This repository has been archived by the owner on Mar 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
ca-certificates.yaml
71 lines (63 loc) · 2.26 KB
/
ca-certificates.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package:
name: ca-certificates
version: 20220614
epoch: 1
description: "CA certificates from the Mozilla trusted root program"
target-architecture:
- all
copyright:
- paths:
- "*"
attestation: TODO
license: MPL-2.0 AND MIT
dependencies:
runtime:
environment:
contents:
repositories:
- https://packages.wolfi.dev/bootstrap/stage2
keyring:
- https://packages.wolfi.dev/bootstrap/stage2/wolfi-signing.rsa.pub
packages:
- busybox
- perl
- build-base
- ca-certificates-bundle
- openssl
pipeline:
- uses: fetch
with:
uri: https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/${{package.version}}/ca-certificates-${{package.version}}.tar.gz
expected-sha256: de497e371819f5dd2ad0764e89856fa674e3561d5f8003d79900c983d1075989
- runs: |
make CC="${{host.triplet.gnu}}-gcc"
- runs: |
make install DESTDIR="${{targets.destdir}}"
(
echo "# Automatically generated by ${{package.name}}-${{package.version}}-r${{package.epoch}}"
echo "# Do not edit."
cd "${{targets.destdir}}"/usr/share/ca-certificates
find . -name '*.crt' | sort | cut -b3-
) > "${{targets.destdir}}"/etc/ca-certificates.conf
for i in $(ls *.crt | sort); do
cat "$i"
printf "\n"
done > "${{targets.destdir}}"/etc/ssl/certs/ca-certificates.crt
mkdir -p "${{targets.destdir}}"/etc/apk/protected_paths.d
cat > "${{targets.destdir}}"/etc/apk/protected_paths.d/ca-certificates.list <<-EOF
-etc/ssl/certs/ca-certificates.crt
-etc/ssl/certs/ca-cert-*.pem
-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
EOF
cat > "${{targets.destdir}}"/etc/ca-certificates/update.d/certhash <<-EOF
#!/bin/sh
exec /usr/bin/c_rehash /etc/ssl/certs
EOF
chmod +x "${{targets.destdir}}"/etc/ca-certificates/update.d/certhash
subpackages:
- name: "ca-certificates-bundle"
pipeline:
- runs: |
mkdir -p "${{targets.subpkgdir}}"/etc/ssl/certs
mv "${{targets.destdir}}"/etc/ssl/certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/certs
ln -s certs/ca-certificates.crt "${{targets.subpkgdir}}"/etc/ssl/cert.pem