From bf97dab704b2f75326ecbe039f8f172954fe0902 Mon Sep 17 00:00:00 2001 From: "Kun(llfl)" Date: Thu, 13 Apr 2023 10:59:31 +0800 Subject: [PATCH] optimize spec file Signed-off-by: Kun(llfl) --- ca-certificates.spec | 202 +++++++++++++++++++++---------------------- 1 file changed, 101 insertions(+), 101 deletions(-) diff --git a/ca-certificates.spec b/ca-certificates.spec index ed98175..aa65ed5 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -1,7 +1,9 @@ -%define anolis_release 2 +%define anolis_release 3 -%define pkidir %{_sysconfdir}/pki -%define catrustdir %{_sysconfdir}/pki/ca-trust +%define pki_rel pki +%define pkidir %{_sysconfdir}/%{pki_rel} +%define catrust_rel pki/ca-trust +%define catrustdir %{_sysconfdir}/%{catrust_rel} %define classic_tls_bundle ca-bundle.crt %define openssl_format_trust_bundle ca-bundle.trust.crt %define p11_format_bundle ca-bundle.trust.p11-kit @@ -66,45 +68,43 @@ Source19: README.etcssl BuildArch: noarch -Requires(post): bash -Requires(post): grep -Requires(post): sed -Requires(post): coreutils -Requires: bash -Requires: grep -Requires: sed -Requires(post): p11-kit >= 0.23.10 -Requires(post): p11-kit-trust >= 0.23.10 -Requires: p11-kit >= 0.23.10 -Requires: p11-kit-trust >= 0.23.10 - BuildRequires: perl-interpreter BuildRequires: python3 BuildRequires: openssl BuildRequires: asciidoc BuildRequires: libxslt +Requires: bash grep sed +Requires: p11-kit >= 0.23.10 +Requires: p11-kit-trust >= 0.23.10 + +Requires(post): bash grep sed coreutils +Requires(post): p11-kit >= 0.23.10 +Requires(post): p11-kit-trust >= 0.23.10 + %description -This package contains the set of CA certificates chosen by the -Mozilla Foundation for use with the Internet PKI. +%{name} is a package containing a set of trusted root +Certificate Authorities (CA) chosen by the Mozilla Foundation +that can be used to validate and authenticate SSL/TLS connections. +It is a collection of trusted CA certificates that are used by +various applications and operating systems to verify the authenticity +of SSL/TLS connections. %prep -rm -rf %{name} -mkdir %{name} -mkdir %{name}/certs -mkdir %{name}/certs/legacy-default -mkdir %{name}/certs/legacy-disable -mkdir %{name}/java +%setup -c -T -n %{name} +mkdir certs +mkdir certs/legacy-default +mkdir certs/legacy-disable +mkdir java %build -pushd %{name}/certs +pushd certs pwd cp %{SOURCE0} . python3 %{SOURCE4} >c2p.log 2>c2p.err popd -pushd %{name} - ( - cat < %{p11_format_bundle} - - touch %{legacy_default_bundle} - NUM_LEGACY_DEFAULT=`find certs/legacy-default -type f | wc -l` - if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then - for f in certs/legacy-default/*.crt; do - echo "processing $f" - tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` - alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` - targs="" - if [ -n "$tbits" ]; then - for t in $tbits; do - targs="${targs} -addtrust $t" - done - fi - if [ -n "$targs" ]; then - echo "legacy default flags $targs for $f" >> info.trust - openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle} - fi - done - fi - - touch %{legacy_disable_bundle} - NUM_LEGACY_DISABLE=`find certs/legacy-disable -type f | wc -l` - if [ $NUM_LEGACY_DISABLE -ne 0 ]; then - for f in certs/legacy-disable/*.crt; do - echo "processing $f" - tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` - alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` - targs="" - if [ -n "$tbits" ]; then - for t in $tbits; do - targs="${targs} -addtrust $t" - done - fi - if [ -n "$targs" ]; then - echo "legacy disable flags $targs for $f" >> info.trust - openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle} - fi - done - fi - - P11FILES=`find certs -name \*.tmp-p11-kit | wc -l` - if [ $P11FILES -ne 0 ]; then - for p in certs/*.tmp-p11-kit; do - cat "$p" >> %{p11_format_bundle} - done - fi - # Append our trust fixes - cat %{SOURCE3} >> %{p11_format_bundle} -popd + cat %{SOURCE1} |grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}'; + echo '#'; +) > %{p11_format_bundle} + +touch %{legacy_default_bundle} +NUM_LEGACY_DEFAULT=`find certs/legacy-default -type f | wc -l` +if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then + for f in certs/legacy-default/*.crt; do + echo "processing $f" + tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` + alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` + targs="" + if [ -n "$tbits" ]; then + for t in $tbits; do + targs="${targs} -addtrust $t" + done + fi + if [ -n "$targs" ]; then + echo "legacy default flags $targs for $f" >> info.trust + openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_default_bundle} + fi + done +fi -#manpage -cp %{SOURCE10} %{name}/update-ca-trust.8.txt -asciidoc -v -d manpage -b docbook %{name}/update-ca-trust.8.txt -xsltproc --nonet -o %{name}/update-ca-trust.8 %{python3_sitelib}/asciidoc/resources/docbook-xsl/manpage.xsl %{name}/update-ca-trust.8.xml +touch %{legacy_disable_bundle} +NUM_LEGACY_DISABLE=`find certs/legacy-disable -type f | wc -l` +if [ $NUM_LEGACY_DISABLE -ne 0 ]; then + for f in certs/legacy-disable/*.crt; do + echo "processing $f" + tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` + alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` + targs="" + if [ -n "$tbits" ]; then + for t in $tbits; do + targs="${targs} -addtrust $t" + done + fi + if [ -n "$targs" ]; then + echo "legacy disable flags $targs for $f" >> info.trust + openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> %{legacy_disable_bundle} + fi + done +fi + +P11FILES=`find certs -name \*.tmp-p11-kit | wc -l` +if [ $P11FILES -ne 0 ]; then + for p in certs/*.tmp-p11-kit; do + cat "$p" >> %{p11_format_bundle} + done +fi +# Append our trust fixes +cat %{SOURCE3} >> %{p11_format_bundle} -cp %{SOURCE9} %{name}/ca-legacy.8.txt -asciidoc -v -d manpage -b docbook %{name}/ca-legacy.8.txt -xsltproc --nonet -o %{name}/ca-legacy.8 %{python3_sitelib}/asciidoc/resources/docbook-xsl/manpage.xsl %{name}/ca-legacy.8.xml +#manpage +cp %{SOURCE10} update-ca-trust.8.txt +asciidoc -v -d manpage -b docbook update-ca-trust.8.txt +xsltproc --nonet -o update-ca-trust.8 %{python3_sitelib}/asciidoc/resources/docbook-xsl/manpage.xsl update-ca-trust.8.xml +cp %{SOURCE9} ca-legacy.8.txt +asciidoc -v -d manpage -b docbook ca-legacy.8.txt +xsltproc --nonet -o ca-legacy.8 %{python3_sitelib}/asciidoc/resources/docbook-xsl/manpage.xsl ca-legacy.8.xml %install rm -rf $RPM_BUILD_ROOT @@ -201,8 +199,8 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir} mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8 -install -p -m 644 %{name}/update-ca-trust.8 $RPM_BUILD_ROOT%{_mandir}/man8 -install -p -m 644 %{name}/ca-legacy.8 $RPM_BUILD_ROOT%{_mandir}/man8 +install -p -m 644 update-ca-trust.8 $RPM_BUILD_ROOT%{_mandir}/man8 +install -p -m 644 ca-legacy.8 $RPM_BUILD_ROOT%{_mandir}/man8 install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/README install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{catrustdir}/README install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{catrustdir}/extracted/README @@ -213,10 +211,10 @@ install -p -m 644 %{SOURCE17} $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/README install -p -m 644 %{SOURCE18} $RPM_BUILD_ROOT%{catrustdir}/source/README install -p -m 644 %{SOURCE19} $RPM_BUILD_ROOT%{_sysconfdir}/ssl/README -install -p -m 644 %{name}/%{p11_format_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{p11_format_bundle} +install -p -m 644 %{p11_format_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/%{p11_format_bundle} -install -p -m 644 %{name}/%{legacy_default_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle} -install -p -m 644 %{name}/%{legacy_disable_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle} +install -p -m 644 %{legacy_default_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_default_bundle} +install -p -m 644 %{legacy_disable_bundle} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy/%{legacy_disable_bundle} install -p -m 644 %{SOURCE5} $RPM_BUILD_ROOT%{catrustdir}/ca-legacy.conf @@ -248,22 +246,22 @@ chmod 444 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/cacerts.bin # /etc/ssl is provided in a Debian compatible form for (bad) code that # expects it. -ln -s %{catrustdir}/extracted/pem/directory-hash \ +ln -s ../%{catrust_rel}/extracted/pem/directory-hash \ $RPM_BUILD_ROOT%{_sysconfdir}/ssl/certs -ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \ +ln -s ../%{catrust_rel}/extracted/pem/tls-ca-bundle.pem \ $RPM_BUILD_ROOT%{_sysconfdir}/ssl/cert.pem -ln -s /etc/pki/tls/openssl.cnf \ +ln -s ../%{pki_rel}/tls/openssl.cnf \ $RPM_BUILD_ROOT%{_sysconfdir}/ssl/openssl.cnf -ln -s /etc/pki/tls/ct_log_list.cnf \ +ln -s ../%{pki_rel}/tls/ct_log_list.cnf \ $RPM_BUILD_ROOT%{_sysconfdir}/ssl/ct_log_list.cnf # legacy filenames -ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \ +ln -s ../../%{catrust_rel}/extracted/pem/tls-ca-bundle.pem \ $RPM_BUILD_ROOT%{pkidir}/tls/cert.pem -ln -s %{catrustdir}/extracted/pem/tls-ca-bundle.pem \ +ln -s ../../../%{catrust_rel}/extracted/pem/tls-ca-bundle.pem \ $RPM_BUILD_ROOT%{pkidir}/tls/certs/%{classic_tls_bundle} -ln -s %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle} \ +ln -s ../../../%{catrust_rel}/extracted/openssl/%{openssl_format_trust_bundle} \ $RPM_BUILD_ROOT%{pkidir}/tls/certs/%{openssl_format_trust_bundle} -ln -s %{catrustdir}/extracted/%{java_bundle} \ +ln -s ../../%{catrust_rel}/extracted/%{java_bundle} \ $RPM_BUILD_ROOT%{pkidir}/%{java_bundle} @@ -402,8 +400,10 @@ fi %ghost %{catrustdir}/extracted/%{java_bundle} %ghost %{catrustdir}/extracted/edk2/cacerts.bin - %changelog +* Thu Apr 13 2023 Kun(llfl) - 2023.2.60-3 +- optimize spec file + * Wed Mar 29 2023 mgb01105731 - 2023.2.60-2 - Del Specific Fields -- Gitee