f27f39db77
This setup will add the trusted certificates from the Mozilla NSS bundle to base. This commit includes: - CAROOT option to opt out of installation of certs - mtree amendments for final destinations - infrastructure to fetch/update certs, along with instructions A follow-up commit will add a certctl(8) utility to give the user control over trust specifics. Another follow-up commit will actually commit the initial result of updatecerts. This work was done primarily by allanjude@, with minor contributions by myself. No objection from: secteam Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16856
22 lines
503 B
Makefile
22 lines
503 B
Makefile
# $FreeBSD$
|
|
|
|
PACKAGE= caroot
|
|
|
|
CLEANFILES+= certdata.txt
|
|
|
|
SUBDIR+= trusted
|
|
SUBDIR+= blacklisted
|
|
|
|
.include <bsd.prog.mk>
|
|
|
|
# To be used by secteam@ to update the trusted certificates
|
|
|
|
fetchcerts: .PHONY
|
|
fetch --no-sslv3 --no-tlsv1 -o certdata.txt 'https://hg.mozilla.org/projects/nss/raw-file/tip/lib/ckfw/builtins/certdata.txt'
|
|
|
|
cleancerts: .PHONY
|
|
@${MAKE} -C ${.CURDIR}/trusted ${.TARGET}
|
|
|
|
updatecerts: .PHONY cleancerts fetchcerts
|
|
perl ${.CURDIR}/MAca-bundle.pl -i certdata.txt -o ${.CURDIR}/trusted
|