rpms/ca-certificates/devel Makefile, 1.2, 1.3 ca-certificates.spec, 1.9, 1.10 generate-cacerts.pl, 1.2, 1.3
jorton
jorton at fedoraproject.org
Fri Jan 15 20:22:01 UTC 2010
Author: jorton
Update of /cvs/extras/rpms/ca-certificates/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6953
Modified Files:
Makefile ca-certificates.spec generate-cacerts.pl
Log Message:
* Fri Jan 15 2010 Joe Orton <jorton at redhat.com> - 2010-2
- fix Java cacert database generation: use Subject rather than Issuer
for alias name; add diagnostics; fix some alias names.
Index: Makefile
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/Makefile,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- Makefile 25 Nov 2009 22:47:28 -0000 1.2
+++ Makefile 15 Jan 2010 20:22:01 -0000 1.3
@@ -7,7 +7,8 @@ define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
+MAKEFILE_COMMON := ../common/Makefile.common
+#MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
Index: ca-certificates.spec
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/ca-certificates.spec,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -p -r1.9 -r1.10
--- ca-certificates.spec 15 Jan 2010 17:11:52 -0000 1.9
+++ ca-certificates.spec 15 Jan 2010 20:22:01 -0000 1.10
@@ -7,7 +7,7 @@
Summary: The Mozilla CA root certificate bundle
Name: ca-certificates
Version: 2010
-Release: 1%{?dist}
+Release: 2%{?dist}
License: Public Domain
Group: System Environment/Base
URL: http://www.mozilla.org/
@@ -16,7 +16,7 @@ Source1: blacklist.txt
Source2: generate-cacerts.pl
Source3: certdata2pem.py
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-BuildRequires: perl, java-openjdk, python
+BuildRequires: perl, java-openjdk, python, rcs
BuildArch: noarch
%description
@@ -25,7 +25,7 @@ Mozilla Foundation for use with the Inte
%prep
rm -rf %{name}
-mkdir %{name} %{name}/certs
+mkdir %{name} %{name}/certs %{name}/java
%build
pushd %{name}/certs
@@ -44,11 +44,13 @@ pushd %{name}
EOF
ident -q %{SOURCE0} | sed '1d;s/^/#/';
echo '#';
- for f in certs/*.crt; do
+ set +x; for f in certs/*.crt; do
openssl x509 -text -in "$f"
- done;
+ done; set -x;
) > ca-bundle.crt
- %{__perl} %{SOURCE2} %{_bindir}/keytool ca-bundle.crt
+popd
+pushd %{name}/java
+ %{__perl} %{SOURCE2} %{_bindir}/keytool ../certs/ca-bundle.crt
touch -r %{SOURCE0} cacerts
popd
@@ -63,7 +65,7 @@ touch -r %{SOURCE0} $RPM_BUILD_ROOT%{pki
# Install Java cacerts file.
mkdir -p -m 700 $RPM_BUILD_ROOT%{pkidir}/java
-install -p -m 644 %{name}/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
+install -p -m 644 %{name}/java/cacerts $RPM_BUILD_ROOT%{pkidir}/java/
%clean
rm -rf $RPM_BUILD_ROOT
@@ -78,6 +80,10 @@ rm -rf $RPM_BUILD_ROOT
%{pkidir}/tls/cert.pem
%changelog
+* Fri Jan 15 2010 Joe Orton <jorton at redhat.com> - 2010-2
+- fix Java cacert database generation: use Subject rather than Issuer
+ for alias name; add diagnostics; fix some alias names.
+
* Mon Jan 11 2010 Joe Orton <jorton at redhat.com> - 2010-1
- adopt Python certdata.txt parsing script from Debian
Index: generate-cacerts.pl
===================================================================
RCS file: /cvs/extras/rpms/ca-certificates/devel/generate-cacerts.pl,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- generate-cacerts.pl 25 Jun 2008 15:33:23 -0000 1.2
+++ generate-cacerts.pl 15 Jan 2010 20:22:01 -0000 1.3
@@ -1,4 +1,7 @@
-#!/usr/bin/perl
+#!/usr/bin/perl -w
+
+use diagnostics;
+use Fcntl;
# Copyright (C) 2007, 2008 Red Hat, Inc.
#
@@ -27,7 +30,7 @@ $in_cert_block = 0;
$write_current_cert = 1;
foreach $cert (@certs)
{
- if ($cert =~ /Issuer: /)
+ if ($cert =~ /Subject: /)
{
$_ = $cert;
if ($cert =~ /personal-freemail/)
@@ -82,7 +85,7 @@ foreach $cert (@certs)
}
# Version 1 of Class 3 Public Primary Certification Authority
# - G2 is added. Version 3 is excluded. See below.
- elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2/)
+ elsif ($cert =~ /Class 3 Public Primary Certification Authority - G2.*1998/)
{
$cert_alias = "verisignclass3g2ca";
}
@@ -94,7 +97,7 @@ foreach $cert (@certs)
elsif ($cert =~
/RSA Data Security.*Secure Server Certification Authority/)
{
- $cert_alias = "verisignserverca";
+ $cert_alias = "rsaserverca";
}
elsif ($cert =~ /GTE CyberTrust Global Root/)
{
@@ -116,7 +119,7 @@ foreach $cert (@certs)
{
$cert_alias = "entrust2048ca";
}
- elsif ($cert =~ /www.entrust.net\/CPS /)
+ elsif ($cert =~ /www.entrust.net\/CPS incorp /)
{
$cert_alias = "entrustsslca";
}
@@ -224,10 +227,6 @@ foreach $cert (@certs)
{
$cert_alias = "extra-elektronikkas2005";
}
- elsif ($cert =~ /Elektronik/)
- {
- $cert_alias = "extra-elektronik2005";
- }
# Mozilla does not provide these certificates:
# baltimorecodesigningca
# gtecybertrust5ca
@@ -237,13 +236,13 @@ foreach $cert (@certs)
else
{
# Generate an alias using the OU and CN attributes of the
- # Issuer field if both are present, otherwise use only the
- # CN attribute. The Issuer field must have either the OU
+ # Subject field if both are present, otherwise use only the
+ # CN attribute. The Subject field must have either the OU
# or the CN attribute.
$_ = $cert;
if ($cert =~ /OU=/)
{
- s/Issuer:.*?OU=//;
+ s/Subject:.*?OU=//;
# Remove other occurrences of OU=.
s/OU=.*CN=//;
# Remove CN= if there were not other occurrences of OU=.
@@ -254,7 +253,7 @@ foreach $cert (@certs)
}
elsif ($cert =~ /CN=/)
{
- s/Issuer:.*CN=//;
+ s/Subject:.*CN=//;
s/\/emailAddress.*//;
s/Certificate Authority/ca/g;
s/Certification Authority/ca/g;
@@ -263,6 +262,7 @@ foreach $cert (@certs)
tr/A-Z/a-z/;
$cert_alias = "extra-$_";
}
+ print "$cert => alias $cert_alias\n";
}
# When it attempts to parse:
#
@@ -297,8 +297,12 @@ foreach $cert (@certs)
if ($write_current_cert == 1)
{
$pem_file_count++;
- open(PEM, ">$cert_alias.pem");
+ print "writing $cert_alias.pem\n";
+ sysopen(PEM, "$cert_alias.pem", O_WRONLY|O_CREAT|O_EXCL)
+ || die("could not write file");
+ print "opened $cert_alias";
print PEM $cert;
+ print "written $cert_alias.pem\n";
}
}
elsif ($cert eq "-----END CERTIFICATE-----\n")
@@ -324,7 +328,7 @@ foreach $cert (@certs)
@pem_files = <*.pem>;
if (@pem_files != $pem_file_count)
{
- print "$pem_file_count";
+ print "$pem_file_count != ". at pem_files."\n";
die "Number of .pem files produced does not match".
" number of certs read from $file.";
}
More information about the scm-commits
mailing list