summarylogtreecommitdiffstats
path: root/PKGBUILD
blob: f120d5614426e8ed8d7c06202411d8cb766c3e04 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Maintainer: Tiago Brait <tiagobrait AT gmail DOT com>

#2014 tiagobrait
pkgname=ca-certificates-icp_br
pkgver=20153107
pkgrel=1
pkgdesc="Brazilian government Certification Authorities"
arch=('any')
url="http://www.iti.gov.br/icp-brasil/certificados/188-atualizacao/4530-ac-raiz"
license=('GPL')
depends=('ca-certificates')
makedepends=('unzip')
install='ca-certificates-icp_br.install'
source=(
    'http://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip'
    )

sha512sums=(
    '3102c3ac9dfa3fd550f6267966ad71ecb83d2ca3ddd5a4e1f553230670c9dab96bc224370da18924bb5d6154872a90b656c77c10f2ddfbf58fd00b15cae56256'
    )

package() {
  local cert_tag='icp_br'
  cd ${srcdir}
  for cert in $(find * -name '*.crt'); do
    #apprently some geniuses decided to include filenames with spaces in newer 
    #releaes, so we need to look for them and rename if necessary. nice going.
    local nospc_name=$(echo $cert | sed s/\ /_/g)
    if [ "$cert" != "$nospc_name" ]; then 
      mv "$cert" "$nospc_name"
      cert=$nospc_name
    fi
    
    #'tag' each certificate's filename, so it's easier to identify them, since 
    #looks like we cannot put them in a subdirectory anymore.
    local new_cert_name=${cert_tag}.${cert}
    
    #avanced debugging techniques
    #echo  "> processing  $cert (to become $new_cert_name)"

    #some certificates are distributed with a .crt extension but are actually
    #in DER format  instead of PEM (probably because government). If that's the
    #case, we convert them to PEM so everything works properly.
    if [ "$(file $cert | cut -f2 -d\: | tr -d ' ')" = "data" ]; then
      local cert_der=${cert}.der
      mv ${cert}  ${cert_der}
      /usr/bin/openssl x509 -in ${cert_der} -inform der -out ${new_cert_name}
      rm $cert_der
      msg2 "Converted '$(basename $cert)' from DER to PEM"
    else
      mv ${cert} ${new_cert_name}
    fi
  done
  install -d -m0755 $pkgdir/etc/ca-certificates/trust-source/anchors
  install -m0644 *.crt $pkgdir/etc/ca-certificates/trust-source/anchors
}