1 # $NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $ 2 # 3 4 MOZCERTS= /usr/share/certs/mozilla 5 FILESDIR= ${MOZCERTS}/all 6 7 TRUSTDOMAINS= server email code 8 9 # Normally it is a bad idea to use file system globs to list sources in 10 # a makefile, but we replace the directory wholesale on regen using the 11 # same pattern below. So in this case, maintaining an explicit list of 12 # files would be more error-prone. 13 CERTS!= cd ${.CURDIR:Q} && echo certs/*.pem 14 FILES+= ${CERTS} 15 16 .for D in ${TRUSTDOMAINS} 17 $D_CERTS!= cat ${.CURDIR:Q}/$D.trust 18 . for C in ${$D_CERTS} 19 SYMLINKS+= ../all/$C.pem ${MOZCERTS}/$D/$C.pem 20 . endfor 21 .endfor 22 23 # The upstream Mozilla certdata.txt lives in the Mozilla nss repository 24 # at https://hg.mozilla.org/projects/nss, under 25 # lib/ckfw/builtins/certdata.txt. 26 # 27 # Updates: 28 # 29 # 1. Go to: 30 # https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt 31 # 32 # 2. Find the top revision and follow the link to `diff'. 33 # 34 # 3. For the file lib/ckfw/builtins/certdata.txt, follow the link to 35 # `file'. 36 # 37 # 4. Follow the link to `raw'. 38 # 39 # 5. Record the date of the latest revision and the URL to the 40 # raw file in the comment below (includes hg revision). 41 # 42 # 6. Verify that the file matches when downloaded from at least 43 # three different networks. (Suggestions: Your home 44 # residential network, a TNF server, and Tor.) 45 # 46 # 7. Once you have verified this, commit certdata.txt. 47 # 48 # 8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes 49 # for new special cases and apply to certdata.awk if 50 # appropriate. 51 # 52 # 9. After committing certdata.txt and updating certdata.awk, run 53 # `make regen' and verify that it builds and installs and 54 # generally looks sensible. 55 # 56 # 10. Once you have verified that it builds and installs, cvs add 57 # any new files and cvs rm any deleted files under certs/, 58 # and commit certs/ and *.trust. 59 # 60 # Latest revision, from 2024-08-23: 61 # 62 # https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt 63 # 64 regen: .PHONY 65 rm -f certs/*.pem 66 rm -f ${TRUSTDOMAINS:=.trust} 67 mkdir tmp 68 env LC_ALL=C \ 69 awk -f certdata.awk \ 70 -v CERTDIR=certs \ 71 -v CODETRUST=code.trust \ 72 -v EMAILTRUST=email.trust \ 73 -v OPENSSL=openssl \ 74 -v SERVERTRUST=server.trust \ 75 -v WORKDIR=tmp \ 76 <${.CURDIR:Q}/../dist/certdata.txt 77 rm -rf tmp 78 79 .include <bsd.files.mk> 80 .include <bsd.inc.mk> # XXX 81 .include <bsd.links.mk> 82