Received: by mail.netbsd.org (Postfix, from userid 605) id 5AD4F84D90; Sun, 31 May 2020 15:53:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id D861E84D8B for ; Sun, 31 May 2020 15:53:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id bZUkNnBDe3lS for ; Sun, 31 May 2020 15:53:44 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id B4BE084CF1 for ; Sun, 31 May 2020 15:53:44 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id AA193FB27; Sun, 31 May 2020 15:53:44 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1590940424159860" MIME-Version: 1.0 Date: Sun, 31 May 2020 15:53:44 +0000 From: "Kimmo Suominen" Subject: CVS commit: pkgsrc/security To: pkgsrc-changes@NetBSD.org Reply-To: kim@netbsd.org X-Mailer: log_accum Message-Id: <20200531155344.AA193FB27@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1590940424159860 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: kim Date: Sun May 31 15:53:44 UTC 2020 Modified Files: pkgsrc/security: Makefile Added Files: pkgsrc/security/ca-certificates: DESCR INSTALL MESSAGE Makefile PLIST distinfo pkgsrc/security/ca-certificates/files: ca-certificates.conf Log Message: Add ca-certificates-20190110 This package provides the certificates distributed by the Mozilla Project. It also provides a script, update-ca-certs, which can be used to manage a location that makes certificates usable by TLS implementations, including installing select certificates from this package. To generate a diff of this commit: cvs rdiff -u -r1.761 -r1.762 pkgsrc/security/Makefile cvs rdiff -u -r0 -r1.1 pkgsrc/security/ca-certificates/DESCR \ pkgsrc/security/ca-certificates/INSTALL \ pkgsrc/security/ca-certificates/MESSAGE \ pkgsrc/security/ca-certificates/Makefile \ pkgsrc/security/ca-certificates/PLIST \ pkgsrc/security/ca-certificates/distinfo cvs rdiff -u -r0 -r1.1 \ pkgsrc/security/ca-certificates/files/ca-certificates.conf Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1590940424159860 Content-Disposition: inline Content-Length: 15320 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=utf-8 Modified files: Index: pkgsrc/security/Makefile diff -u pkgsrc/security/Makefile:1.761 pkgsrc/security/Makefile:1.762 --- pkgsrc/security/Makefile:1.761 Tue May 26 22:33:20 2020 +++ pkgsrc/security/Makefile Sun May 31 15:53:44 2020 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.761 2020/05/26 22:33:20 adam Exp $ +# $NetBSD: Makefile,v 1.762 2020/05/31 15:53:44 kim Exp $ # COMMENT= Security tools @@ -34,6 +34,7 @@ SUBDIR+= bitstir SUBDIR+= boringssl SUBDIR+= botan SUBDIR+= botan-devel +SUBDIR+= ca-certificates SUBDIR+= caff SUBDIR+= ccid SUBDIR+= cfs Added files: Index: pkgsrc/security/ca-certificates/DESCR diff -u /dev/null pkgsrc/security/ca-certificates/DESCR:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/DESCR Sun May 31 15:53:44 2020 @@ -0,0 +1,6 @@ +This package provides the certificates distributed by the Mozilla +Project. + +It also provides a script, update-ca-certs, which can be used to manage +a location that makes certificates usable by TLS implementations, +including installing select certificates from this package. Index: pkgsrc/security/ca-certificates/INSTALL diff -u /dev/null pkgsrc/security/ca-certificates/INSTALL:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/INSTALL Sun May 31 15:53:44 2020 @@ -0,0 +1,7 @@ +# $NetBSD: INSTALL,v 1.1 2020/05/31 15:53:44 kim Exp $ + +case ${STAGE} in +POST-INSTALL) + @PREFIX@/sbin/update-ca-certificates + ;; +esac Index: pkgsrc/security/ca-certificates/MESSAGE diff -u /dev/null pkgsrc/security/ca-certificates/MESSAGE:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/MESSAGE Sun May 31 15:53:44 2020 @@ -0,0 +1,24 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2020/05/31 15:53:44 kim Exp $ + +Execute this command to install and rehash select CA root certificates +distributed by the Mozilla Project, so that they can be used by third +party applications using OpenSSL. It also creates a single file +certificate bundle in PEM format which can be used by applications using +GnuTLS. + + # update-ca-certificates + +You can edit /etc/ca-certificates.conf to configure which certificates are +installed. Additionally any certificates in /usr/local/share/ca-certificates +will be installed. + +To mark these certificates as trusted for users of gnupg2, do +the following (assuming default PKG_SYSCONFBASE and a Bourne shell): + + # mkdir -p /usr/pkg/etc/gnupg + # cd /usr/pkg/etc/gnupg + # for c in /etc/openssl/certs/*.pem; do + > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=\(.*\)|\1 S|' + > done > trustlist.txt +=========================================================================== Index: pkgsrc/security/ca-certificates/Makefile diff -u /dev/null pkgsrc/security/ca-certificates/Makefile:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/Makefile Sun May 31 15:53:44 2020 @@ -0,0 +1,68 @@ +# $NetBSD: Makefile,v 1.1 2020/05/31 15:53:44 kim Exp $ + +PKGNAME= ca-certificates-20190110 +DISTNAME= ${PKGNAME:C/-([^-]*)$/_\1/} +CATEGORIES= security +MASTER_SITES= http://deb.debian.org/debian/pool/main/c/ca-certificates/ +EXTRACT_SUFX= .tar.xz + +MAINTAINER= pkgsrc-users@NetBSD.org +HOMEPAGE= https://packages.debian.org/source/sid/ca-certificates +COMMENT= Root CA certificates from the Mozilla Project +LICENSE= gnu-gpl-v2 AND mpl-2.0 + +NO_CONFIGURE= yes +PYTHON_FOR_BUILD_ONLY= yes + +USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run + +WRKSRC= ${WRKDIR}/${PKGNAME_NOREV} +DATADIR= ${PREFIX}/share/${PKGBASE} +EGDIR= ${PREFIX}/share/examples/${PKGBASE} + +# Set paths depending on whether we depend on builtin or pkgsrc +# openssl. \todo Arguably, we should consider installing into both +# builtin and pkgsrc, if both exist, but this requires much more +# thought. +CHECK_BUILTIN.openssl= yes +.include "../../security/openssl/builtin.mk" +CHECK_BUILTIN.openssl= no +.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) +SSLDIR= /etc/openssl +.else +SSLDIR= ${PKG_SYSCONFDIR}/openssl +.endif + +SUBST_CLASSES= conf paths +SUBST_MESSAGE.conf= Adjusting configuration file. +SUBST_STAGE.conf= post-build +SUBST_FILES.conf= ca-certificates.conf +SUBST_SED.conf= -e 's,^share/ca-certificates/,,' +SUBST_MESSAGE.paths= Replacing hard-coded paths. +SUBST_STAGE.paths= post-build +SUBST_FILES.paths= Makefile sbin/Makefile +SUBST_FILES.paths+= ca-certificates.conf +SUBST_FILES.paths+= sbin/update-ca-certificates sbin/update-ca-certificates.8 +SUBST_SED.paths= -e 's,/usr/sbin,${PREFIX}/sbin,g' +SUBST_SED.paths+= -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g' +SUBST_SED.paths+= -e 's,/etc/ssl,${SSLDIR},g' +SUBST_SED.paths+= -e 's,/usr/share/ca-certificates,${DATADIR},g' + +INSTALLATION_DIRS= sbin ${DATADIR} ${EGDIR} share/man/man8 + +CONF_FILES= ${EGDIR}/ca-certificates.conf \ + ${PKG_SYSCONFDIR}/ca-certificates.conf + +pre-build: + @${CP} ${FILESDIR}/ca-certificates.conf ${WRKSRC}/ + @${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \ + >> ${WRKSRC}/ca-certificates.conf + +post-install: + ${INSTALL_MAN} ${WRKSRC}/sbin/update-ca-certificates.8 \ + ${DESTDIR}${PREFIX}/share/man/man8/update-ca-certificates.8 + ${INSTALL_DATA} ${WRKSRC}/ca-certificates.conf \ + ${DESTDIR}${EGDIR}/ca-certificates.conf + +.include "../../lang/python/tool.mk" +.include "../../mk/bsd.pkg.mk" Index: pkgsrc/security/ca-certificates/PLIST diff -u /dev/null pkgsrc/security/ca-certificates/PLIST:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/PLIST Sun May 31 15:53:44 2020 @@ -0,0 +1,132 @@ +@comment $NetBSD: PLIST,v 1.1 2020/05/31 15:53:44 kim Exp $ +sbin/update-ca-certificates +share/ca-certificates/mozilla/ACCVRAIZ1.crt +share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt +share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt +share/ca-certificates/mozilla/AddTrust_External_Root.crt +share/ca-certificates/mozilla/AffirmTrust_Commercial.crt +share/ca-certificates/mozilla/AffirmTrust_Networking.crt +share/ca-certificates/mozilla/AffirmTrust_Premium.crt +share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt +share/ca-certificates/mozilla/Amazon_Root_CA_1.crt +share/ca-certificates/mozilla/Amazon_Root_CA_2.crt +share/ca-certificates/mozilla/Amazon_Root_CA_3.crt +share/ca-certificates/mozilla/Amazon_Root_CA_4.crt +share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt +share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt +share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt +share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt +share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt +share/ca-certificates/mozilla/CA_Disig_Root_R2.crt +share/ca-certificates/mozilla/CFCA_EV_ROOT.crt +share/ca-certificates/mozilla/COMODO_Certification_Authority.crt +share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt +share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt +share/ca-certificates/mozilla/Certigna.crt +share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt +share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt +share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt +share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt +share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt +share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt +share/ca-certificates/mozilla/Cybertrust_Global_Root.crt +share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt +share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt +share/ca-certificates/mozilla/DST_Root_CA_X3.crt +share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt +share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt +share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt +share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt +share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt +share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt +share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt +share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt +share/ca-certificates/mozilla/EC-ACC.crt +share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt +share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt +share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt +share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt +share/ca-certificates/mozilla/GeoTrust_Global_CA.crt +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt +share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt +share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt +share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt +share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt +share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt +share/ca-certificates/mozilla/GlobalSign_Root_CA.crt +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt +share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt +share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt +share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt +share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt +share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt +share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt +share/ca-certificates/mozilla/ISRG_Root_X1.crt +share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt +share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt +share/ca-certificates/mozilla/Izenpe.com.crt +share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt +share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt +share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt +share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt +share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt +share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt +share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt +share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt +share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt +share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt +share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt +share/ca-certificates/mozilla/SecureSign_RootCA11.crt +share/ca-certificates/mozilla/SecureTrust_CA.crt +share/ca-certificates/mozilla/Secure_Global_CA.crt +share/ca-certificates/mozilla/Security_Communication_RootCA2.crt +share/ca-certificates/mozilla/Security_Communication_Root_CA.crt +share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt +share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt +share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt +share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt +share/ca-certificates/mozilla/Starfield_Class_2_CA.crt +share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt +share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt +share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt +share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt +share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt +share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt +share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt +share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt +share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt +share/ca-certificates/mozilla/Taiwan_GRCA.crt +share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt +share/ca-certificates/mozilla/TrustCor_ECA-1.crt +share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt +share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt +share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt +share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt +share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt +share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt +share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt +share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt +share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt +share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt +share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt +share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt +share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt +share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt +share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt +share/examples/ca-certificates/ca-certificates.conf +share/man/man8/update-ca-certificates.8 Index: pkgsrc/security/ca-certificates/distinfo diff -u /dev/null pkgsrc/security/ca-certificates/distinfo:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/distinfo Sun May 31 15:53:44 2020 @@ -0,0 +1,6 @@ +$NetBSD: distinfo,v 1.1 2020/05/31 15:53:44 kim Exp $ + +SHA1 (ca-certificates_20190110.tar.xz) = 47d4584eae85fc905e4994766eb3930a8a84e2e1 +RMD160 (ca-certificates_20190110.tar.xz) = cbf8f474fba527dc96413632ac5874385bd38e17 +SHA512 (ca-certificates_20190110.tar.xz) = 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372 +Size (ca-certificates_20190110.tar.xz) = 243472 bytes Index: pkgsrc/security/ca-certificates/files/ca-certificates.conf diff -u /dev/null pkgsrc/security/ca-certificates/files/ca-certificates.conf:1.1 --- /dev/null Sun May 31 15:53:44 2020 +++ pkgsrc/security/ca-certificates/files/ca-certificates.conf Sun May 31 15:53:44 2020 @@ -0,0 +1,8 @@ +# $NetBSD: ca-certificates.conf,v 1.1 2020/05/31 15:53:44 kim Exp $ +# +# This file lists certificates that update-ca-certificates(8) will +# select or deselect for installing in /etc/ssl/certs. +# +# A line beginning with # is a comment. +# A line beginning with ! deselects the matching certificate file. +# --_----------=_1590940424159860--