Index: head/security/ca_root_nss/Makefile =================================================================== --- head/security/ca_root_nss/Makefile (revision 378719) +++ head/security/ca_root_nss/Makefile (revision 378720) @@ -1,68 +1,70 @@ # $FreeBSD$ PORTNAME= ca_root_nss PORTVERSION= ${VERSION_NSS} +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} MAINTAINER= gecko@FreeBSD.org -COMMENT= The root certificate bundle from the Mozilla Project +COMMENT= Root certificate bundle from the Mozilla Project -OPTIONS_DEFINE= ETCSYMLINK +LICENSE= MPL + +OPTIONS_DEFINE= ETCSYMLINK +OPTIONS_SUB= yes + ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem +ETCSYMLINK_CONFLICTS= ca-roots-[0-9]* USES= perl5 USE_PERL5= build NO_ARCH= yes NO_WRKSUBDIR= yes CERTDIR?= share/certs PLIST_SUB+= CERTDIR=${CERTDIR} # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -# !!! These versions are indented to track security/nss. !!! +# !!! These versions are intended to track security/nss. !!! # !!! Please DO NOT submit patches for new version until it has !!! # !!! been committed there first. !!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! VERSION_NSS= 3.17.4 #NSS_SUFFIX= .with.ckbi.1.93 CERTDATA_TXT_PATH= nss-${VERSION_NSS}/nss/lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl -SUB_FILES= MAca-bundle.pl + +SUB_FILES= MAca-bundle.pl pkg-message SUB_LIST= VERSION_NSS=${VERSION_NSS} .include -.if ${PORT_OPTIONS:METCSYMLINK} -PLIST_SUB+= ETCSYMLINK= -CONFLICTS= ca-roots-[0-9]* -.else -PLIST_SUB+= ETCSYMLINK="@comment " -.endif - do-extract: @${MKDIR} ${WRKDIR} @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ ${CERTDATA_TXT_PATH} @${CP} ${WRKDIR}/${CERTDATA_TXT_PATH} ${WRKDIR} @${RM} -rf ${WRKDIR}/nss-${VERSION_NSS} do-build: apply-slist @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ < ${WRKDIR}/certdata.txt > \ ${WRKDIR}/ca-root-nss.crt do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/${CERTDIR} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/${CERTDIR} post-install: .if ${PORT_OPTIONS:METCSYMLINK} ${MKDIR} ${STAGEDIR}/etc/ssl ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}/etc/ssl/cert.pem .endif ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl - ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem + ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/etc/ssl/cert.pem.sample + ${MKDIR} ${STAGEDIR}${PREFIX}/openssl + ${LN} -sf ${PREFIX}/${CERTDIR}/ca-root-nss.crt ${STAGEDIR}${PREFIX}/openssl/cert.pem.sample .include Index: head/security/ca_root_nss/files/pkg-message.in =================================================================== --- head/security/ca_root_nss/files/pkg-message.in (nonexistent) +++ head/security/ca_root_nss/files/pkg-message.in (revision 378720) @@ -0,0 +1,25 @@ +********************************* WARNING ********************************* + +FreeBSD does not, and can not warrant that the certificate authorities +whose certificates are included in this package have in any way been +audited for trustworthiness or RFC 3647 compliance. + +Assessment and verification of trust is the complete responsibility of the +system administrator. + +*********************************** NOTE ********************************** + +This package installs symlinks to support root certificates discovery by +default for software that uses OpenSSL. + +This enables SSL Certificate Verification by client software without manual +intervention. + +If you prefer to do this manually, replace the following symlinks with +either an empty file or your site-local certificate bundle. + + * /etc/ssl/cert.pem + * %%PREFIX%%/etc/ssl/cert.pem + * %%PREFIX%%/openssl/cert.pem + +*************************************************************************** Property changes on: head/security/ca_root_nss/files/pkg-message.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/ca_root_nss/pkg-plist =================================================================== --- head/security/ca_root_nss/pkg-plist (revision 378719) +++ head/security/ca_root_nss/pkg-plist (revision 378720) @@ -1,3 +1,4 @@ %%CERTDIR%%/ca-root-nss.crt -etc/ssl/cert.pem +@sample etc/ssl/cert.pem.sample +@sample openssl/cert.pem.sample %%ETCSYMLINK%%/etc/ssl/cert.pem