Home | History | Annotate | Line # | Download | only in share
      1  1.5  riastrad #	$NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $
      2  1.1  riastrad #
      3  1.1  riastrad 
      4  1.1  riastrad MOZCERTS=	/usr/share/certs/mozilla
      5  1.1  riastrad FILESDIR=	${MOZCERTS}/all
      6  1.1  riastrad 
      7  1.1  riastrad TRUSTDOMAINS=	server email code
      8  1.1  riastrad 
      9  1.1  riastrad # Normally it is a bad idea to use file system globs to list sources in
     10  1.1  riastrad # a makefile, but we replace the directory wholesale on regen using the
     11  1.1  riastrad # same pattern below.  So in this case, maintaining an explicit list of
     12  1.1  riastrad # files would be more error-prone.
     13  1.1  riastrad CERTS!=		cd ${.CURDIR:Q} && echo certs/*.pem
     14  1.1  riastrad FILES+=		${CERTS}
     15  1.1  riastrad 
     16  1.1  riastrad .for D in ${TRUSTDOMAINS}
     17  1.1  riastrad $D_CERTS!=	cat ${.CURDIR:Q}/$D.trust
     18  1.1  riastrad .  for C in ${$D_CERTS}
     19  1.2  riastrad SYMLINKS+=	../all/$C.pem ${MOZCERTS}/$D/$C.pem
     20  1.1  riastrad .  endfor
     21  1.1  riastrad .endfor
     22  1.1  riastrad 
     23  1.1  riastrad # The upstream Mozilla certdata.txt lives in the Mozilla nss repository
     24  1.1  riastrad # at https://hg.mozilla.org/projects/nss, under
     25  1.1  riastrad # lib/ckfw/builtins/certdata.txt.
     26  1.1  riastrad #
     27  1.1  riastrad # Updates:
     28  1.1  riastrad #
     29  1.1  riastrad #	1. Go to:
     30  1.1  riastrad #	   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
     31  1.1  riastrad #
     32  1.1  riastrad #	2. Find the top revision and follow the link to `diff'.
     33  1.1  riastrad #
     34  1.1  riastrad #	3. For the file lib/ckfw/builtins/certdata.txt, follow the link to
     35  1.1  riastrad #	   `file'.
     36  1.1  riastrad #
     37  1.1  riastrad #	4. Follow the link to `raw'.
     38  1.1  riastrad #
     39  1.1  riastrad #	5. Record the date of the latest revision and the URL to the
     40  1.1  riastrad #	   raw file in the comment below (includes hg revision).
     41  1.1  riastrad #
     42  1.1  riastrad #	6. Verify that the file matches when downloaded from at least
     43  1.1  riastrad #	   three different networks.  (Suggestions: Your home
     44  1.1  riastrad #	   residential network, a TNF server, and Tor.)
     45  1.1  riastrad #
     46  1.1  riastrad #	7. Once you have verified this, commit certdata.txt.
     47  1.1  riastrad #
     48  1.1  riastrad #	8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes
     49  1.1  riastrad #	   for new special cases and apply to certdata.awk if
     50  1.1  riastrad #	   appropriate.
     51  1.1  riastrad #
     52  1.1  riastrad #	9. After committing certdata.txt and updating certdata.awk, run
     53  1.1  riastrad #	   `make regen' and verify that it builds and installs and
     54  1.1  riastrad #	   generally looks sensible.
     55  1.1  riastrad #
     56  1.1  riastrad #	10. Once you have verified that it builds and installs, cvs add
     57  1.1  riastrad #	   any new files and cvs rm any deleted files under certs/,
     58  1.1  riastrad #	   and commit certs/ and *.trust.
     59  1.1  riastrad #
     60  1.5  riastrad # Latest revision, from 2024-08-23:
     61  1.1  riastrad #
     62  1.5  riastrad # https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt
     63  1.1  riastrad #
     64  1.1  riastrad regen: .PHONY
     65  1.1  riastrad 	rm -f certs/*.pem
     66  1.1  riastrad 	rm -f ${TRUSTDOMAINS:=.trust}
     67  1.1  riastrad 	mkdir tmp
     68  1.3  riastrad 	env LC_ALL=C \
     69  1.1  riastrad 	awk -f certdata.awk \
     70  1.1  riastrad 		-v CERTDIR=certs \
     71  1.1  riastrad 		-v CODETRUST=code.trust \
     72  1.1  riastrad 		-v EMAILTRUST=email.trust \
     73  1.1  riastrad 		-v OPENSSL=openssl \
     74  1.1  riastrad 		-v SERVERTRUST=server.trust \
     75  1.1  riastrad 		-v WORKDIR=tmp \
     76  1.1  riastrad 		<${.CURDIR:Q}/../dist/certdata.txt
     77  1.1  riastrad 	rm -rf tmp
     78  1.1  riastrad 
     79  1.1  riastrad .include <bsd.files.mk>
     80  1.1  riastrad .include <bsd.inc.mk>		# XXX
     81  1.1  riastrad .include <bsd.links.mk>
     82