linux-from-scratch/lfs-buildscripts
1
0
Fork 0
mirror of https://github.com/YellowJacketLinux/lfs-buildscripts.git synced 2025-01-23 14:32:20 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

make-ca

Browse Source
This commit is contained in:
YellowJacketLinux 2024-10-10 02:08:23 -07:00
parent 326802326b
commit f4bbf615c1
6 changed files with 207 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CH03-get-sources.sh
View File

@ -102,6 +102,7 @@ getSource "${linux_lts_dnl}" "${linux_lts_sha256}" "${linux_lts_tarball}"
getSource "${lz4_dnl}" "${lz4_sha256}" "${lz4_tarball}"
getSource "${m4_dnl}" "${m4_sha256}" "${m4_tarball}"
getSource "${make_dnl}" "${make_sha256}" "${make_tarball}"
getSource "${makeca_dnl}" "${makeca_sha256}" "${makeca_tarball}"
getSource "${mandb_dnl}" "${mandb_sha256}" "${mandb_tarball}"
getSource "${man_pages_dnl}" "${man_pages_sha256}" "${man_pages_tarball}"
getSource "${markupsafe_dnl}" "${markupsafe_sha256}" "${markupsafe_tarball}"
@ -141,6 +142,7 @@ getSource "${zlib_dnl}" "${zlib_sha256}" "${zlib_tarball}"
getSource "${zstd_dnl}" "${zstd_sha256}" "${zstd_tarball}"
cp ${CWD}/CH8Build/libressl-${libressl_version}-cnf-name.patch .
cp ${CWD}/CH8Build/make-ca-${makeca_version}-libressl.patch .
rm -f ${HOME}/lfs-sources.tar
tar -cpf ${HOME}/lfs-sources.tar .

42
CH8Build/BLFS.11-make-ca.sh Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
source versions.sh
GLSOURCES="/sources"
pushd ${GLSOURCES} > /dev/null 2>&1 || myfail "Failed to move to ${GLSOURCES}"
[ -d make-ca-${makeca_version} ] && rm -rf make-ca-${makeca_version}
tar -zxf ${makeca_tarball}
cd make-ca-${makeca_version}
patch -p1 < ../make-ca-${makeca_version}-libressl.patch
make install
if [ $? -ne 0 ]; then
myfail "Failed installing make-ca"
fi
systemctl enable update-pki.timer
[ ! -d /etc/profile.d ] && mkdir -p /etc/profile.d
cat > /etc/profile.d/pythoncerts.sh << "EOF"
# Begin /etc/profile.d/pythoncerts.sh
export _PIP_STANDALONE_CERT=/etc/pki/tls/certs/ca-bundle.crt
# End /etc/profile.d/pythoncerts.sh
EOF
popd
# cleanup
pushd $GLSOURCES
rm -rf make-ca-${makeca_version}
popd

71
CH8Build/Master.sh
View File

@ -1,6 +1,7 @@
#!/bin/bash
# compiles the system software
FULLSET="35/90"
/bin/bash CH08.01-man-pages.sh
@ -8,7 +9,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.01-man-pages.sh"
exit 1
else
echo "LFS Chapter 8 Man Pages complete [1/35/82]"
echo "LFS Chapter 8 Man Pages complete [1/${FULLSET}]"
sleep 3
fi
@ -18,7 +19,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.02-iana-etc.sh"
exit 1
else
echo "LFS Chapter 8 IANA ETC Complete [2/35/82]"
echo "LFS Chapter 8 IANA ETC Complete [2/${FULLSET}]"
sleep 3
fi
@ -28,7 +29,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.03-glibc.sh"
exit 1
else
echo "LFS Chapter 8 GlibC Complete [3/35/82]"
echo "LFS Chapter 8 GlibC Complete [3/${FULLSET}]"
sleep 3
fi
@ -38,7 +39,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.04-zlib.sh"
exit 1
else
echo "LFS Chapter 8 Zlib Complete [4/35/82]"
echo "LFS Chapter 8 Zlib Complete [4/${FULLSET}]"
sleep 3
fi
@ -48,7 +49,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.05-bzip2.sh"
exit 1
else
echo "LFS Chapter 8 Bzip2 Complete [5/35/82]"
echo "LFS Chapter 8 Bzip2 Complete [5/${FULLSET}]"
sleep 3
fi
@ -58,7 +59,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.06-xz.sh"
exit 1
else
echo "LFS Chapter 8 XZ Complete [6/35/82]"
echo "LFS Chapter 8 XZ Complete [6/${FULLSET}]"
sleep 3
fi
@ -68,7 +69,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.07-lz4.sh"
exit 1
else
echo "LFS Chapter 8 LZ4 Complete [7/35/82]"
echo "LFS Chapter 8 LZ4 Complete [7/${FULLSET}]"
sleep 3
fi
@ -78,7 +79,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.08-zstd.sh"
exit 1
else
echo "LFS Chapter 8 ZSTD Complete [8/35/82]"
echo "LFS Chapter 8 ZSTD Complete [8/${FULLSET}]"
sleep 3
fi
@ -88,7 +89,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.09-file.sh"
exit 1
else
echo "LFS Chapter 8 File Complete [9/35/82]"
echo "LFS Chapter 8 File Complete [9/${FULLSET}]"
sleep 3
fi
@ -98,7 +99,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.10-readline.sh"
exit 1
else
echo "LFS Chapter 8 Readline Complete [10/35/82]"
echo "LFS Chapter 8 Readline Complete [10/${FULLSET}]"
sleep 3
fi
@ -108,7 +109,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.11-m4.sh"
exit 1
else
echo "LFS Chapter 8 M4 Complete [11/35/82]"
echo "LFS Chapter 8 M4 Complete [11/${FULLSET}]"
sleep 3
fi
@ -118,7 +119,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.12-bc.sh"
exit 1
else
echo "LFS Chapter 8 BC Complete [12/35/82]"
echo "LFS Chapter 8 BC Complete [12/${FULLSET}]"
sleep 3
fi
@ -128,7 +129,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.13-flex.sh"
exit 1
else
echo "LFS Chapter 8 Flex Complete [13/35/82]"
echo "LFS Chapter 8 Flex Complete [13/${FULLSET}]"
sleep 3
fi
@ -138,7 +139,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.14-tcl.sh"
exit 1
else
echo "LFS Chapter 8 Tcl Complete [14/35/82]"
echo "LFS Chapter 8 Tcl Complete [14/${FULLSET}]"
sleep 3
fi
@ -148,7 +149,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.15-expect.sh"
exit 1
else
echo "LFS Chapter 8 Expect Complete [15/35/82]"
echo "LFS Chapter 8 Expect Complete [15/${FULLSET}]"
sleep 3
fi
@ -158,7 +159,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.16-dejagnu.sh"
exit 1
else
echo "LFS Chapter 8 DejaGNU Complete [16/35/82]"
echo "LFS Chapter 8 DejaGNU Complete [16/${FULLSET}]"
sleep 3
fi
@ -168,7 +169,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.17-pkgconf.sh"
exit 1
else
echo "LFS Chapter 8 Pkgconf Complete [17/35/82]"
echo "LFS Chapter 8 Pkgconf Complete [17/${FULLSET}]"
sleep 3
fi
@ -178,7 +179,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.18-binutils.sh"
exit 1
else
echo "LFS Chapter 8 Binutils Complete [18/35/82]"
echo "LFS Chapter 8 Binutils Complete [18/${FULLSET}]"
sleep 3
fi
@ -188,7 +189,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.19-gmp.sh"
exit 1
else
echo "LFS Chapter 8 GMP Complete [19/35/82]"
echo "LFS Chapter 8 GMP Complete [19/${FULLSET}]"
sleep 3
fi
@ -198,7 +199,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.20-mpfr.sh"
exit 1
else
echo "LFS Chapter 8 MPFR Complete [20/35/82]"
echo "LFS Chapter 8 MPFR Complete [20/${FULLSET}]"
sleep 3
fi
@ -208,7 +209,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.21-mpc.sh"
exit 1
else
echo "LFS Chapter 8 MPC Complete [21/35/82]"
echo "LFS Chapter 8 MPC Complete [21/${FULLSET}]"
sleep 3
fi
@ -218,7 +219,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.22-attr.sh"
exit 1
else
echo "LFS Chapter 8 Attr Complete [22/35/82]"
echo "LFS Chapter 8 Attr Complete [22/${FULLSET}]"
sleep 3
fi
@ -228,7 +229,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.23-acl.sh"
exit 1
else
echo "LFS Chapter 8 ACL Complete [23/35/82]"
echo "LFS Chapter 8 ACL Complete [23/${FULLSET}]"
sleep 3
fi
@ -238,7 +239,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.24-libcap.sh"
exit 1
else
echo "LFS Chapter 8 Libcap Complete [24/35/82]"
echo "LFS Chapter 8 Libcap Complete [24/${FULLSET}]"
sleep 3
fi
@ -248,7 +249,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.25-libxcrypt.sh"
exit 1
else
echo "LFS Chapter 8 Libxcrypt Complete [25/35/82]"
echo "LFS Chapter 8 Libxcrypt Complete [25/${FULLSET}]"
sleep 3
fi
@ -258,7 +259,7 @@ if [ $? -ne 0 ]; then
echo "failed BLFS.01-cracklib.sh"
exit 1
else
echo "BLFS Cracklib Complete [26/35/82]"
echo "BLFS Cracklib Complete [26/${FULLSET}]"
sleep 3
fi
@ -268,7 +269,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.26-shadow.sh"
exit 1
else
echo "LFS Chapter 8 Shadow Complete [27/35/82]"
echo "LFS Chapter 8 Shadow Complete [27/${FULLSET}]"
sleep 3
fi
@ -278,7 +279,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.27-gcc.sh"
exit 1
else
echo "LFS Chapter 8 GCC Complete [28/35/82]"
echo "LFS Chapter 8 GCC Complete [28/${FULLSET}]"
sleep 60
fi
@ -288,7 +289,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.28-ncurses.sh"
exit 1
else
echo "LFS Chapter 8 Ncurses Complete [29/35/82]"
echo "LFS Chapter 8 Ncurses Complete [29/${FULLSET}]"
sleep 3
fi
@ -298,7 +299,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.29-sed.sh"
exit 1
else
echo "LFS Chapter 8 Sed Complete [30/35/82]"
echo "LFS Chapter 8 Sed Complete [30/${FULLSET}]"
sleep 3
fi
@ -308,7 +309,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.30-psmisc.sh"
exit 1
else
echo "LFS Chapter 8 Psmisc Complete [31/35/82]"
echo "LFS Chapter 8 Psmisc Complete [31/${FULLSET}]"
sleep 3
fi
@ -318,7 +319,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.31-gettext"
exit 1
else
echo "LFS Chapter 8 Gettext Complete [32/35/82]"
echo "LFS Chapter 8 Gettext Complete [32/${FULLSET}]"
sleep 3
fi
@ -328,7 +329,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.32-bison"
exit 1
else
echo "LFS Chapter 8 Bison Complete [33/35/82]"
echo "LFS Chapter 8 Bison Complete [33/${FULLSET}]"
sleep 3
fi
@ -338,7 +339,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.33-grep"
exit 1
else
echo "LFS Chapter 8 Grep Complete [34/35/82]"
echo "LFS Chapter 8 Grep Complete [34/${FULLSET}]"
sleep 3
fi
@ -348,7 +349,7 @@ if [ $? -ne 0 ]; then
echo "failed CH08.34-bash"
exit 1
else
echo "LFS Chapter 8 Bash Complete [35/35/82]"
echo "LFS Chapter 8 Bash Complete [35/${FULLSET}]"
sleep 3
fi

10
CH8Build/Master2.sh
View File

@ -561,6 +561,16 @@ else
sleep 3
fi
/bin/bash BLFS.11-make-ca.sh
if [ $? -ne 0 ]; then
echo "failed BLFS.11-make-ca.sh"
exit 1
else
echo "BLFS make-ca Install Complete [90/${FULLSET}]"
sleep 3
fi
#stripping
/bin/bash CH08.80-stripping.sh > /dev/null 2>&1

112
CH8Build/make-ca-1.14-libressl.patch Normal file
View File

@ -0,0 +1,112 @@
diff -ur make-ca-1.14.orig/copy-trust-modifications make-ca-1.14/copy-trust-modifications
--- make-ca-1.14.orig/copy-trust-modifications 2024-07-13 20:34:30.000000000 -0700
+++ make-ca-1.14/copy-trust-modifications 2024-10-10 01:06:07.204279974 -0700
@@ -34,7 +34,7 @@
LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@"@@g' -e 's@ @_@g'`
# Determine default usage (this can be changed later)
- usage=$(openssl x509 -in ${certificate} -noout -text | \
+ usage=$(libressl x509 -in ${certificate} -noout -text | \
grep -A1 "X509v3 Key Usage:")
trust=""
echo ${usage} | grep -q "Certificate Sign" &&
@@ -43,7 +43,7 @@
trust="${trust} -addtrust emailProtection"
# Place into LOCALDIR
- openssl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \
+ libressl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \
${trust} -out "${LOCALDIR}/${LABELNEW}.pem"
echo -e "${LABELNEW}"
unset LABEL LABELNEW usage trust
diff -ur make-ca-1.14.orig/include.h2m make-ca-1.14/include.h2m
--- make-ca-1.14.orig/include.h2m 2024-07-13 20:34:30.000000000 -0700
+++ make-ca-1.14/include.h2m 2024-10-10 01:06:54.916281150 -0700
@@ -33,7 +33,7 @@
#\ install -vdm755 /etc/ssl/local \
#\ wget http://www.cacert.org/certs/root.crt \
- #\ openssl x509 -in root.crt -text -fingerprint \\ \
+ #\ libressl x509 -in root.crt -text -fingerprint \\ \
-setalias "CAcert Class 1 root" \\ \
-addtrust serverAuth \\ \
-addtrust emailProtection \\ \
diff -ur make-ca-1.14.orig/make-ca make-ca-1.14/make-ca
--- make-ca-1.14.orig/make-ca 2024-07-13 20:34:30.000000000 -0700
+++ make-ca-1.14/make-ca 2024-10-10 01:08:01.212282784 -0700
@@ -27,7 +27,7 @@
CERTUTIL="/usr/bin/certutil"
KEYTOOL="${JAVA_HOME}/bin/keytool"
MD5SUM="/usr/bin/md5sum"
- OPENSSL="/usr/bin/openssl"
+ OPENSSL="/usr/bin/libressl"
TRUST="/usr/bin/trust"
ANCHORDIR="${PKIDIR}/anchors"
ANCHORLIST="${PKIDIR}/anchors.md5sums"
@@ -41,6 +41,7 @@
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
+ CURL="/usr/bin/curl"
fi
# Some data in the certs have UTF-8 characters
@@ -316,7 +317,7 @@
echo " -k, --keytool [\$JAVA_HOME/bin/keytool]"
echo " The path of the Java keytool utility"
echo ""
- echo " -s, --openssl [/usr/bin/openssl]"
+ echo " -s, --openssl [/usr/bin/libressl]"
echo " The path of the openssl utility"
echo ""
echo " -t, --certutil [/usr/bin/certutil]"
@@ -682,7 +683,7 @@
SARGS="${SARGS} -proxy ${PROXY}"
fi
echo GET ${_url} | \
- ${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
+ ${CURL} ${_url} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
unset _url
echo "done."
@@ -707,7 +708,7 @@
# Download the new file
echo -n "Downloading certdata.txt..."
echo GET ${URL} | \
- ${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}"
+ ${CURL} ${URL} 2> /dev/null >> "${CERTDATA}"
_line=$(( $(grep -n -m 1 "^#$" "${CERTDATA}" | cut -d ":" -f 1) - 1))
sed -e "1,${_line}d" -i "${CERTDATA}"
sed "1i # Revision:${REVISION}" -i "${CERTDATA}"
diff -ur make-ca-1.14.orig/make-ca.conf.dist make-ca-1.14/make-ca.conf.dist
--- make-ca-1.14.orig/make-ca.conf.dist 2024-07-13 20:34:30.000000000 -0700
+++ make-ca-1.14/make-ca.conf.dist 2024-10-10 01:03:38.949276320 -0700
@@ -6,7 +6,7 @@
CERTUTIL="/usr/bin/certutil"
KEYTOOL="${JAVA_HOME}/bin/keytool"
MD5SUM="/usr/bin/md5sum"
-OPENSSL="/usr/bin/openssl"
+OPENSSL="/usr/bin/libressl"
TRUST="/usr/bin/trust"
ANCHORDIR="${PKIDIR}/anchors"
ANCHORLIST="${PKIDIR}/anchors.md5sums"
@@ -20,6 +20,7 @@
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
+CURL="/usr/bin/curl"
# Source must be downloaded over https
# Valid urls for download are below
diff -ur make-ca-1.14.orig/update-mscertsign.sh make-ca-1.14/update-mscertsign.sh
--- make-ca-1.14.orig/update-mscertsign.sh 2024-07-13 20:34:30.000000000 -0700
+++ make-ca-1.14/update-mscertsign.sh 2024-10-10 01:09:07.772284424 -0700
@@ -26,7 +26,7 @@
for certbegin in ${startlist}; do
awk "NR==$certbegin,/^-----END CERTIFICATE-----/" mscertsign.txt \
> ${certbegin}.crt
- openssl x509 -noout -in ${certbegin}.crt -hash >> CS.txt
+ libressl x509 -noout -in ${certbegin}.crt -hash >> CS.txt
rm ${certbegin}.crt
done
rm -r mscertsign.txt

5
versions.sh
View File

@ -511,4 +511,9 @@ p11kit_dnl="https://github.com/p11-glue/p11-kit/releases/download/${p11kit_versi
p11kit_sha256="04d0a86450cdb1be018f26af6699857171a188ac6d5b8c90786a60854e1198e5"
p11kit_tarball="p11-kit-${p11kit_version}"
makeca_version="1.14"
makeca_dnl="https://github.com/lfs-book/make-ca/archive/v${makeca_version}/make-ca-${makeca_version}.tar.gz"
makeca_sha256="6391698fe6db16eb190da1aba802bc90c09c8baa4c116d9c65647bea87f190db"
makeca_tarball="make-ca-${makeca_version}.tar.gz"
# EOF