repo: Added openssl/ca-certs

2019-05-12 16:15:19 +03:00 · 2019-05-12 16:15:19 +03:00 · c6697b753d
commit c6697b753d
parent f2006f7493
17 changed files with 536 additions and 0 deletions
--- a/repo/ca-certificates/.checksum
+++ b/repo/ca-certificates/.checksum
@ -0,0 +1,3 @@
+ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675  ca-certificates_20190110.tar.xz
+064f7d41106cd9efa08b9e68cf049f44e3be55666bd2ab96d02c508293b8dce7  certdata2pem.c
+9abcbeadae690315b760a4d726d71265b2c479121e2e30e95f9678c4b8d81ef2  update-ca-certificates-destdir.patch
--- a/repo/ca-certificates/build
+++ b/repo/ca-certificates/build
@ -0,0 +1,22 @@
+# Taken from void.
+gcc certdata2pem.c -o "mozilla/certdata2pem"
+
+sed -i mozilla/Makefile \
+        -e 's,python certdata2pem.py,./certdata2pem,g'
+
+patch -p1 -i update-ca-certificates-destdir.patch
+make
+
+cd "$pkg_dir" || return 1
+
+install -m0755 -d usr/share/ca-certificates
+install -m0755 -d usr/bin
+install -m0755 -d usr/sbin
+install -m0755 -d etc/ssl/certs
+
+cd - || return 1
+
+make DESTDIR="$pkg_dir" install
+
+cd "$pkg_dir/usr/share/ca-certificates" || return 1
+find . -name '*.crt' | sort | cut -b3- > "$pkg_dir/etc/ca-certificates.conf"
--- a/repo/ca-certificates/checksums
+++ b/repo/ca-certificates/checksums
@ -0,0 +1,3 @@
+ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675  ca-certificates_20190110.tar.xz
+064f7d41106cd9efa08b9e68cf049f44e3be55666bd2ab96d02c508293b8dce7  certdata2pem.c
+9abcbeadae690315b760a4d726d71265b2c479121e2e30e95f9678c4b8d81ef2  update-ca-certificates-destdir.patch
--- a/repo/ca-certificates/depends
+++ b/repo/ca-certificates/depends
@ -0,0 +1 @@
+openssl
--- a/repo/ca-certificates/files/certdata2pem.c
+++ b/repo/ca-certificates/files/certdata2pem.c
@ -0,0 +1,142 @@
+/* Copyright (C) 2013, Felix Janda <felix.janda@posteo.de>
+
+Permission to use, copy, modify, and/or distribute this software for
+any purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all copies.
+
+SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <err.h>
+
+void xwrite(FILE *f, void *p, size_t size)
+{
+  if (fwrite(p, 1, size, f) != size) err(1, 0);
+}
+
+int main(void)
+{
+  FILE *f;
+  char cert[4096], ecert[4096*4/3 + 100];
+  char *line = 0, *tmp, *filename, *label, *pcert = 0;
+  ssize_t len;
+  size_t size, certsize;
+  int trust;
+  char **blacklist = 0, **node;
+
+  filename = "./blacklist.txt";
+  if (!(f = fopen(filename, "r"))) err(1, "%s", filename);
+  while ((len = getline(&line, &size, f)) != -1) {
+    if ((line[0] != '#') && (len > 1)) {
+      if (!(node = malloc(sizeof(void*) + len))) err(1, 0);
+      *node = (char*)blacklist;
+      memcpy(node + 1, line, len);
+      blacklist = node;
+    }
+  }
+  fclose(f);
+
+  filename = "./certdata.txt";
+  if (!(f = fopen(filename, "r"))) err(1, "%s", filename);
+  while ((len = getline(&line, &size, f)) != -1) {
+    tmp = line;
+    if (line[0] == '#') continue;
+    if (pcert) {
+      if (!strcmp(line, "END\n")) {
+        char *base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+                       "abcdefghijklmnopqrstuvwxyz0123456789+/";
+        size_t i, j, k, val;
+
+        for (i = 0, val = 0, tmp = ecert; i < (size_t)(pcert - cert); i++) {
+          val = (val << 8) + (unsigned char)cert[i];
+          if (i % 3 == 2) {
+            for (j = 0; j < 4; j++, val >>= 6) tmp[3 - j] = base64[val & 0x3f];
+            tmp += 4;
+          }
+          if (i && !(i % 48)) {
+            *tmp = '\n';
+            tmp++;
+          }
+        }
+        if (k = i % 3) {
+          tmp[2] = '=';
+          tmp[3] = '=';
+          val <<= 6 - 2*k;
+          for (j = 0; j < k + 1; j++, val >>= 6) tmp[k - j] = base64[val & 0x3f];
+          tmp += 4;
+        }
+        certsize = tmp - ecert;
+        pcert = 0;
+      } else while (sscanf(tmp, "\\%hho", pcert) == 1) pcert++, tmp += 4;
+    } else if (!memcmp(line, "CKA_LABEL UTF8 ", 15)) {
+
+      char *p2, *tmp2;
+      len -= 15;
+      if (!(label = malloc(len))) err(1, 0);
+      memcpy(label, line + 15, len);
+      trust = 0;
+      for (node = blacklist; node; node = (char**)*node)
+        if (!strcmp(label, (char*)(node + 1))) trust = 4;
+      if (!(p2 = malloc(len + 2))) err(1, 0);
+      for (tmp = label + 1, tmp2 = p2; *tmp != '"'; tmp++, tmp2++) {
+        switch (*tmp) {
+        case '\\':
+          if (sscanf(tmp, "\\x%hhx", tmp2)!=1) errx(1, "Bad triple: %s\n", tmp);
+          tmp += 3;
+          break;
+        case '/':
+        case ' ':
+          *tmp2 = '_';
+          break;
+        case '(':
+        case ')':
+          *tmp2 = '=';
+          break;
+        default:
+          *tmp2 = *tmp;
+        }
+      }
+      strcpy(tmp2, ".crt");
+      free(label);
+      label = p2;
+    } else if (!strcmp(line, "CKA_VALUE MULTILINE_OCTAL\n")) pcert = cert;
+    else if (!memcmp(line, "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_", 39)) {
+      tmp += 39;
+      if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1;
+      else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2;
+    } else if (!memcmp(line,
+                       "CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_", 44)) {
+      tmp += 44;
+      if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1;
+      else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2;
+      if (!trust) printf("Ignoring %s\n", label);
+      if (trust == 1) {
+        FILE *out;
+        if (!(out = fopen(label, "w"))) err(1, "%s", label);
+        xwrite(out, "-----BEGIN CERTIFICATE-----\n", 28);
+        xwrite(out, ecert, certsize);
+        xwrite(out, "\n-----END CERTIFICATE-----\n", 27);
+        fclose(out);
+      }
+    }
+  }
+  fclose(f);
+  
+  while (blacklist) {
+    node = (char**)*blacklist;
+    free(blacklist);
+    blacklist = node;
+  }
+  free(line);
+  free(label);
+  return 0;
+}
--- a/repo/ca-certificates/manifest
+++ b/repo/ca-certificates/manifest
@ -0,0 +1,175 @@
+/usr/sbin/update-ca-certificates
+/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt
+/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/Taiwan_GRCA.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt
+/usr/share/ca-certificates/mozilla/EE_Certification_Centre_Root_CA.crt
+/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
+/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Global_CA.crt
+/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
+/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt
+/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
+/usr/share/ca-certificates/mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt
+/usr/share/ca-certificates/mozilla/Izenpe.com.crt
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt
+/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt
+/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt
+/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt
+/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt
+/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
+/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/Certinomis_-_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt
+/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G2.crt
+/usr/share/ca-certificates/mozilla/Sonera_Class_2_Root_CA.crt
+/usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
+/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/EC-ACC.crt
+/usr/share/ca-certificates/mozilla/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.crt
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt
+/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt
+/usr/share/ca-certificates/mozilla/Certigna.crt
+/usr/share/ca-certificates/mozilla/Chambers_of_Commerce_Root_-_2008.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt
+/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt
+/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt
+/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt
+/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt
+/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt
+/usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/AC_Raíz_Certicámara_S.A..crt
+/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt
+/usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt
+/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
+/usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt
+/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt
+/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
+/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
+/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
+/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
+/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt
+/usr/share/ca-certificates/mozilla/Symantec_Class_1_Public_Primary_Certification_Authority_-_G4.crt
+/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/UTN_USERFirst_Email_Root_CA.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
+/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt
+/usr/share/ca-certificates/mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt
+/usr/share/ca-certificates/mozilla/Camerfirma_Global_Chambersign_Root.crt
+/usr/share/ca-certificates/mozilla/Trustis_FPS_Root_CA.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt
+/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
+/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt
+/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt
+/usr/share/ca-certificates/mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt
+/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt
+/usr/share/ca-certificates/mozilla/OpenTrust_Root_CA_G3.crt
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
+/usr/share/ca-certificates/mozilla/Certplus_Root_CA_G1.crt
+/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt
+/usr/share/ca-certificates/mozilla/OpenTrust_Root_CA_G1.crt
+/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
+/usr/share/ca-certificates/mozilla/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA_2.crt
+/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt
+/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt
+/usr/share/ca-certificates/mozilla/D-TRUST_Root_CA_3_2013.crt
+/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt
+/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt
+/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/OpenTrust_Root_CA_G2.crt
+/usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt
+/usr/share/ca-certificates/mozilla/Certum_Root_CA.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt
+/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt
+/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt
+/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt
+/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt
+/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt
+/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
+/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt
+/usr/share/ca-certificates/mozilla/Global_Chambersign_Root_-_2008.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt
+/usr/share/ca-certificates/mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
+/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt
+/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
+/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt
+/usr/share/ca-certificates/mozilla/LuxTrust_Global_Root_2.crt
+/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt
+/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Swisscom_Root_CA_2.crt
+/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt
+/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt
+/usr/share/ca-certificates/mozilla/GeoTrust_Universal_CA.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt
+/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_Root_CA_-_G3.crt
+/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
+/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt
+/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt
+/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt
+/usr/share/ca-certificates/mozilla/Deutsche_Telekom_Root_CA_2.crt
+/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
+/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt
+/usr/share/ca-certificates/mozilla/Certplus_Class_2_Primary_CA.crt
+/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt
+/usr/share/ca-certificates/mozilla/AddTrust_Low-Value_Services_Root.crt
+/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt
+/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt
+/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt
+/usr/share/ca-certificates/mozilla/Symantec_Class_2_Public_Primary_Certification_Authority_-_G4.crt
+/usr/share/ca-certificates/mozilla/thawte_Primary_Root_CA_-_G3.crt
+/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt
+/usr/share/ca-certificates/mozilla/SwissSign_Platinum_CA_-_G2.crt
+/usr/share/ca-certificates/mozilla/Certplus_Root_CA_G2.crt
+/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt
+/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt
+/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt
+/var/db/puke/ca-certificates/depends
+/var/db/puke/ca-certificates/sources
+/var/db/puke/ca-certificates/manifest
+/var/db/puke/ca-certificates/files/certdata2pem.c
+/var/db/puke/ca-certificates/checksums
+/var/db/puke/ca-certificates/patches/update-ca-certificates-destdir.patch
+/var/db/puke/ca-certificates/post-install
+/var/db/puke/ca-certificates/.checksum
+/var/db/puke/ca-certificates/build
+/var/db/puke/ca-certificates/version
+/etc/ca-certificates.conf
+/var/db/puke/ca-certificates/patches
+/var/db/puke/ca-certificates/files
+/var/db/puke/ca-certificates
+/var/db/puke
+/var/db
+/var
+/usr/share/ca-certificates/mozilla
+/usr/share/ca-certificates
+/usr/share
+/usr/sbin
+/usr/bin
+/usr
+/etc/ssl/certs
+/etc/ssl
+/etc
--- a/repo/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/repo/ca-certificates/patches/update-ca-certificates-destdir.patch
@ -0,0 +1,20 @@
+--- usr/sbin/update-ca-certificates.orig	2015-05-29 11:09:43.922158838 +0200
+++ usr/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+@@ -24,12 +24,12 @@
+ verbose=0
+ fresh=0
+ default=0
+-CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
+CERTSCONF=$DESTDIR/etc/ca-certificates.conf
+CERTSDIR=/usr/share/ca-certificates
+LOCALCERTSDIR=$DESTDIR/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=/etc/ssl/certs
+-HOOKSDIR=/etc/ca-certificates/update.d
+ETCCERTSDIR=$DESTDIR/etc/ssl/certs
+HOOKSDIR=$DESTDIR/etc/ca-certificates/update.d
+
+ while [ $# -gt 0 ];
+ do
--- a/repo/ca-certificates/post-install
+++ b/repo/ca-certificates/post-install
@ -0,0 +1 @@
+/usr/sbin/update-ca-certificates --fresh
--- a/repo/ca-certificates/sources
+++ b/repo/ca-certificates/sources
@ -0,0 +1,3 @@
+http://ftp.no.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110.tar.xz
+files/certdata2pem.c
+patches/update-ca-certificates-destdir.patch
--- a/repo/ca-certificates/version
+++ b/repo/ca-certificates/version
@ -0,0 +1 @@
+20190110 1
--- a/repo/openssl/.checksum
+++ b/repo/openssl/.checksum
@ -0,0 +1 @@
+5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b  openssl-1.1.1b.tar.gz
--- a/repo/openssl/build
+++ b/repo/openssl/build
@ -0,0 +1,22 @@
+./Configure linux-x86_64 \
+    --prefix=/usr \
+    --libdir=lib \
+    --openssldir=/etc/ssl \
+    shared \
+    enable-ec_nistp_64_gcc_128 \
+    no-async \
+    no-comp \
+    no-idea \
+    no-mdc2 \
+    no-rc5 \
+    no-ec2m \
+    no-sm2 \
+    no-sm4 \
+    no-ssl2 \
+    no-ssl3 \
+    no-seed \
+    no-weak-ssl-ciphers \
+    -Wa,--noexecstack
+
+make
+make DESTDIR="$pkg_dir" install_sw
--- a/repo/openssl/checksums
+++ b/repo/openssl/checksums
@ -0,0 +1 @@
+5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b  openssl-1.1.1b.tar.gz
--- a/repo/openssl/depends
+++ b/repo/openssl/depends
@ -0,0 +1,2 @@
+perl
+zlib
--- a/repo/openssl/manifest
+++ b/repo/openssl/manifest
@ -0,0 +1,136 @@
+/usr/lib/libssl.a
+/usr/lib/libssl.so.1.1
+/usr/lib/engines-1.1/capi.so
+/usr/lib/engines-1.1/padlock.so
+/usr/lib/engines-1.1/afalg.so
+/usr/lib/libcrypto.so
+/usr/lib/libssl.so
+/usr/lib/libcrypto.a
+/usr/lib/pkgconfig/libcrypto.pc
+/usr/lib/pkgconfig/libssl.pc
+/usr/lib/pkgconfig/openssl.pc
+/usr/lib/libcrypto.so.1.1
+/usr/include/openssl/x509.h
+/usr/include/openssl/lhash.h
+/usr/include/openssl/ocsperr.h
+/usr/include/openssl/pkcs12err.h
+/usr/include/openssl/buffer.h
+/usr/include/openssl/engine.h
+/usr/include/openssl/tls1.h
+/usr/include/openssl/mdc2.h
+/usr/include/openssl/seed.h
+/usr/include/openssl/camellia.h
+/usr/include/openssl/x509err.h
+/usr/include/openssl/cmac.h
+/usr/include/openssl/storeerr.h
+/usr/include/openssl/bnerr.h
+/usr/include/openssl/ec.h
+/usr/include/openssl/engineerr.h
+/usr/include/openssl/dtls1.h
+/usr/include/openssl/ui.h
+/usr/include/openssl/comp.h
+/usr/include/openssl/kdferr.h
+/usr/include/openssl/bioerr.h
+/usr/include/openssl/ecdh.h
+/usr/include/openssl/ocsp.h
+/usr/include/openssl/ssl3.h
+/usr/include/openssl/cmserr.h
+/usr/include/openssl/cterr.h
+/usr/include/openssl/rsaerr.h
+/usr/include/openssl/dh.h
+/usr/include/openssl/cryptoerr.h
+/usr/include/openssl/bn.h
+/usr/include/openssl/sslerr.h
+/usr/include/openssl/opensslv.h
+/usr/include/openssl/obj_mac.h
+/usr/include/openssl/uierr.h
+/usr/include/openssl/ssl2.h
+/usr/include/openssl/evp.h
+/usr/include/openssl/conf.h
+/usr/include/openssl/safestack.h
+/usr/include/openssl/rsa.h
+/usr/include/openssl/dsa.h
+/usr/include/openssl/err.h
+/usr/include/openssl/x509v3.h
+/usr/include/openssl/md4.h
+/usr/include/openssl/ecdsa.h
+/usr/include/openssl/txt_db.h
+/usr/include/openssl/opensslconf.h
+/usr/include/openssl/ebcdic.h
+/usr/include/openssl/pkcs7.h
+/usr/include/openssl/srp.h
+/usr/include/openssl/crypto.h
+/usr/include/openssl/symhacks.h
+/usr/include/openssl/randerr.h
+/usr/include/openssl/store.h
+/usr/include/openssl/blowfish.h
+/usr/include/openssl/asn1.h
+/usr/include/openssl/hmac.h
+/usr/include/openssl/dsaerr.h
+/usr/include/openssl/conferr.h
+/usr/include/openssl/asyncerr.h
+/usr/include/openssl/md5.h
+/usr/include/openssl/x509_vfy.h
+/usr/include/openssl/stack.h
+/usr/include/openssl/buffererr.h
+/usr/include/openssl/pkcs12.h
+/usr/include/openssl/pem.h
+/usr/include/openssl/asn1err.h
+/usr/include/openssl/cms.h
+/usr/include/openssl/rand_drbg.h
+/usr/include/openssl/rc5.h
+/usr/include/openssl/evperr.h
+/usr/include/openssl/pemerr.h
+/usr/include/openssl/objectserr.h
+/usr/include/openssl/tserr.h
+/usr/include/openssl/rc2.h
+/usr/include/openssl/kdf.h
+/usr/include/openssl/pem2.h
+/usr/include/openssl/dherr.h
+/usr/include/openssl/srtp.h
+/usr/include/openssl/md2.h
+/usr/include/openssl/ripemd.h
+/usr/include/openssl/conf_api.h
+/usr/include/openssl/des.h
+/usr/include/openssl/ecerr.h
+/usr/include/openssl/comperr.h
+/usr/include/openssl/cast.h
+/usr/include/openssl/idea.h
+/usr/include/openssl/asn1t.h
+/usr/include/openssl/async.h
+/usr/include/openssl/pkcs7err.h
+/usr/include/openssl/modes.h
+/usr/include/openssl/whrlpool.h
+/usr/include/openssl/e_os2.h
+/usr/include/openssl/x509v3err.h
+/usr/include/openssl/objects.h
+/usr/include/openssl/sha.h
+/usr/include/openssl/aes.h
+/usr/include/openssl/ct.h
+/usr/include/openssl/ssl.h
+/usr/include/openssl/ts.h
+/usr/include/openssl/asn1_mac.h
+/usr/include/openssl/bio.h
+/usr/include/openssl/rand.h
+/usr/include/openssl/ossl_typ.h
+/usr/include/openssl/rc4.h
+/usr/bin/c_rehash
+/usr/bin/openssl
+/var/db/puke/openssl/depends
+/var/db/puke/openssl/sources
+/var/db/puke/openssl/manifest
+/var/db/puke/openssl/checksums
+/var/db/puke/openssl/.checksum
+/var/db/puke/openssl/build
+/var/db/puke/openssl/version
+/var/db/puke/openssl
+/var/db/puke
+/var/db
+/var
+/usr/lib/pkgconfig
+/usr/lib/engines-1.1
+/usr/lib
+/usr/include/openssl
+/usr/include
+/usr/bin
+/usr
--- a/repo/openssl/sources
+++ b/repo/openssl/sources
@ -0,0 +1 @@
+https://www.openssl.org/source/openssl-1.1.1b.tar.gz
--- a/repo/openssl/version
+++ b/repo/openssl/version
@ -0,0 +1,2 @@
+1.1.1b 1
+
				`@ -0,0 +1 @@`
				`5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b openssl-1.1.1b.tar.gz`
				`@ -0,0 +1 @@`
				`https://www.openssl.org/source/openssl-1.1.1b.tar.gz`