1 1.5 riastrad # $NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $ 2 1.1 riastrad # 3 1.1 riastrad 4 1.1 riastrad MOZCERTS= /usr/share/certs/mozilla 5 1.1 riastrad FILESDIR= ${MOZCERTS}/all 6 1.1 riastrad 7 1.1 riastrad TRUSTDOMAINS= server email code 8 1.1 riastrad 9 1.1 riastrad # Normally it is a bad idea to use file system globs to list sources in 10 1.1 riastrad # a makefile, but we replace the directory wholesale on regen using the 11 1.1 riastrad # same pattern below. So in this case, maintaining an explicit list of 12 1.1 riastrad # files would be more error-prone. 13 1.1 riastrad CERTS!= cd ${.CURDIR:Q} && echo certs/*.pem 14 1.1 riastrad FILES+= ${CERTS} 15 1.1 riastrad 16 1.1 riastrad .for D in ${TRUSTDOMAINS} 17 1.1 riastrad $D_CERTS!= cat ${.CURDIR:Q}/$D.trust 18 1.1 riastrad . for C in ${$D_CERTS} 19 1.2 riastrad SYMLINKS+= ../all/$C.pem ${MOZCERTS}/$D/$C.pem 20 1.1 riastrad . endfor 21 1.1 riastrad .endfor 22 1.1 riastrad 23 1.1 riastrad # The upstream Mozilla certdata.txt lives in the Mozilla nss repository 24 1.1 riastrad # at https://hg.mozilla.org/projects/nss, under 25 1.1 riastrad # lib/ckfw/builtins/certdata.txt. 26 1.1 riastrad # 27 1.1 riastrad # Updates: 28 1.1 riastrad # 29 1.1 riastrad # 1. Go to: 30 1.1 riastrad # https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt 31 1.1 riastrad # 32 1.1 riastrad # 2. Find the top revision and follow the link to `diff'. 33 1.1 riastrad # 34 1.1 riastrad # 3. For the file lib/ckfw/builtins/certdata.txt, follow the link to 35 1.1 riastrad # `file'. 36 1.1 riastrad # 37 1.1 riastrad # 4. Follow the link to `raw'. 38 1.1 riastrad # 39 1.1 riastrad # 5. Record the date of the latest revision and the URL to the 40 1.1 riastrad # raw file in the comment below (includes hg revision). 41 1.1 riastrad # 42 1.1 riastrad # 6. Verify that the file matches when downloaded from at least 43 1.1 riastrad # three different networks. (Suggestions: Your home 44 1.1 riastrad # residential network, a TNF server, and Tor.) 45 1.1 riastrad # 46 1.1 riastrad # 7. Once you have verified this, commit certdata.txt. 47 1.1 riastrad # 48 1.1 riastrad # 8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes 49 1.1 riastrad # for new special cases and apply to certdata.awk if 50 1.1 riastrad # appropriate. 51 1.1 riastrad # 52 1.1 riastrad # 9. After committing certdata.txt and updating certdata.awk, run 53 1.1 riastrad # `make regen' and verify that it builds and installs and 54 1.1 riastrad # generally looks sensible. 55 1.1 riastrad # 56 1.1 riastrad # 10. Once you have verified that it builds and installs, cvs add 57 1.1 riastrad # any new files and cvs rm any deleted files under certs/, 58 1.1 riastrad # and commit certs/ and *.trust. 59 1.1 riastrad # 60 1.5 riastrad # Latest revision, from 2024-08-23: 61 1.1 riastrad # 62 1.5 riastrad # https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt 63 1.1 riastrad # 64 1.1 riastrad regen: .PHONY 65 1.1 riastrad rm -f certs/*.pem 66 1.1 riastrad rm -f ${TRUSTDOMAINS:=.trust} 67 1.1 riastrad mkdir tmp 68 1.3 riastrad env LC_ALL=C \ 69 1.1 riastrad awk -f certdata.awk \ 70 1.1 riastrad -v CERTDIR=certs \ 71 1.1 riastrad -v CODETRUST=code.trust \ 72 1.1 riastrad -v EMAILTRUST=email.trust \ 73 1.1 riastrad -v OPENSSL=openssl \ 74 1.1 riastrad -v SERVERTRUST=server.trust \ 75 1.1 riastrad -v WORKDIR=tmp \ 76 1.1 riastrad <${.CURDIR:Q}/../dist/certdata.txt 77 1.1 riastrad rm -rf tmp 78 1.1 riastrad 79 1.1 riastrad .include <bsd.files.mk> 80 1.1 riastrad .include <bsd.inc.mk> # XXX 81 1.1 riastrad .include <bsd.links.mk> 82