From e766f1ea22dd50dc1a1e87c7bede6a5ad4ef2165 Mon Sep 17 00:00:00 2001
From: brooks <brooks@FreeBSD.org>
Date: Fri, 6 Jul 2007 21:37:35 +0000
Subject: Add ca_root_nss:

Root certificates from certificate authorities included in the Mozilla
NSS library and thus in Firefox and Thunderbird.
---
 security/Makefile                             |  1 +
 security/ca_root_nss/Makefile                 | 58 +++++++++++++++++++++++++++
 security/ca_root_nss/distinfo                 |  6 +++
 security/ca_root_nss/files/patch-ca-bundle.pl | 39 ++++++++++++++++++
 security/ca_root_nss/pkg-descr                |  2 +
 5 files changed, 106 insertions(+)
 create mode 100644 security/ca_root_nss/Makefile
 create mode 100644 security/ca_root_nss/distinfo
 create mode 100644 security/ca_root_nss/files/patch-ca-bundle.pl
 create mode 100644 security/ca_root_nss/pkg-descr

(limited to 'security')

diff --git a/security/Makefile b/security/Makefile
index 2fb745f6342a..a7b376ef7d95 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -53,6 +53,7 @@
     SUBDIR += bubblegum
     SUBDIR += bugs
     SUBDIR += ca-roots
+    SUBDIR += ca_root_nss
     SUBDIR += calife
     SUBDIR += calife-devel
     SUBDIR += ccrypt
diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile
new file mode 100644
index 000000000000..bc427aaff2a3
--- /dev/null
+++ b/security/ca_root_nss/Makefile
@@ -0,0 +1,58 @@
+# New ports collection makefile for:    ca-root-nss
+# Date created:				Thu Jan 25 13:02:14 CST 2007
+# Whom:	      				Brooks Davis <brooks@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	ca_root_nss
+PORTVERSION=	${VERSION_NSS}
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_MOZILLA} \
+		${MASTER_SITES_MODSSL:S/$/:mod_ssl/}
+MASTER_SITE_SUBDIR=	security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
+DISTFILES=	${NSS_FILE} ${MODSSL_FILE}:mod_ssl
+
+MAINTAINER=	brooks@FreeBSD.org
+COMMENT=	The root certificate bundle from the Mozilla Project
+
+USE_PERL5_BUILD=	yes
+NO_WRKSUBDIR=	yes
+
+CERTDIR?=	share/certs
+PLIST_DIRS=	${CERTDIR}
+PLIST_FILES=	${CERTDIR}/ca-root-nss.crt
+
+VERSION_NSS=	3.11.5
+VERSION_APACHE=	1.3.37
+VERSION_MODSSL=	2.8.28
+MASTER_SITES_MODSSL=	http://www.modssl.org/source/ \
+		ftp://ftp.modssl.org/source/ \
+		ftp://ftp.blatzheim.com/pub/mod_ssl/ \
+		ftp://ftp.fu-berlin.de/unix/security/mod_ssl/ \
+		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/mod_ssl/source,}
+MODSSL_FILE=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}${EXTRACT_SUFX}
+NSS_FILE=	nss-${VERSION_NSS}${EXTRACT_SUFX}
+CERTDATA_TXT_PATH=	nss-${VERSION_NSS}/mozilla/security/nss/lib/ckfw/builtins/certdata.txt
+CA_BUNDLE_PL_PATH=	mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE}/pkg.sslcfg/ca-bundle.pl
+
+do-extract:
+	@${MKDIR} ${WRKDIR}
+	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/${MODSSL_FILE} \
+	    ${CA_BUNDLE_PL_PATH}
+	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${EXTRACT_SUFX} \
+	    ${CERTDATA_TXT_PATH}
+	@${CP} ${WRKDIR}/${CA_BUNDLE_PL_PATH} ${WRKDIR}
+	@${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR}
+	@${RM} -rf ${WRKDIR}/mod_ssl-${VERSION_MODSSL}-${VERSION_APACHE} \
+	    ${WRKDIR}/nss-${VERSION_NSS}
+
+do-build:
+	@${PERL} ${WRKDIR}/ca-bundle.pl < ${WRKDIR}/certdata.txt > \
+	    ${WRKDIR}/ca-root-nss.crt
+
+do-install:
+	${MKDIR} ${PREFIX}/${CERTDIR}
+	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${PREFIX}/${CERTDIR}
+
+.include <bsd.port.mk>
diff --git a/security/ca_root_nss/distinfo b/security/ca_root_nss/distinfo
new file mode 100644
index 000000000000..5cbeee224bdf
--- /dev/null
+++ b/security/ca_root_nss/distinfo
@@ -0,0 +1,6 @@
+MD5 (nss-3.11.5.tar.gz) = 1add44e6a41dbf5091cfd000f19ad6b9
+SHA256 (nss-3.11.5.tar.gz) = ea3876f5aea92231228130b451479a7fda94436d7c328f0fe1c07ea6f8fc9a40
+SIZE (nss-3.11.5.tar.gz) = 3696893
+MD5 (mod_ssl-2.8.28-1.3.37.tar.gz) = 5e9486a86fcd4efef395f58fd795aaea
+SHA256 (mod_ssl-2.8.28-1.3.37.tar.gz) = 76437105b5b5593a7dbd8ee45af417233897dcaf910cbc337a68b0db24e35489
+SIZE (mod_ssl-2.8.28-1.3.37.tar.gz) = 820417
diff --git a/security/ca_root_nss/files/patch-ca-bundle.pl b/security/ca_root_nss/files/patch-ca-bundle.pl
new file mode 100644
index 000000000000..b1341d874de9
--- /dev/null
+++ b/security/ca_root_nss/files/patch-ca-bundle.pl
@@ -0,0 +1,39 @@
+
+$FreeBSD$
+
+--- ca-bundle.pl.orig
++++ ca-bundle.pl
+@@ -3,30 +3,18 @@
+ ##
+ 
+ #   configuration
+-my $cvsroot  = ':pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot';
+-my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
+-
+-my $date = `date`;
+-$date =~ s/\n$//s;
+ print <<EOH;
+ ##
+ ##  ca-bundle.crt -- Bundle of CA Root Certificates
+ ##
+ ##  This is a bundle of X.509 certificates of public Certificate
+ ##  Authorities (CA). These were automatically extracted from Mozilla's
+-##  root CA list (the file `certdata.txt'). It contains the certificates
+-##  in both plain text and PEM format and therefore can be directly used
+-##  with an Apache/mod_ssl webserver for SSL client authentication. Just
+-##  configure this file as the SSLCACertificateFile.
+-##
+-##  (SKIPME)
++##  root CA list (the file `certdata.txt').
+ ##
+-##  Last Modified: $date
++##  Extracted from nss-%%VERSION_NSS%%
+ EOH
+-open(IN, "cvs -d $cvsroot co -p $certdata|")
+-    || die "could not check out certdata.txt";
+ my $incert = 0;
+-while (<IN>) {
++while (<STDIN>) {
+     if (/^CKA_VALUE MULTILINE_OCTAL/) {
+         $incert = 1;
+         open(OUT, "|openssl x509 -text -inform DER -fingerprint")
diff --git a/security/ca_root_nss/pkg-descr b/security/ca_root_nss/pkg-descr
new file mode 100644
index 000000000000..b835104f5911
--- /dev/null
+++ b/security/ca_root_nss/pkg-descr
@@ -0,0 +1,2 @@
+Root certificates from certificate authorities included in the Mozilla
+NSS library and thus in Firefox and Thunderbird.
-- 
cgit