xref: /netbsd-src/external/mpl/mozilla-certdata/share/Makefile (revision 802036e2db2737ed0f2108cdd7c644d143753be5) 
1#	$NetBSD: Makefile,v 1.5 2024/09/08 15:23:55 riastradh Exp $
2#
3
4MOZCERTS=	/usr/share/certs/mozilla
5FILESDIR=	${MOZCERTS}/all
6
7TRUSTDOMAINS=	server email code
8
9# Normally it is a bad idea to use file system globs to list sources in
10# a makefile, but we replace the directory wholesale on regen using the
11# same pattern below.  So in this case, maintaining an explicit list of
12# files would be more error-prone.
13CERTS!=		cd ${.CURDIR:Q} && echo certs/*.pem
14FILES+=		${CERTS}
15
16.for D in ${TRUSTDOMAINS}
17$D_CERTS!=	cat ${.CURDIR:Q}/$D.trust
18.  for C in ${$D_CERTS}
19SYMLINKS+=	../all/$C.pem ${MOZCERTS}/$D/$C.pem
20.  endfor
21.endfor
22
23# The upstream Mozilla certdata.txt lives in the Mozilla nss repository
24# at https://hg.mozilla.org/projects/nss, under
25# lib/ckfw/builtins/certdata.txt.
26#
27# Updates:
28#
29#	1. Go to:
30#	   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
31#
32#	2. Find the top revision and follow the link to `diff'.
33#
34#	3. For the file lib/ckfw/builtins/certdata.txt, follow the link to
35#	   `file'.
36#
37#	4. Follow the link to `raw'.
38#
39#	5. Record the date of the latest revision and the URL to the
40#	   raw file in the comment below (includes hg revision).
41#
42#	6. Verify that the file matches when downloaded from at least
43#	   three different networks.  (Suggestions: Your home
44#	   residential network, a TNF server, and Tor.)
45#
46#	7. Once you have verified this, commit certdata.txt.
47#
48#	8. Review https://wiki.mozilla.org/CA/Additional_Trust_Changes
49#	   for new special cases and apply to certdata.awk if
50#	   appropriate.
51#
52#	9. After committing certdata.txt and updating certdata.awk, run
53#	   `make regen' and verify that it builds and installs and
54#	   generally looks sensible.
55#
56#	10. Once you have verified that it builds and installs, cvs add
57#	   any new files and cvs rm any deleted files under certs/,
58#	   and commit certs/ and *.trust.
59#
60# Latest revision, from 2024-08-23:
61#
62# https://hg.mozilla.org/projects/nss/raw-file/872bd5fefe12bc48a9c65e9ea7f189df243d835a/lib/ckfw/builtins/certdata.txt
63#
64regen: .PHONY
65	rm -f certs/*.pem
66	rm -f ${TRUSTDOMAINS:=.trust}
67	mkdir tmp
68	env LC_ALL=C \
69	awk -f certdata.awk \
70		-v CERTDIR=certs \
71		-v CODETRUST=code.trust \
72		-v EMAILTRUST=email.trust \
73		-v OPENSSL=openssl \
74		-v SERVERTRUST=server.trust \
75		-v WORKDIR=tmp \
76		<${.CURDIR:Q}/../dist/certdata.txt
77	rm -rf tmp
78
79.include <bsd.files.mk>
80.include <bsd.inc.mk>		# XXX
81.include <bsd.links.mk>
82