Makefile revision 1.5 1 1.5 riastrad # $NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $
2 1.1 riastrad #
3 1.1 riastrad
4 1.1 riastrad MOZCERTS= /usr/share/certs/mozilla
5 1.1 riastrad FILESDIR= ${MOZCERTS}/all
6 1.1 riastrad
7 1.1 riastrad TRUSTDOMAINS= server email code
8 1.1 riastrad
9 1.1 riastrad # Normally it is a bad idea to use file system globs to list sources in
10 1.1 riastrad # a makefile, but we replace the directory wholesale on regen using the
11 1.1 riastrad # same pattern below. So in this case, maintaining an explicit list of
12 1.1 riastrad # files would be more error-prone.
13 1.1 riastrad CERTS!= cd ${.CURDIR:Q} && echo certs/*.pem
14 1.1 riastrad FILES+= ${CERTS}
15 1.1 riastrad
16 1.1 riastrad .for D in ${TRUSTDOMAINS}
17 1.1 riastrad $D_CERTS!= cat ${.CURDIR:Q}/$D.trust
18 1.1 riastrad . for C in ${$D_CERTS}
19 1.2 riastrad SYMLINKS+= ../all/$C.pem ${MOZCERTS}/$D/$C.pem
20 1.1 riastrad . endfor
21 1.1 riastrad .endfor
22 1.1 riastrad
23 1.1 riastrad # The upstream Mozilla certdata.txt lives in the Mozilla nss repository
24 1.1 riastrad # at https://hg.mozilla.org/projects/nss, under
25 1.1 riastrad # lib/ckfw/builtins/certdata.txt.
26 1.1 riastrad #
27 1.1 riastrad # Updates:
28 1.1 riastrad #
29 1.1 riastrad # 1. Go to:
30 1.1 riastrad # https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
31 1.1 riastrad #
32 1.1 riastrad # 2. Find the top revision and follow the link to `diff'.
33 1.1 riastrad #
34 1.1 riastrad # 3. For the file lib/ckfw/builtins/certdata.txt, follow the link to
35 1.1 riastrad # `file'.
36 1.1 riastrad #
37 1.1 riastrad # 4. Follow the link to `raw'.
38 1.1 riastrad #
39 1.1 riastrad # 5. Record the date of the latest revision and the URL to the
40 1.1 riastrad # raw file in the comment below (includes hg revision).
41 1.1 riastrad #
42 1.1 riastrad # 6. Verify that the file matches when downloaded from at least
43 1.1 riastrad # three different networks. (Suggestions: Your home
44 1.1 riastrad # residential network, a TNF server, and Tor.)
45 1.1 riastrad #
46 1.1 riastrad # 7. Once you have verified this, commit certdata.txt.
47 1.1 riastrad #
48 1.1 riastrad # 8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes
49 1.1 riastrad # for new special cases and apply to certdata.awk if
50 1.1 riastrad # appropriate.
51 1.1 riastrad #
52 1.1 riastrad # 9. After committing certdata.txt and updating certdata.awk, run
53 1.1 riastrad # `make regen' and verify that it builds and installs and
54 1.1 riastrad # generally looks sensible.
55 1.1 riastrad #
56 1.1 riastrad # 10. Once you have verified that it builds and installs, cvs add
57 1.1 riastrad # any new files and cvs rm any deleted files under certs/,
58 1.1 riastrad # and commit certs/ and *.trust.
59 1.1 riastrad #
60 1.5 riastrad # Latest revision, from 2024-08-23:
61 1.1 riastrad #
62 1.5 riastrad # https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt
63 1.1 riastrad #
64 1.1 riastrad regen: .PHONY
65 1.1 riastrad rm -f certs/*.pem
66 1.1 riastrad rm -f ${TRUSTDOMAINS:=.trust}
67 1.1 riastrad mkdir tmp
68 1.3 riastrad env LC_ALL=C \
69 1.1 riastrad awk -f certdata.awk \
70 1.1 riastrad -v CERTDIR=certs \
71 1.1 riastrad -v CODETRUST=code.trust \
72 1.1 riastrad -v EMAILTRUST=email.trust \
73 1.1 riastrad -v OPENSSL=openssl \
74 1.1 riastrad -v SERVERTRUST=server.trust \
75 1.1 riastrad -v WORKDIR=tmp \
76 1.1 riastrad <${.CURDIR:Q}/../dist/certdata.txt
77 1.1 riastrad rm -rf tmp
78 1.1 riastrad
79 1.1 riastrad .include <bsd.files.mk>
80 1.1 riastrad .include <bsd.inc.mk> # XXX
81 1.1 riastrad .include <bsd.links.mk>
82