Home | History | Annotate | Line # | Download | only in share
      1 #	$NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $
      2 #
      3 
      4 MOZCERTS=	/usr/share/certs/mozilla
      5 FILESDIR=	${MOZCERTS}/all
      6 
      7 TRUSTDOMAINS=	server email code
      8 
      9 # Normally it is a bad idea to use file system globs to list sources in
     10 # a makefile, but we replace the directory wholesale on regen using the
     11 # same pattern below.  So in this case, maintaining an explicit list of
     12 # files would be more error-prone.
     13 CERTS!=		cd ${.CURDIR:Q} && echo certs/*.pem
     14 FILES+=		${CERTS}
     15 
     16 .for D in ${TRUSTDOMAINS}
     17 $D_CERTS!=	cat ${.CURDIR:Q}/$D.trust
     18 .  for C in ${$D_CERTS}
     19 SYMLINKS+=	../all/$C.pem ${MOZCERTS}/$D/$C.pem
     20 .  endfor
     21 .endfor
     22 
     23 # The upstream Mozilla certdata.txt lives in the Mozilla nss repository
     24 # at https://hg.mozilla.org/projects/nss, under
     25 # lib/ckfw/builtins/certdata.txt.
     26 #
     27 # Updates:
     28 #
     29 #	1. Go to:
     30 #	   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
     31 #
     32 #	2. Find the top revision and follow the link to `diff'.
     33 #
     34 #	3. For the file lib/ckfw/builtins/certdata.txt, follow the link to
     35 #	   `file'.
     36 #
     37 #	4. Follow the link to `raw'.
     38 #
     39 #	5. Record the date of the latest revision and the URL to the
     40 #	   raw file in the comment below (includes hg revision).
     41 #
     42 #	6. Verify that the file matches when downloaded from at least
     43 #	   three different networks.  (Suggestions: Your home
     44 #	   residential network, a TNF server, and Tor.)
     45 #
     46 #	7. Once you have verified this, commit certdata.txt.
     47 #
     48 #	8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes
     49 #	   for new special cases and apply to certdata.awk if
     50 #	   appropriate.
     51 #
     52 #	9. After committing certdata.txt and updating certdata.awk, run
     53 #	   `make regen' and verify that it builds and installs and
     54 #	   generally looks sensible.
     55 #
     56 #	10. Once you have verified that it builds and installs, cvs add
     57 #	   any new files and cvs rm any deleted files under certs/,
     58 #	   and commit certs/ and *.trust.
     59 #
     60 # Latest revision, from 2024-08-23:
     61 #
     62 # https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt
     63 #
     64 regen: .PHONY
     65 	rm -f certs/*.pem
     66 	rm -f ${TRUSTDOMAINS:=.trust}
     67 	mkdir tmp
     68 	env LC_ALL=C \
     69 	awk -f certdata.awk \
     70 		-v CERTDIR=certs \
     71 		-v CODETRUST=code.trust \
     72 		-v EMAILTRUST=email.trust \
     73 		-v OPENSSL=openssl \
     74 		-v SERVERTRUST=server.trust \
     75 		-v WORKDIR=tmp \
     76 		<${.CURDIR:Q}/../dist/certdata.txt
     77 	rm -rf tmp
     78 
     79 .include <bsd.files.mk>
     80 .include <bsd.inc.mk>		# XXX
     81 .include <bsd.links.mk>
     82