Add ca-certificates-20190110 This package provides the certificates distributed by the Mozilla Project. It also provides a script, update-ca-certs, which can be used to manage a location that makes certificates usable by TLS implementations, including installing select certificates from this package.

(kim)

 @@ -1,14 +1,14 @@
-# $NetBSD: Makefile,v 1.761 2020/05/26 22:33:20 adam Exp $
+# $NetBSD: Makefile,v 1.762 2020/05/31 15:53:44 kim Exp $
+#
 COMMENT=	Security tools
 SUBDIR+=	2fa
 SUBDIR+=	Bastille
 SUBDIR+=	CSP
 SUBDIR+=	CoolKey
 SUBDIR+=	EasyPG
 SUBDIR+=	HElib
 SUBDIR+=	KeePass
 SUBDIR+=	PACK
 SUBDIR+=	PortableSigner
 @@ -24,26 +24,27 @@ SUBDIR+=	antonym
 SUBDIR+=	ap-modsecurity2
 SUBDIR+=	apg
 SUBDIR+=	argon2
 SUBDIR+=	arirang
 SUBDIR+=	asignify
 SUBDIR+=	avcheck
 SUBDIR+=	bcrypt
 SUBDIR+=	bearssl
 SUBDIR+=	beecrypt
 SUBDIR+=	bitstir
 SUBDIR+=	boringssl
 SUBDIR+=	botan
 SUBDIR+=	botan-devel
 SUBDIR+=	ca-certificates
 SUBDIR+=	caff
 SUBDIR+=	ccid
 SUBDIR+=	cfs
 SUBDIR+=	chkrootkit
 SUBDIR+=	clamav
 SUBDIR+=	clamav-doc
 SUBDIR+=	clusterssh
 SUBDIR+=	codecrypt
 SUBDIR+=	courier-authlib
 SUBDIR+=	crack
 SUBDIR+=	credns
 #SUBDIR+=	crudesaml	# only shared files
 SUBDIR+=	crypto++

This package provides the certificates distributed by the Mozilla Project. It also provides a script, update-ca-certs, which can be used to manage a location that makes certificates usable by TLS implementations, including installing select certificates from this package.

=========================================================================== $NetBSD: MESSAGE,v 1.1 2020/05/31 15:53:44 kim Exp $ Execute this command to install and rehash select CA root certificates distributed by the Mozilla Project, so that they can be used by third party applications using OpenSSL. It also creates a single file certificate bundle in PEM format which can be used by applications using GnuTLS. # update-ca-certificates You can edit /etc/ca-certificates.conf to configure which certificates are installed. Additionally any certificates in /usr/local/share/ca-certificates will be installed. To mark these certificates as trusted for users of gnupg2, do the following (assuming default PKG_SYSCONFBASE and a Bourne shell): # mkdir -p /usr/pkg/etc/gnupg # cd /usr/pkg/etc/gnupg # for c in /etc/openssl/certs/*.pem; do > openssl x509 -in $c -noout -fingerprint|sed 's|^.*=$.*$|\1 S|' > done > trustlist.txt ===========================================================================

# $NetBSD: Makefile,v 1.1 2020/05/31 15:53:44 kim Exp $ PKGNAME= ca-certificates-20190110 DISTNAME= ${PKGNAME:C/-([^-]*)$/_\1/} CATEGORIES= security MASTER_SITES= http://deb.debian.org/debian/pool/main/c/ca-certificates/ EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= https://packages.debian.org/source/sid/ca-certificates COMMENT= Root CA certificates from the Mozilla Project LICENSE= gnu-gpl-v2 AND mpl-2.0 NO_CONFIGURE= yes PYTHON_FOR_BUILD_ONLY= yes USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run WRKSRC= ${WRKDIR}/${PKGNAME_NOREV} DATADIR= ${PREFIX}/share/${PKGBASE} EGDIR= ${PREFIX}/share/examples/${PKGBASE} # Set paths depending on whether we depend on builtin or pkgsrc # openssl. \todo Arguably, we should consider installing into both # builtin and pkgsrc, if both exist, but this requires much more # thought. CHECK_BUILTIN.openssl= yes .include "../../security/openssl/builtin.mk" CHECK_BUILTIN.openssl= no .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) SSLDIR= /etc/openssl .else SSLDIR= ${PKG_SYSCONFDIR}/openssl .endif SUBST_CLASSES= conf paths SUBST_MESSAGE.conf= Adjusting configuration file. SUBST_STAGE.conf= post-build SUBST_FILES.conf= ca-certificates.conf SUBST_SED.conf= -e 's,^share/ca-certificates/,,' SUBST_MESSAGE.paths= Replacing hard-coded paths. SUBST_STAGE.paths= post-build SUBST_FILES.paths= Makefile sbin/Makefile SUBST_FILES.paths+= ca-certificates.conf SUBST_FILES.paths+= sbin/update-ca-certificates sbin/update-ca-certificates.8 SUBST_SED.paths= -e 's,/usr/sbin,${PREFIX}/sbin,g' SUBST_SED.paths+= -e 's,/etc/ca-certificates.conf,${PKG_SYSCONFDIR}/ca-certificates.conf,g' SUBST_SED.paths+= -e 's,/etc/ssl,${SSLDIR},g' SUBST_SED.paths+= -e 's,/usr/share/ca-certificates,${DATADIR},g' INSTALLATION_DIRS= sbin ${DATADIR} ${EGDIR} share/man/man8 CONF_FILES= ${EGDIR}/ca-certificates.conf \ ${PKG_SYSCONFDIR}/ca-certificates.conf pre-build: @${CP} ${FILESDIR}/ca-certificates.conf ${WRKSRC}/ @${GREP} '^share/ca-certificates/' ${FILESDIR}/../PLIST \ >> ${WRKSRC}/ca-certificates.conf post-install: ${INSTALL_MAN} ${WRKSRC}/sbin/update-ca-certificates.8 \ ${DESTDIR}${PREFIX}/share/man/man8/update-ca-certificates.8 ${INSTALL_DATA} ${WRKSRC}/ca-certificates.conf \ ${DESTDIR}${EGDIR}/ca-certificates.conf .include "../../lang/python/tool.mk" .include "../../mk/bsd.pkg.mk"

@comment $NetBSD: PLIST,v 1.1 2020/05/31 15:53:44 kim Exp $ sbin/update-ca-certificates share/ca-certificates/mozilla/ACCVRAIZ1.crt share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt share/ca-certificates/mozilla/AddTrust_External_Root.crt share/ca-certificates/mozilla/AffirmTrust_Commercial.crt share/ca-certificates/mozilla/AffirmTrust_Networking.crt share/ca-certificates/mozilla/AffirmTrust_Premium.crt share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt share/ca-certificates/mozilla/Amazon_Root_CA_1.crt share/ca-certificates/mozilla/Amazon_Root_CA_2.crt share/ca-certificates/mozilla/Amazon_Root_CA_3.crt share/ca-certificates/mozilla/Amazon_Root_CA_4.crt share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt share/ca-certificates/mozilla/CA_Disig_Root_R2.crt share/ca-certificates/mozilla/CFCA_EV_ROOT.crt share/ca-certificates/mozilla/COMODO_Certification_Authority.crt share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt share/ca-certificates/mozilla/Certigna.crt share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt share/ca-certificates/mozilla/Cybertrust_Global_Root.crt share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt share/ca-certificates/mozilla/DST_Root_CA_X3.crt share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt share/ca-certificates/mozilla/EC-ACC.crt share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt share/ca-certificates/mozilla/GeoTrust_Global_CA.crt share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt share/ca-certificates/mozilla/GlobalSign_Root_CA.crt share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt share/ca-certificates/mozilla/ISRG_Root_X1.crt share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt share/ca-certificates/mozilla/Izenpe.com.crt share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt share/ca-certificates/mozilla/QuoVadis_Root_CA.crt share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt share/ca-certificates/mozilla/SecureSign_RootCA11.crt share/ca-certificates/mozilla/SecureTrust_CA.crt share/ca-certificates/mozilla/Secure_Global_CA.crt share/ca-certificates/mozilla/Security_Communication_RootCA2.crt share/ca-certificates/mozilla/Security_Communication_Root_CA.crt share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt share/ca-certificates/mozilla/Starfield_Class_2_CA.crt share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt share/ca-certificates/mozilla/Taiwan_GRCA.crt share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt share/ca-certificates/mozilla/TrustCor_ECA-1.crt share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt share/examples/ca-certificates/ca-certificates.conf share/man/man8/update-ca-certificates.8

$NetBSD: distinfo,v 1.1 2020/05/31 15:53:44 kim Exp $ SHA1 (ca-certificates_20190110.tar.xz) = 47d4584eae85fc905e4994766eb3930a8a84e2e1 RMD160 (ca-certificates_20190110.tar.xz) = cbf8f474fba527dc96413632ac5874385bd38e17 SHA512 (ca-certificates_20190110.tar.xz) = 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372 Size (ca-certificates_20190110.tar.xz) = 243472 bytes

# $NetBSD: ca-certificates.conf,v 1.1 2020/05/31 15:53:44 kim Exp $ # # This file lists certificates that update-ca-certificates(8) will # select or deselect for installing in /etc/ssl/certs. # # A line beginning with # is a comment. # A line beginning with ! deselects the matching certificate file. #