-ca-bundle.patch

%build
export TZ=UTC
pushd mozilla
	./mk-ca-bundle.pl -t crt
popd
pushd alt
	for t in alt; do
		printf '#\n# %%s\n#\n\n' 'ALT CA'
		openssl x509 -sha256 -in $t.crt -text -fingerprint
		printf '\n\n'
	done >crt
popd
cat {mozilla,alt}/crt >ca-bundle.crt

%install
install -pDm644 ca-bundle.crt %buildroot%_datadir/%name/ca-bundle.crt
mkdir -p %{buildroot}%_sysconfdir/pki/tls/certs
ln -s %_datadir/%name/ca-bundle.crt %{buildroot}%_sysconfdir/pki/tls/certs

%files
%dir %_sysconfdir/pki/tls
%dir %_sysconfdir/pki/tls/certs
%_sysconfdir/pki/tls/certs/*
%_datadir/%name

%changelog
* Tue Apr 12 2022 Vitaly Lipatov <lav@altlinux.ru> 2021.10.06-alt0.M80P.1
- sync to ALT p9 version (fix support Let's Encrypt certificates)
- mozilla: sync with nss-3.71

* Wed May 04 2016 L.A. Kostis <lakostis@altlinux.ru> 2016.02.25-alt1
- mozilla: updated to February 2016 batch root CA changes.
  (#bmo 1247990).

* Sun Feb 14 2016 L.A. Kostis <lakostis@altlinux.ru> 2015.10.29-alt1
- mozilla: updated to October 2015 batch root CA changes
  (#bmo 1214729).
- added /etc/pki/tls/certs dir (closes: #31213).

* Fri Aug 28 2015 L.A. Kostis <lakostis@altlinux.ru> 2015.08.04-alt1
- mozilla/certdata.txt: updated ca-certificates to v2.5.
- mozilla/mk-ca-bundle.pl:
  + updated to v1.25.
  + use SHA256 for fingerprint.
  + remove MD5 from valid cert signature list.
- remove cacert (untrusted signature).

* Wed Feb 08 2012 Dmitry V. Levin <ldv@altlinux.org> 2012.01.17-alt1
- mozilla/certdata.txt: updated to revision 1.81.
- Filtered out untrusted certs from mozilla bundle (closes: #26904).

* Thu Nov 10 2011 Dmitry V. Levin <ldv@altlinux.org> 2011.11.03-alt1
- mozilla/certdata.txt: updated to revision 1.80.

* Fri Sep 02 2011 Dmitry V. Levin <ldv@altlinux.org> 2011.09.02-alt1
- mozilla/certdata.txt: updated to revision 1.78.

* Thu Sep 30 2010 Dmitry V. Levin <ldv@altlinux.org> 2010.08.27-alt1
- mozilla/certdata.txt: Updated to revision 1.65.

* Sun Apr 05 2009 Dmitry V. Levin <ldv@altlinux.org> 2009.01.15-alt1
- cacert.org: Added http://www.cacert.org/certs/root.crt (closes: #14119).
- mozilla/certdata.txt: Updated to revision 1.51 (closes: #19484).

* Tue Feb 06 2007 Dmitry V. Levin <ldv@altlinux.org> 2007.02.06-alt1
- Imported a bundle of X.509 certificates of public Certificate
  Authorities (CA) from openssl package to this package.
- Updated Mozilla's root CA list.
- Added ALT Root CA.
- Added cacert.org Root CA.
Back to Top