mingw/mingw-packages/mingw-w64-ca-certificates/PKGBUILD - kiwivm - Git at Google

 # Maintainer: Alexey Pavlov <alexpux@gmail.com>

 _realname=ca-certificates
 pkgbase=mingw-w64-${_realname}
 pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}"
 pkgver=20200601
 pkgrel=3
 pkgdesc='Common CA certificates (mingw-w64)'
 arch=('any')
 mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32' 'clangarm64')
 url='https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/'
 license=('MPL' 'GPL')
 install="ca-certificates-${MSYSTEM}.install"
 source=("http://archive.ubuntu.com/ubuntu/pool/main/c/${_realname}/${_realname}_${pkgver}.tar.xz"
         'certdata2pem.py'
         'certdata2pem.patch'
         'trust-fixes'
         'update-ca-trust'
         'update-ca-trust.8')
 depends=("${MINGW_PACKAGE_PREFIX}-p11-kit")
 makedepends=("${MINGW_PACKAGE_PREFIX}-openssl"
              "${MINGW_PACKAGE_PREFIX}-p11-kit"
              "${MINGW_PACKAGE_PREFIX}-python"
              'asciidoc' 'libxslt' 'sed' 'grep')
 sha256sums=('43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63'
             'aae6aa5d2bd31064eb923a00a0d37789d3e2f2aa2ef0b39c10228d8d7a3ceb30'
             '5736cc3a73ff9bceed43bafad85100a2fcfdfae1cf2cb7e201b5fa6f1421fc2e'
             'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
             '65fc13d01550be7f89046a62605d6203eb68dba7edf5dbb04a2068b4f7cd2e65'
             'b052972dd118a3e25f785b6caa141599f0db6fc1d943e9ebcd6ca0e1f0421f60')

 prepare() {
   cd "${srcdir}"
   mv "work" "${srcdir}/${_realname}-${pkgver}"

   sed "s|/usr/bin/python|${MINGW_PREFIX}/bin/python|g" -i certdata2pem.py
   patch -p0 -i ${srcdir}/certdata2pem.patch
   cp certdata2pem.py ${srcdir}/${_realname}-${pkgver}/mozilla/certdata2pem.py
   cd ${srcdir}/${_realname}-${pkgver}
   cp ${srcdir}/update-ca-trust sbin/
   cp ${srcdir}/update-ca-trust.8 sbin/
 }

 build() {
   cd ${srcdir}/${_realname}-${pkgver}/mozilla
   mkdir -p legacy-{default,disable}

   PYTHONUTF8=1 PYTHONIOENCODING=utf-8 ${MINGW_PREFIX}/bin/python ./certdata2pem.py

   (
    cat <<EOF
 # This is a bundle of X.509 certificates of public Certificate
 # Authorities.  It was generated from the Mozilla root CA list.
 # These certificates and trust/distrust attributes use the file format accepted
 # by the p11-kit-trust module.
 #
 # Source: nss/lib/ckfw/builtins/certdata.txt
 # Source: nss/lib/ckfw/builtins/nssckbi.h
 #
 # Generated from:
 EOF
     cat nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}';
     echo '#';
   ) > ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt

   touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt
   local NUM_LEGACY_DEFAULT=`find ./legacy-default -type f | wc -l`
   if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then
      for f in ./legacy-default/*.crt; do
        echo "processing $f"
        tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
        alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
        targs=""
        if [ -n "$tbits" ]; then
           for t in $tbits; do
              targs="${targs} -addtrust $t"
           done
        fi
        if [ -n "$targs" ]; then
           echo "legacy default flags $targs for $f" >> info.trust
           openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt
        fi
      done
   fi

   touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt
   NUM_LEGACY_DISABLE=`find ./legacy-disable -type f | wc -l`
   if [ $NUM_LEGACY_DISABLE -ne 0 ]; then
      for f in ./legacy-disable/*.crt; do
        echo "processing $f"
        tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
        alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'`
        targs=""
        if [ -n "$tbits" ]; then
           for t in $tbits; do
              targs="${targs} -addtrust $t"
           done
        fi
        if [ -n "$targs" ]; then
           echo "legacy disable flags $targs for $f" >> info.trust
           openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt
        fi
      done
   fi

   local P11FILES=`find . -name \*.tmp-p11-kit | wc -l`
   if [ $P11FILES -ne 0 ]; then
     for p in ./*.tmp-p11-kit; do
       cat "$p" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt
     done
   fi

   # Append our trust fixes
   cat ${srcdir}/trust-fixes >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt
 }

 package() {
   cd ${srcdir}/${_realname}-${pkgver}

   mkdir -p ${pkgdir}${MINGW_PREFIX}/{bin,lib,share}
   mkdir -p ${pkgdir}${MINGW_PREFIX}/etc
   mkdir -p ${pkgdir}${MINGW_PREFIX}/share/man/man8

   sed -e "s|@PREFIX@|${MINGW_PREFIX}|g" -i ${srcdir}/update-ca-trust
   cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/bin/
   cp -f ${srcdir}/update-ca-trust.8 ${pkgdir}${MINGW_PREFIX}/share/man/man8/

   # for p11-kit
   mkdir -p ${pkgdir}${MINGW_PREFIX}/lib/p11-kit
   cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/lib/p11-kit/p11-kit-extract-trust

   mkdir -p ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-{source,legacy}
   install -p -m 644 ca-bundle.trust.crt          ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-source/ca-bundle.trust.crt
   install -p -m 644 ca-bundle.legacy.default.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
   install -p -m 644 ca-bundle.legacy.disable.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt

   # touch all files overwritten by update-ca-trust for easy cleanup
   mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/{extracted,source}
   mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/source/{anchors,blacklist}
   mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/{openssl,pem,java}
   touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
   touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/{tls,email,objsign}-ca-bundle.pem
   touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/java/cacerts

   # for OpenSSL and static ca-certificates consumers
   mkdir -p ${pkgdir}${MINGW_PREFIX}/ssl/certs
   cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/ssl/certs/ca-bundle.crt
   cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/ssl/cert.pem
   cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ${pkgdir}${MINGW_PREFIX}/ssl/certs/ca-bundle.trust.crt
 }
	# Maintainer: Alexey Pavlov <alexpux@gmail.com>

	_realname=ca-certificates
	pkgbase=mingw-w64-${_realname}
	pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}"
	pkgver=20200601
	pkgrel=3
	pkgdesc='Common CA certificates (mingw-w64)'
	arch=('any')
	mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32' 'clangarm64')
	url='https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/'
	license=('MPL' 'GPL')
	install="ca-certificates-${MSYSTEM}.install"
	source=("http://archive.ubuntu.com/ubuntu/pool/main/c/${_realname}/${_realname}_${pkgver}.tar.xz"
	'certdata2pem.py'
	'certdata2pem.patch'
	'trust-fixes'
	'update-ca-trust'
	'update-ca-trust.8')
	depends=("${MINGW_PACKAGE_PREFIX}-p11-kit")
	makedepends=("${MINGW_PACKAGE_PREFIX}-openssl"
	"${MINGW_PACKAGE_PREFIX}-p11-kit"
	"${MINGW_PACKAGE_PREFIX}-python"
	'asciidoc' 'libxslt' 'sed' 'grep')
	sha256sums=('43766d5a436519503dfd65ab83488ae33ab4d4ca3d0993797b58c92eb9ed4e63'
	'aae6aa5d2bd31064eb923a00a0d37789d3e2f2aa2ef0b39c10228d8d7a3ceb30'
	'5736cc3a73ff9bceed43bafad85100a2fcfdfae1cf2cb7e201b5fa6f1421fc2e'
	'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
	'65fc13d01550be7f89046a62605d6203eb68dba7edf5dbb04a2068b4f7cd2e65'
	'b052972dd118a3e25f785b6caa141599f0db6fc1d943e9ebcd6ca0e1f0421f60')

	prepare() {
	cd "${srcdir}"
	mv "work" "${srcdir}/${_realname}-${pkgver}"

	sed "s\|/usr/bin/python\|${MINGW_PREFIX}/bin/python\|g" -i certdata2pem.py
	patch -p0 -i ${srcdir}/certdata2pem.patch
	cp certdata2pem.py ${srcdir}/${_realname}-${pkgver}/mozilla/certdata2pem.py
	cd ${srcdir}/${_realname}-${pkgver}
	cp ${srcdir}/update-ca-trust sbin/
	cp ${srcdir}/update-ca-trust.8 sbin/
	}

	build() {
	cd ${srcdir}/${_realname}-${pkgver}/mozilla
	mkdir -p legacy-{default,disable}

	PYTHONUTF8=1 PYTHONIOENCODING=utf-8 ${MINGW_PREFIX}/bin/python ./certdata2pem.py

	(
	cat <<EOF
	# This is a bundle of X.509 certificates of public Certificate
	# Authorities. It was generated from the Mozilla root CA list.
	# These certificates and trust/distrust attributes use the file format accepted
	# by the p11-kit-trust module.
	#
	# Source: nss/lib/ckfw/builtins/certdata.txt
	# Source: nss/lib/ckfw/builtins/nssckbi.h
	#
	# Generated from:
	EOF
	cat nssckbi.h \| grep -w NSS_BUILTINS_LIBRARY_VERSION \| awk '{print "# " $2 " " $3}';
	echo '#';
	) > ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt

	touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt
	local NUM_LEGACY_DEFAULT=`find ./legacy-default -type f \| wc -l`
	if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then
	for f in ./legacy-default/*.crt; do
	echo "processing $f"
	tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
	alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f \| sed "s/'//g" \| sed 's/"//g'`
	targs=""
	if [ -n "$tbits" ]; then
	for t in $tbits; do
	targs="${targs} -addtrust $t"
	done
	fi
	if [ -n "$targs" ]; then
	echo "legacy default flags $targs for $f" >> info.trust
	openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt
	fi
	done
	fi

	touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt
	NUM_LEGACY_DISABLE=`find ./legacy-disable -type f \| wc -l`
	if [ $NUM_LEGACY_DISABLE -ne 0 ]; then
	for f in ./legacy-disable/*.crt; do
	echo "processing $f"
	tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f`
	alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f \| sed "s/'//g" \| sed 's/"//g'`
	targs=""
	if [ -n "$tbits" ]; then
	for t in $tbits; do
	targs="${targs} -addtrust $t"
	done
	fi
	if [ -n "$targs" ]; then
	echo "legacy disable flags $targs for $f" >> info.trust
	openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt
	fi
	done
	fi

	local P11FILES=`find . -name \*.tmp-p11-kit \| wc -l`
	if [ $P11FILES -ne 0 ]; then
	for p in ./*.tmp-p11-kit; do
	cat "$p" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt
	done
	fi

	# Append our trust fixes
	cat ${srcdir}/trust-fixes >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt
	}

	package() {
	cd ${srcdir}/${_realname}-${pkgver}

	mkdir -p ${pkgdir}${MINGW_PREFIX}/{bin,lib,share}
	mkdir -p ${pkgdir}${MINGW_PREFIX}/etc
	mkdir -p ${pkgdir}${MINGW_PREFIX}/share/man/man8

	sed -e "s\|@PREFIX@\|${MINGW_PREFIX}\|g" -i ${srcdir}/update-ca-trust
	cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/bin/
	cp -f ${srcdir}/update-ca-trust.8 ${pkgdir}${MINGW_PREFIX}/share/man/man8/

	# for p11-kit
	mkdir -p ${pkgdir}${MINGW_PREFIX}/lib/p11-kit
	cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/lib/p11-kit/p11-kit-extract-trust

	mkdir -p ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-{source,legacy}
	install -p -m 644 ca-bundle.trust.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-source/ca-bundle.trust.crt
	install -p -m 644 ca-bundle.legacy.default.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
	install -p -m 644 ca-bundle.legacy.disable.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt

	# touch all files overwritten by update-ca-trust for easy cleanup
	mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/{extracted,source}
	mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/source/{anchors,blacklist}
	mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/{openssl,pem,java}
	touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
	touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/{tls,email,objsign}-ca-bundle.pem
	touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/java/cacerts

	# for OpenSSL and static ca-certificates consumers
	mkdir -p ${pkgdir}${MINGW_PREFIX}/ssl/certs
	cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/ssl/certs/ca-bundle.crt
	cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/ssl/cert.pem
	cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ${pkgdir}${MINGW_PREFIX}/ssl/certs/ca-bundle.trust.crt
	}