mirror of
https://github.com/YellowJacketLinux/lfs-buildscripts.git
synced 2025-01-23 14:32:20 +08:00
113 lines
4.7 KiB
Diff
113 lines
4.7 KiB
Diff
diff -ur make-ca-1.14.orig/copy-trust-modifications make-ca-1.14/copy-trust-modifications
|
|
--- make-ca-1.14.orig/copy-trust-modifications 2024-07-13 20:34:30.000000000 -0700
|
|
+++ make-ca-1.14/copy-trust-modifications 2024-10-10 01:06:07.204279974 -0700
|
|
@@ -34,7 +34,7 @@
|
|
LABELNEW=`echo "${LABEL}" | /bin/sed -e 's@"@@g' -e 's@ @_@g'`
|
|
|
|
# Determine default usage (this can be changed later)
|
|
- usage=$(openssl x509 -in ${certificate} -noout -text | \
|
|
+ usage=$(libressl x509 -in ${certificate} -noout -text | \
|
|
grep -A1 "X509v3 Key Usage:")
|
|
trust=""
|
|
echo ${usage} | grep -q "Certificate Sign" &&
|
|
@@ -43,7 +43,7 @@
|
|
trust="${trust} -addtrust emailProtection"
|
|
|
|
# Place into LOCALDIR
|
|
- openssl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \
|
|
+ libressl x509 -in ${certificate} -text -fingerprint -setalias "${LABEL}" \
|
|
${trust} -out "${LOCALDIR}/${LABELNEW}.pem"
|
|
echo -e "${LABELNEW}"
|
|
unset LABEL LABELNEW usage trust
|
|
diff -ur make-ca-1.14.orig/include.h2m make-ca-1.14/include.h2m
|
|
--- make-ca-1.14.orig/include.h2m 2024-07-13 20:34:30.000000000 -0700
|
|
+++ make-ca-1.14/include.h2m 2024-10-10 01:06:54.916281150 -0700
|
|
@@ -33,7 +33,7 @@
|
|
|
|
#\ install -vdm755 /etc/ssl/local \
|
|
#\ wget http://www.cacert.org/certs/root.crt \
|
|
- #\ openssl x509 -in root.crt -text -fingerprint \\ \
|
|
+ #\ libressl x509 -in root.crt -text -fingerprint \\ \
|
|
-setalias "CAcert Class 1 root" \\ \
|
|
-addtrust serverAuth \\ \
|
|
-addtrust emailProtection \\ \
|
|
diff -ur make-ca-1.14.orig/make-ca make-ca-1.14/make-ca
|
|
--- make-ca-1.14.orig/make-ca 2024-07-13 20:34:30.000000000 -0700
|
|
+++ make-ca-1.14/make-ca 2024-10-10 01:08:01.212282784 -0700
|
|
@@ -27,7 +27,7 @@
|
|
CERTUTIL="/usr/bin/certutil"
|
|
KEYTOOL="${JAVA_HOME}/bin/keytool"
|
|
MD5SUM="/usr/bin/md5sum"
|
|
- OPENSSL="/usr/bin/openssl"
|
|
+ OPENSSL="/usr/bin/libressl"
|
|
TRUST="/usr/bin/trust"
|
|
ANCHORDIR="${PKIDIR}/anchors"
|
|
ANCHORLIST="${PKIDIR}/anchors.md5sums"
|
|
@@ -41,6 +41,7 @@
|
|
LOCALDIR="${SSLDIR}/local"
|
|
DESTDIR=""
|
|
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
|
|
+ CURL="/usr/bin/curl"
|
|
fi
|
|
|
|
# Some data in the certs have UTF-8 characters
|
|
@@ -316,7 +317,7 @@
|
|
echo " -k, --keytool [\$JAVA_HOME/bin/keytool]"
|
|
echo " The path of the Java keytool utility"
|
|
echo ""
|
|
- echo " -s, --openssl [/usr/bin/openssl]"
|
|
+ echo " -s, --openssl [/usr/bin/libressl]"
|
|
echo " The path of the openssl utility"
|
|
echo ""
|
|
echo " -t, --certutil [/usr/bin/certutil]"
|
|
@@ -682,7 +683,7 @@
|
|
SARGS="${SARGS} -proxy ${PROXY}"
|
|
fi
|
|
echo GET ${_url} | \
|
|
- ${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
|
|
+ ${CURL} ${_url} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
|
|
unset _url
|
|
echo "done."
|
|
|
|
@@ -707,7 +708,7 @@
|
|
# Download the new file
|
|
echo -n "Downloading certdata.txt..."
|
|
echo GET ${URL} | \
|
|
- ${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}"
|
|
+ ${CURL} ${URL} 2> /dev/null >> "${CERTDATA}"
|
|
_line=$(( $(grep -n -m 1 "^#$" "${CERTDATA}" | cut -d ":" -f 1) - 1))
|
|
sed -e "1,${_line}d" -i "${CERTDATA}"
|
|
sed "1i # Revision:${REVISION}" -i "${CERTDATA}"
|
|
diff -ur make-ca-1.14.orig/make-ca.conf.dist make-ca-1.14/make-ca.conf.dist
|
|
--- make-ca-1.14.orig/make-ca.conf.dist 2024-07-13 20:34:30.000000000 -0700
|
|
+++ make-ca-1.14/make-ca.conf.dist 2024-10-10 01:03:38.949276320 -0700
|
|
@@ -6,7 +6,7 @@
|
|
CERTUTIL="/usr/bin/certutil"
|
|
KEYTOOL="${JAVA_HOME}/bin/keytool"
|
|
MD5SUM="/usr/bin/md5sum"
|
|
-OPENSSL="/usr/bin/openssl"
|
|
+OPENSSL="/usr/bin/libressl"
|
|
TRUST="/usr/bin/trust"
|
|
ANCHORDIR="${PKIDIR}/anchors"
|
|
ANCHORLIST="${PKIDIR}/anchors.md5sums"
|
|
@@ -20,6 +20,7 @@
|
|
LOCALDIR="${SSLDIR}/local"
|
|
DESTDIR=""
|
|
URL="https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt"
|
|
+CURL="/usr/bin/curl"
|
|
|
|
# Source must be downloaded over https
|
|
# Valid urls for download are below
|
|
diff -ur make-ca-1.14.orig/update-mscertsign.sh make-ca-1.14/update-mscertsign.sh
|
|
--- make-ca-1.14.orig/update-mscertsign.sh 2024-07-13 20:34:30.000000000 -0700
|
|
+++ make-ca-1.14/update-mscertsign.sh 2024-10-10 01:09:07.772284424 -0700
|
|
@@ -26,7 +26,7 @@
|
|
for certbegin in ${startlist}; do
|
|
awk "NR==$certbegin,/^-----END CERTIFICATE-----/" mscertsign.txt \
|
|
> ${certbegin}.crt
|
|
- openssl x509 -noout -in ${certbegin}.crt -hash >> CS.txt
|
|
+ libressl x509 -noout -in ${certbegin}.crt -hash >> CS.txt
|
|
rm ${certbegin}.crt
|
|
done
|
|
rm -r mscertsign.txt
|