rpms/ca-certificates/devel Makefile, 1.2, 1.3 ca-certificates.spec, 1.9, 1.10 generate-cacerts.pl, 1.2, 1.3

Fri Jan 15 20:22:01 UTC 2010

Author: jorton

Update of /cvs/extras/rpms/ca-certificates/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6953

Modified Files:
	Makefile ca-certificates.spec generate-cacerts.pl 
Log Message:
* Fri Jan 15 2010 Joe Orton <jorton at redhat.com> - 2010-2
- fix Java cacert database generation: use Subject rather than Issuer
  for alias name; add diagnostics; fix some alias names.



Index: Makefile
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3

--- Makefile	25 Nov 2009 22:47:28 -0000	1.2
+++ Makefile	15 Jan 2010 20:22:01 -0000	1.3
@@ -7,7 +7,8 @@ define find-makefile-common
 for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
+MAKEFILE_COMMON := ../common/Makefile.common
+#MAKEFILE_COMMON := $(shell $(find-makefile-common))
 
 ifeq ($(MAKEFILE_COMMON),)
 # attept a checkout


Index: ca-certificates.spec
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/ca-certificates.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- ca-certificates.spec	15 Jan 2010 17:11:52 -0000	1.9
+++ ca-certificates.spec	15 Jan 2010 20:22:01 -0000	1.10
@@ -7,7 +7,7 @@
 Summary: The Mozilla CA root certificate bundle
 Name: ca-certificates
 Version: 2010
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: Public Domain
 Group: System Environment/Base
 URL: http://www.mozilla.org/
@@ -16,7 +16,7 @@ Source1: blacklist.txt
 Source2: generate-cacerts.pl
 Source3: certdata2pem.py
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: perl, java-openjdk, python
+BuildRequires: perl, java-openjdk, python, rcs
 BuildArch: noarch
 
 %description
@@ -25,7 +25,7 @@ Mozilla Foundation for use with the Inte
 
 %prep
 rm -rf %{name}
-mkdir %{name} %{name}/certs
+mkdir %{name} %{name}/certs %{name}/java
 
 %build
 pushd %{name}/certs
@@ -44,11 +44,13 @@ pushd %{name}
 EOF
    ident -q %{SOURCE0} | sed '1d;s/^/#/';
    echo '#';
-   for f in certs/*.crt; do 
+   set +x; for f in certs/*.crt; do 
       openssl x509 -text -in "$f"
-   done;
+   done; set -x;
  ) > ca-bundle.crt
- %{__perl} %{SOURCE2} %{_bindir}/keytool ca-bundle.crt
+popd
+pushd %{name}/java
+ %{__perl} %{SOURCE2} %{_bindir}/keytool ../certs/ca-bundle.crt
  touch -r %{SOURCE0} cacerts
 popd
 
@@ -63,7 +65,7 @@ touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pki
 
 # Install Java cacerts file.
 mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
-install -p -m 644 %{name}/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
+install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -78,6 +80,10 @@ rm -rf $RPM_BUILD_ROOT
 %{pkidir}/tls/cert.pem
 
 %changelog
+* Fri Jan 15 2010 Joe Orton <jorton at redhat.com> - 2010-2
+- fix Java cacert database generation: use Subject rather than Issuer
+  for alias name; add diagnostics; fix some alias names.
+
 * Mon Jan 11 2010 Joe Orton <jorton at redhat.com> - 2010-1
 - adopt Python certdata.txt parsing script from Debian
 


Index: generate-cacerts.pl
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/generate-cacerts.pl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- generate-cacerts.pl	25 Jun 2008 15:33:23 -0000	1.2
+++ generate-cacerts.pl	15 Jan 2010 20:22:01 -0000	1.3
@@ -1,4 +1,7 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
+
+use diagnostics;
+use Fcntl;
 
 # Copyright (C) 2007, 2008 Red Hat, Inc.
 #
@@ -27,7 +30,7 @@ $in_cert_block = 0;
 $write_current_cert = 1;
 foreach $cert (@certs)
 {
-    if ($cert =~ /Issuer: /)
+    if ($cert =~ /Subject: /)
     {
         $_ = $cert;
         if ($cert =~ /personal-freemail/)
@@ -82,7 +85,7 @@ foreach $cert (@certs)
         }
         # Version 1 of Class 3 Public Primary Certification Authority
         # - G2 is added.  Version 3 is excluded.  See below.
-        elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2/)
+        elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2.*1998/)
         {
             $cert_alias = "verisignclass3g2ca";
         }
@@ -94,7 +97,7 @@ foreach $cert (@certs)
         elsif ($cert =~
                /RSA Data Security.*Secure Server Certification Authority/)
         {
-            $cert_alias = "verisignserverca";
+            $cert_alias = "rsaserverca";
         }
         elsif ($cert =~ /GTE CyberTrust Global Root/)
         {
@@ -116,7 +119,7 @@ foreach $cert (@certs)
         {
             $cert_alias = "entrust2048ca";
         }
-        elsif ($cert =~ /www.entrust.net\/CPS /)
+        elsif ($cert =~ /www.entrust.net\/CPS incorp /)
         {
             $cert_alias = "entrustsslca";
         }
@@ -224,10 +227,6 @@ foreach $cert (@certs)
         {
             $cert_alias = "extra-elektronikkas2005";
         }
-        elsif ($cert =~ /Elektronik/)
-        {
-            $cert_alias = "extra-elektronik2005";
-        }
         # Mozilla does not provide these certificates:
         #   baltimorecodesigningca
         #   gtecybertrust5ca
@@ -237,13 +236,13 @@ foreach $cert (@certs)
         else
         {
             # Generate an alias using the OU and CN attributes of the
-            # Issuer field if both are present, otherwise use only the
-            # CN attribute.  The Issuer field must have either the OU
+            # Subject field if both are present, otherwise use only the
+            # CN attribute.  The Subject field must have either the OU
             # or the CN attribute.
             $_ = $cert;
             if ($cert =~ /OU=/)
             {
-                s/Issuer:.*?OU=//;
+                s/Subject:.*?OU=//;
                 # Remove other occurrences of OU=.
                 s/OU=.*CN=//;
                 # Remove CN= if there were not other occurrences of OU=.
@@ -254,7 +253,7 @@ foreach $cert (@certs)
             }
             elsif ($cert =~ /CN=/)
             {
-                s/Issuer:.*CN=//;
+                s/Subject:.*CN=//;
                 s/\/emailAddress.*//;
                 s/Certificate Authority/ca/g;
                 s/Certification Authority/ca/g;
@@ -263,6 +262,7 @@ foreach $cert (@certs)
             tr/A-Z/a-z/;
             $cert_alias = "extra-$_";
         }
+        print "$cert => alias $cert_alias\n";
     }
     # When it attempts to parse:
     #
@@ -297,8 +297,12 @@ foreach $cert (@certs)
         if ($write_current_cert == 1)
         {
             $pem_file_count++;
-            open(PEM, ">$cert_alias.pem");
+            print "writing $cert_alias.pem\n";
+            sysopen(PEM, "$cert_alias.pem", O_WRONLY|O_CREAT|O_EXCL)
+                || die("could not write file");
+            print "opened $cert_alias";
             print PEM $cert;
+            print "written $cert_alias.pem\n";
         }
     }
     elsif ($cert eq "-----END CERTIFICATE-----\n")
@@ -324,7 +328,7 @@ foreach $cert (@certs)
 @pem_files = <*.pem>;
 if (@pem_files != $pem_file_count)
 {
-    print "$pem_file_count";
+    print "$pem_file_count != ". at pem_files."\n";
     die "Number of .pem files produced does not match".
         " number of certs read from $file.";
 }

