forked from macports/macports-ports
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
17dbffd
commit 344fb99
Showing
1 changed file
with
234 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,234 @@ | ||
# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4 | ||
|
||
PortSystem 1.0 | ||
|
||
name apple-pki-bundle | ||
version 2018-09-27 | ||
revision 0 | ||
categories net www security | ||
license OpenSSL | ||
maintainers {ieee.org:s.t.smith @essandess} openmaintainer | ||
supported_archs noarch | ||
|
||
description Apple PKI certificate bundle | ||
|
||
long_description Installs a bundle of certification authority certificates \ | ||
(CA certs) used on Apple devices. | ||
|
||
homepage https://www.apple.com/certificateauthority/ | ||
|
||
master_sites https://www.apple.com/appleca:appleca \ | ||
https://www.apple.com/certificateauthority:certificateauthority \ | ||
https://developer.apple.com/certificationauthority:certificationauthority \ | ||
https://geotrust.tbs-certificats.com:geotrust \ | ||
https://cacerts.digicert.com:digicert | ||
|
||
distfiles AppleIncRootCertificate.cer:appleca \ | ||
AppleComputerRootCertificate.cer:certificateauthority \ | ||
AppleRootCA-G2.cer:certificateauthority \ | ||
AppleRootCA-G3.cer:certificateauthority \ | ||
AppleISTCA2G1.cer:certificateauthority \ | ||
AppleISTCA8G1.cer:certificateauthority \ | ||
AppleAAICA.cer:certificateauthority \ | ||
AppleAAI2CA.cer:certificateauthority \ | ||
AppleAAICAG3.cer:certificateauthority \ | ||
AppleApplicationIntegrationCA5G1.cer:certificateauthority \ | ||
DevAuthCA.cer:certificateauthority \ | ||
DeveloperIDCA.cer:certificateauthority \ | ||
AppleSoftwareUpdateCertificationAuthority.cer:certificateauthority \ | ||
AppleTimestampCA.cer:certificateauthority \ | ||
AppleWWDRCA.cer:certificationauthority \ | ||
AppleWWDRCAG2.cer:certificateauthority \ | ||
AppleWWDRCAG3.cer:certificateauthority \ | ||
AppleWWDRCAG5.cer:certificateauthority \ | ||
AppleWWDRCAG6.cer:certificateauthority \ | ||
GeoTrust_Global_CA.crt:geotrust \ | ||
GeoTrustPCA-G2.crt:digicert | ||
|
||
checksums AppleIncRootCertificate.cer \ | ||
rmd160 f86e77359a6a61f20fd8eb0deb854ad5a510412a \ | ||
sha256 b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024 \ | ||
size 1215 \ | ||
AppleComputerRootCertificate.cer \ | ||
rmd160 fb3672c5e3c74df263e193b8e3df845dd6d33c51 \ | ||
sha256 0d83b611b648a1a75eb8558400795375cad92e264ed8e9d7a757c1f5ee2bb22d \ | ||
size 1470 \ | ||
AppleRootCA-G2.cer \ | ||
rmd160 300b620e7c4f611e907ae48aebfa8c1858e55a1c \ | ||
sha256 c2b9b042dd57830e7d117dac55ac8ae19407d38e41d88f3215bc3a890444a050 \ | ||
size 1430 \ | ||
AppleRootCA-G3.cer \ | ||
rmd160 4b9f77626fc3b924f105f58c99af71e157c6c2d6 \ | ||
sha256 63343abfb89a6a03ebb57e9b3f5fa7be7c4f5c756f3017b3a8c488c3653e9179 \ | ||
size 583 \ | ||
AppleISTCA2G1.cer \ | ||
rmd160 7c71ab76630c91228ebc153a20ddb48f74301035 \ | ||
sha256 ac2b922ecfd5e01711772fea8ed372de9d1e2245fce3f57a9cdbec77296a424b \ | ||
size 1092 \ | ||
AppleISTCA8G1.cer \ | ||
rmd160 49d458253b7801341f6280efb5d46338c4688875 \ | ||
sha256 63ed1030fe1001060589f4e8ac955768fc0880bcc42be7d906d590e327a57142 \ | ||
size 1216 \ | ||
AppleAAICA.cer \ | ||
rmd160 b4ccf1798244801aa784b7ff0c049c963a20ca29 \ | ||
sha256 2528ba7d9348d6cbc83b169b24860ae7a87a6359c0e5274626edfe8f6c04e2b8 \ | ||
size 1489 \ | ||
AppleAAI2CA.cer \ | ||
rmd160 d623a06611224ea258af9aba8e7f90f5a3dc5b50 \ | ||
sha256 d3496f4b73cd67aab9f2fcb1d5aa41f8dc457769c455c792b70ddb19e92023d6 \ | ||
size 1052 \ | ||
AppleAAICAG3.cer \ | ||
rmd160 5cf343caf0c2836cb7c374f4489af1925da544cb \ | ||
sha256 a64b099dbd73ebb036b4204e1675e8aa821637d09b84980899104ad59d664a3b \ | ||
size 754 \ | ||
AppleApplicationIntegrationCA5G1.cer \ | ||
rmd160 acea444545ee49c6f7bb852e87aa9cee44cc3546 \ | ||
sha256 c0d8efbea821079d1b8a98e1198bfcc669331fa7a9c14f09b969f0af08ce4a43 \ | ||
size 765 \ | ||
DevAuthCA.cer \ | ||
rmd160 130856ebc4cc8503fd3bc253b115f1ad50aafd32 \ | ||
sha256 341ff0b1753889eb5f36921a7386129f302ce4ff603fabaebf06e01fdb236860 \ | ||
size 1051 \ | ||
DeveloperIDCA.cer \ | ||
rmd160 829a7ac0b3daab8b8ab7c5252599b1491aa9d987 \ | ||
sha256 7afc9d01a62f03a2de9637936d4afe68090d2de18d03f29c88cfb0b1ba63587f \ | ||
size 1032 \ | ||
AppleSoftwareUpdateCertificationAuthority.cer \ | ||
rmd160 969679b4511ae94133497c0014e9a95154336ff0 \ | ||
sha256 1299e9bfe776a29ff452f8c4f5e55f3b4dfd2934349dd1850b8274f35c71745c \ | ||
size 1136 \ | ||
AppleTimestampCA.cer \ | ||
rmd160 414a1dc61e313c238adc47f1d8380aa5bb400173 \ | ||
sha256 5eb2b6f76a173e6876ccaca696817bf1a0575e8d5f2a81653e1ddf8dafb751fc \ | ||
size 1456 \ | ||
AppleWWDRCA.cer \ | ||
rmd160 56edfda4fc5664a5431c4fef431d60ac43c5e872 \ | ||
sha256 ce057691d730f89ca25e916f7335f4c8a15713dcd273a658c024023f8eb809c2 \ | ||
size 1062 \ | ||
AppleWWDRCAG2.cer \ | ||
rmd160 0d4330029e28cb238e264d3bc238d4b1798e9385 \ | ||
sha256 9ed4b3b88c6a339cf1387895bda9ca6ea31a6b5ce9edf7511845923b0c8ac94c \ | ||
size 763 \ | ||
AppleWWDRCAG3.cer \ | ||
rmd160 17665bab909900697ee8a9c558b56d986dd8e3e4 \ | ||
sha256 dcf21878c77f4198e4b4614f03d696d89c66c66008d4244e1b99161aac91601f \ | ||
size 1109 \ | ||
AppleWWDRCAG5.cer \ | ||
rmd160 b20a437bdd39e2d960a51164badb7124094e083e \ | ||
sha256 53fd008278e5a595fe1e908ae9c5e5675f26243264a5a6438c023e3ce2870760 \ | ||
size 1113 \ | ||
AppleWWDRCAG6.cer \ | ||
rmd160 505ae3637933095ddf6cb40aa12bf0b1ded0ab09 \ | ||
sha256 bdd4ed6e74691f0c2bfd01be0296197af1379e0418e2d300efa9c3bef642ca30 \ | ||
size 794 \ | ||
GeoTrust_Global_CA.crt \ | ||
rmd160 b481fa4b7532b3d6b353463267df2eafeea8a043 \ | ||
sha256 9bde21d1c3414421fc6ff9ae79f1688c0193bc1cd0f1417f9adf0cdbed3b6250 \ | ||
size 1236 \ | ||
GeoTrustPCA-G2.crt \ | ||
rmd160 fc4e5fc888b926cd12871ac9b650cf68b028736e \ | ||
sha256 5edb7ac43b82a06a8761e8d7be4979ebf2611f7dd79bf91c1c6b566a219ed766 \ | ||
size 690 | ||
|
||
# non-Apple CAs in the bundle | ||
# for f in ${worksrcpath}/*.pem; do openssl x509 -inform pem -text -noout -in ${f}; done | grep 'CN = ' | grep -v Apple | ||
|
||
variant additional_pki_bundle \ | ||
description {Add PKI bundle used by GitHub assets, possibly others.} { | ||
# openssl s_client -showcerts github.githubassets.com:443 | sed -E '1,/^---$/d' | sed '/^---$/,$d' 1> cert.pem | ||
# openssl x509 -text -noout -in cert.pem | ||
# openssl verify -CAfile trustedCAs.pem cert.pem | ||
|
||
distfiles-append \ | ||
DigiCertHighAssuranceEVRootCA.crt:digicert \ | ||
DigiCertSHA2HighAssuranceServerCA.crt:digicert \ | ||
DigiCertTLSHybridECCSHA3842020CA1-1.crt:digicert \ | ||
DigiCertTLSRSASHA2562020CA1-1.crt:digicert | ||
|
||
checksums-append \ | ||
DigiCertHighAssuranceEVRootCA.crt \ | ||
rmd160 96b6f2d9f8e1ad3fa1868b3b9053160ef8b282c8 \ | ||
sha256 7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf \ | ||
size 969 \ | ||
DigiCertSHA2HighAssuranceServerCA.crt \ | ||
rmd160 a2f7fc7707f0ff19f19c85070e1ab1e29793793d \ | ||
sha256 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0 \ | ||
size 1205 \ | ||
DigiCertTLSHybridECCSHA3842020CA1-1.crt \ | ||
rmd160 1343b2ded7573c390e5f1405e1044ff5774b5afd \ | ||
sha256 f7a9a1b2fd964a3f2670bd668d561fb7c55d3aa9ab8391e7e169702db8a3dbcf \ | ||
size 1051 \ | ||
DigiCertTLSRSASHA2562020CA1-1.crt \ | ||
rmd160 68d5f2b0e1dd6cf8a96d0b4d23a9de5aba203265 \ | ||
sha256 52274c57ce4dee3b49db7a7ff708c040f771898b3be88725a86fb4430182fe14 \ | ||
size 1218 | ||
} | ||
|
||
default_variants +additional_pki_bundle | ||
|
||
set pki_dir ${prefix}/share/${name} | ||
set pki_bundle ${name}.pem | ||
|
||
proc url_to_pem {url pem} { | ||
global worksrcpath | ||
system -W ${worksrcpath} \ | ||
"curl -L ${url} 2>&1 | uu-tac | sed '/^-----BEGIN CERTIFICATE-----$/q' | uu-tac | sed '/^-----END CERTIFICATE-----$/q' > ${pem}" | ||
} | ||
|
||
depends_build-append \ | ||
port:coreutils-uutils \ | ||
port:file \ | ||
path:bin/openssl:openssl | ||
|
||
extract.only | ||
extract.mkdir yes | ||
|
||
post-extract { | ||
# https://www.apple.com/certificateauthority/public/ | ||
foreach {url pem} { | ||
https://valid-aaa-rsa.apple.com/ apsrsa12g1.pem | ||
https://valid-aaa-ecc.apple.com/ apsecc12g1.pem | ||
https://valid-gr2-rsa.apple.com/ apevsrsa1g1.pem | ||
https://valid-har-rsa.apple.com/ apevsrsa2g1.pem | ||
https://valid-gr3-ecc.apple.com/ apevsecc1g1.pem | ||
} { | ||
url_to_pem ${url} ${pem} | ||
} | ||
} | ||
|
||
use_configure no | ||
|
||
build { | ||
foreach f [glob ${distpath}/*.{cer,crt,der,pem}] { | ||
if { [file isfile ${f}] } { | ||
regsub {\.(cer|crt|der|pem)$} [file tail ${f}] .pem pem | ||
set file_type [exec /bin/sh -c \ | ||
"file ${f} | sed -E 's|^.+: ||' 2>/dev/null || true"] | ||
if {[regexp {^(PEM certificate|ASCII text)$} ${file_type}]} { | ||
file copy ${f} ${worksrcpath}/${pem} | ||
} else { | ||
system -W ${worksrcpath} \ | ||
"openssl x509 -inform der -outform pem -text -in ${f} -out ${pem}" | ||
} | ||
} | ||
} | ||
} | ||
|
||
destroot { | ||
xinstall -d ${destroot}${pki_dir} | ||
|
||
# cat all pem files to a single file | ||
set outfile [open ${destroot}${pki_dir}/${pki_bundle} w] | ||
foreach f [glob ${worksrcpath}/*.pem] { | ||
set file_type [exec /bin/sh -c \ | ||
"file ${f} | sed -E 's|^.+: ||' 2>/dev/null || true"] | ||
if {[regexp {^(PEM certificate|ASCII text)$} ${file_type}]} { | ||
set sourcefile [open ${f} r] | ||
chan copy ${sourcefile} ${outfile} | ||
close ${sourcefile} | ||
} else { | ||
ui_warn "Not installing ${f} because it is not a PEM file." | ||
} | ||
} | ||
close ${outfile} | ||
} |