Up to [cvs.NetBSD.org] / src / external / mpl / mozilla-certdata / share
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Pull up following revision(s) (requested by riastradh in ticket #958): external/mpl/mozilla-certdata/dist/certdata.txt up to 1.1.1.3 external/mpl/mozilla-certdata/share/certs/FIRMAPROFESIONAL_CA_ROOT-A_WEB.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA15.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1351 distrib/sets/lists/base/mi: revision 1.1352 distrib/sets/lists/base/mi: revision 1.1353 external/mpl/mozilla-certdata/share/email.trust: revision 1.3 external/mpl/mozilla-certdata/share/server.trust: revision 1.3 external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA12.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SecureSign_Root_CA14.pem: revision 1.1 external/mpl/mozilla-certdata/share/Makefile: revision 1.5 external/mpl/mozilla-certdata/share/certs/TWCA_CYBER_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA_G2.pem: revision 1.1 mozilla-certdata: Update reference in Makefile. mozilla-certdata: regen mozilla-certdata: Update set lists. One more mozilla-rootcerts file that is now obsolete. This fixes one current build breakage, but there is more to come. distrib/sets/lists/base/mi: Un-obsolete certSIGN_ROOT_CA.pem file. The CA is still kosher for TLS servers, so the original file /usr/share/certs/mozilla/all/certSIGN_ROOT_CA.pem and the symlink /usr/share/certs/mozilla/server/certSIGN_ROOT_CA.pem should still be there. It was only removed from S/MIME email trust, so only the symlink /usr/share/certs/mozilla/email/certSIGN_ROOT_CA.pem is obsolete. PR misc/58667
mozilla-certdata: Update reference in Makefile.
Pull up following revision(s) (requested by riastradh in ticket #620): external/mpl/mozilla-certdata/dist/certdata.txt up to 1.1.1.2 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: file removal external/mpl/mozilla-certdata/share/certs/CommScope_Public_Trust_ECC_Root-01.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1334 external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: file removal external/mpl/mozilla-certdata/share/certs/Telekom_Security_SMIME_ECC_Root_2021.pem: revision 1.1 doc/3RDPARTY: revision 1.1994 external/mpl/mozilla-certdata/share/certs/TrustAsia_Global_Root_CA_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/email.trust: revision 1.2 external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: file removal external/mpl/mozilla-certdata/share/certs/CommScope_Public_Trust_RSA_Root-01.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: file removal external/mpl/mozilla-certdata/share/certs/D-Trust_SBR_Root_CA_2_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/server.trust: revision 1.2 external/mpl/mozilla-certdata/share/certs/D-Trust_SBR_Root_CA_1_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Telekom_Security_TLS_ECC_Root_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: file removal external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: file removal external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: file removal doc/3RDPARTY: revision 1.1982 external/mpl/mozilla-certdata/share/certs/Telekom_Security_TLS_RSA_Root_2023.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: file removal external/mpl/mozilla-certdata/share/certs/CommScope_Public_Trust_ECC_Root-02.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Telekom_Security_SMIME_RSA_Root_2023.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: file removal external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.2 external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: file removal external/mpl/mozilla-certdata/share/Makefile: revision 1.4 external/mpl/mozilla-certdata/share/certs/TrustAsia_Global_Root_CA_G4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/CommScope_Public_Trust_RSA_Root-02.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: file removal external/mpl/mozilla-certdata/share/certdata.awk: revision 1.3 new mozilla-certdata out mozilla-certdata: Update Mozilla certdata.txt. nss hg date: 2024-02-12 nss hg revision: c17a3709bdd6e706040ac268a1d2b488c2fab5d8 Status: Vendor Tag: MOZILLA-CERTDATA Release Tags: mozilla-certdata-20240212 U src/external/mpl/mozilla-certdata/dist/certdata.txt No conflicts created by this import From http://mail-index.netbsd.org/source-changes/2024/03/03/msg150226.html: Committed By: riastradh Date: Sun Mar 3 04:24:41 UTC 2024 mozilla-certdata: Update reference in Makefile. mozilla-certdata: regen mozilla-certdata: Update set lists. doc/3RDPARTY: mozilla-certdata is up-to-date. mozilla-certdata: Fix typo: sprintf, not snprintf, in awk. Only used during import, and only in case something is wrong anyway requiring manual intervention, so no change to builds.
mozilla-certdata: Update reference in Makefile.
mozilla-certdata: Run certdata.awk with LC_ALL=C. This has to be able to printf("%c", ...) to emit arbitrary bytes of output in order to decode the octal-formatted DER data and print it as raw binary DER data. Relevant only at import time, doesn't affect builds.
Pull up following revision(s) (requested by riastradh in ticket #343): external/mpl/mozilla-certdata/dist/certdata.txt: revision 1.1.1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G3.pem: revision 1.1 distrib/sets/lists/man/mi: revision 1.1764 external/mpl/mozilla-certdata/share/certs/ACCVRAIZ1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.pem: revision 1.1 tests/usr.sbin/certctl/certs4/DigiCert_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_E45.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_ECC.pem: revision 1.1 tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1 tests/usr.sbin/certctl/certs2/GTS_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Izenpe.com.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_2.pem: revision 1.1 tests/usr.sbin/certctl/certs4/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Global_Chambersign_Root_-_2008.pem: revision 1.1 distrib/sets/lists/etc/mi: revision 1.272 external/mpl/mozilla-certdata/share/certs/ISRG_Root_X1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TunTrust_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_BR_Root_CA_1_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Root_Certification_Authority_RSA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_EC-384_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/IdenTrust_Public_Sector_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_EC1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SZAFIR_ROOT_CA2.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.1 external/mpl/mozilla-certdata/share/certs/UCA_Global_G2_Root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_Client_ECC_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/COMODO_ECC_Certification_Authority.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.2 tests/usr.sbin/certctl/certs1/DigiCert_Global_Root_CA.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.3 external/mpl/mozilla-certdata/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_RSA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R2.pem: revision 1.1 usr.sbin/certctl/certctl.sh: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.4 external/mpl/mozilla-certdata/share/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SwissSign_Silver_CA_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Starfield_Class_2_CA.pem: revision 1.1 usr.sbin/certctl/certctl.sh: revision 1.2 tests/usr.sbin/certctl/t_certctl.sh: revision 1.5 usr.sbin/certctl/certctl.sh: revision 1.3 tests/usr.sbin/certctl/t_certctl.sh: revision 1.6 usr.sbin/certctl/certctl.sh: revision 1.4 tests/usr.sbin/certctl/t_certctl.sh: revision 1.7 external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem: revision 1.1 tests/usr.sbin/certctl/t_certctl.sh: revision 1.8 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Server_Authentication_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Hongkong_Post_Root_CA_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ANF_Secure_Server_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Symantec_Class_1_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Chambers_of_Commerce_Root_-_2008.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Go_Daddy_Class_2_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/USERTrust_RSA_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P384_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certdata.awk: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_TLS_ECC_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_G2_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_ECA-1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_ECC_Root_CA_2022.pem: revision 1.1 usr.sbin/Makefile: revision 1.292 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/CA_Disig_Root_R2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_C1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Trusted_Root_G4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_G2_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/vTrus_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_R46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-2.pem: revision 1.1 etc/mtree/special: revision 1.176 external/mpl/mozilla-certdata/share/certs/USERTrust_ECC_Certification_Authority.pem: revision 1.1 etc/mtree/special: revision 1.177 etc/mtree/special: revision 1.178 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Premium_ECC.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/vTrus_ECC_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_ECC_P384_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/NAVER_Global_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/server.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/SecureTrust_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/code.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_TLS_RSA_Root_CA_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_TLS_RSA4096_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_G2.pem: revision 1.1 tests/usr.sbin/certctl/certs1/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Sectigo_Public_Email_Protection_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TWCA_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_RSA4096_Root_G5.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Client_ECC_Root_CA_2022.pem: revision 1.1 share/man/man7/hier.7: revision 1.141 external/mpl/mozilla-certdata/share/certs/Certigna.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/certSIGN_Root_CA_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certigna_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R4.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/T-TeleSec_GlobalRoot_Class_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Telia_Root_CA_v2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_RootCA2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TWCA_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Buypass_Class_2_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_ECC_Root_CA_-_C3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_RSA_R2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GTS_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_Client_RSA_Root_CA_2022.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Assured_ID_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HiPKI_Root_CA_-_G1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Starfield_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SwissSign_Gold_CA_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GB_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Networking.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.1.pem: revision 1.1 tests/usr.sbin/certctl/Makefile.inc: revision 1.1 external/mpl/mozilla-certdata/share/certs/COMODO_RSA_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA_2.pem: revision 1.1 tests/usr.sbin/certctl/certs2/GlobalSign_Root_CA_-_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GC_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AffirmTrust_Commercial.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Buypass_Class_3_Root_CA.pem: revision 1.1 distrib/sets/lists/tests/mi: revision 1.1292 external/mpl/mozilla-certdata/share/certs/UCA_Extended_Validation_Root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_ECC_P256_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Network_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2.pem: revision 1.1 external/mpl/mozilla-certdata/share/email.trust: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_2011.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Trusted_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_EV_Root_CA_1_2020.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ePKI_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DIGITALSIGN_GLOBAL_ROOT_ECDSA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_ECC_Root_CA_-_R4.pem: revision 1.1 tests/usr.sbin/certctl/certs2/Makefile: revision 1.1 tests/usr.sbin/Makefile: revision 1.8 external/mpl/mozilla-certdata/share/certs/Trustwave_Global_Certification_Authority.pem: revision 1.1 tests/usr.sbin/certctl/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/IdenTrust_Commercial_Root_CA_1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_SMIME_ECC_P384_Root_G5.pem: revision 1.1 tests/usr.sbin/certctl/certs1/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TrustCor_RootCert_CA-1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Symantec_Class_2_Public_Primary_Certification_Authority_-_G6.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_3.pem: revision 1.1 external/mpl/mozilla-certdata/share/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/Makefile: revision 1.2 external/mpl/mozilla-certdata/share/certs/Microsec_e-Szigno_Root_CA_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/BJCA_Global_Root_CA2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_Client_RSA_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GDCA_TrustAUTH_R5_ROOT.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Amazon_Root_CA_3.pem: revision 1.1 tests/usr.sbin/certctl/certs4/AC_RAIZ_FNMT-RCM.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/ISRG_Root_X2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_CA_3_2013.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Microsoft_RSA_Root_Certificate_Authority_2017.pem: revision 1.1 etc/mtree/NetBSD.dist.base: revision 1.252 external/mpl/mozilla-certdata/share/certs/CFCA_EV_ROOT.pem: revision 1.1 etc/mtree/NetBSD.dist.base: revision 1.253 external/mpl/mozilla-certdata/share/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_Global_Root_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/emSign_Root_CA_-_G1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Microsoft_ECC_Root_Certificate_Authority_2017.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Explicitly_Distrust_DigiNotar_Root_CA.pem: revision 1.1 usr.sbin/certctl/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/Security_Communication_ECC_RootCA1.pem: revision 1.1 usr.sbin/certctl/Makefile: revision 1.2 usr.sbin/certctl/Makefile: revision 1.3 external/mpl/mozilla-certdata/share/certs/GTS_Root_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/e-Szigno_Root_CA_2017.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/certSIGN_ROOT_CA.pem: revision 1.1 doc/3RDPARTY: revision 1.1949 external/mpl/mozilla-certdata/share/certs/Certainly_Root_R1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/TeliaSonera_Root_CA_v1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/HARICA_TLS_RSA_Root_CA_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/NetLock_Arany_Class_Gold.pem: revision 1.1 usr.sbin/postinstall/postinstall.in: revision 1.53 usr.sbin/postinstall/postinstall.in: revision 1.54 tests/usr.sbin/certctl/certs3/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem: revision 1.1 etc/Makefile: revision 1.467 usr.sbin/postinstall/postinstall.in: revision 1.55 tests/usr.sbin/certctl/certs3/Makefile: revision 1.1 external/mpl/mozilla-certdata/share/certs/GLOBALTRUST_2020.pem: revision 1.1 etc/mtree/NetBSD.dist.tests: revision 1.200 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_1_G3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_CA_-_R3.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Actalis_Authentication_Root_CA.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1326 distrib/sets/lists/base/mi: revision 1.1327 external/mpl/mozilla-certdata/share/certs/SecureSign_RootCA11.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1328 external/mpl/mozilla-certdata/share/certs/Comodo_AAA_Services_root.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Entrust_Root_Certification_Authority_-_G2.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/QuoVadis_Root_CA_2_G3.pem: revision 1.1 distrib/sets/lists/base/mi: revision 1.1329 external/mpl/mozilla-certdata/share/certs/COMODO_Certification_Authority.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certum_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/DigiCert_High_Assurance_EV_Root_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Secure_Mail_Root_R45.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Secure_Global_CA.pem: revision 1.1 usr.sbin/certctl/certctl.8: revision 1.1 external/mpl/mozilla-certdata/share/certs/XRamp_Global_CA_Root.pem: revision 1.1 external/mpl/Makefile: revision 1.5 usr.sbin/certctl/certctl.8: revision 1.2 external/mpl/mozilla-certdata/share/certs/D-TRUST_Root_Class_3_CA_2_2009.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Baltimore_CyberTrust_Root.pem: revision 1.1 usr.sbin/certctl/certs.conf: revision 1.1 external/mpl/mozilla-certdata/share/certs/LAWtrust_Root_CA2_4096.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/AC_RAIZ_FNMT-RCM.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/OISTE_WISeKey_Global_Root_GA_CA.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Certainly_Root_E1.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/GlobalSign_Root_E46.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.pem: revision 1.1 external/mpl/mozilla-certdata/share/certs/SSL.com_EV_Root_Certification_Authority_ECC.pem: revision 1.1 certctl(8): New tool for managing OpenSSL CA certificates. Same command-line syntax as FreeBSD, clearer semantics about which parts are config and which parts are cache. mozilla-certdata: Record in doc/3RDPARTY. mozilla-certdata: Makefile infrastructure. mozilla-certdata: regen (actually, just `gen', this first time) mozilla-certdata: Connect it up to the build. postinstall(8): Add opensslcerts item to regen /etc/openssl/certs. Works only with destdir /, since it relies on running openssl(1), which is not available as a tool or required in the cross-build environment. certctl(8): Add xfail test for missing certs.conf. Command should fail, i.e., exit with nonzero status, but it exits with zero instead. certctl(8): Exit nonzero on missing certs.conf. certctl(8): Test prepopulated /etc/openssl/certs. This is the scenario when you have previously populated /etc/openssl/certs manually, or with a package like mozilla-rootcerts or mozilla-rootcerts-openssl, and you update to a version of NetBSD with certctl(8). In this case, certctl(8) should avoid destroying your work. While here, also test some related but less likely edge cases: - nonexistent - symlink - regular file certctl(8): Avoid clobbering prepopulated /etc/openssl/certs. Also avoid clobbering some other edge cases like symlinks or non-directories there. This way, we have the following transitions on system updates: - If /etc/openssl/certs is empty (as in default NetBSD<10 installs): quietly populated on rehash. - If /etc/openssl/certs is nonempty (you've added things to it, e.g. by hand or with mozilla-rootcerts) and has never been managed by certctl(8): left alone on rehash, with an error message to explain what you need to do. - If /etc/openssl/certs has been managed by certctl(8): quietly updated on rehash. Note: This means current installations made since certctl(8) was added will be treated like /etc/openssl/certs is nonempty and has never been managed by certctl(8). To work around this, you can just delete /etc/openssl/certs and rerun `certctl rehash'. postinstall(8): Fail if `certctl rehash' fails. Not using `set -e' here, evidently (maybe we should), so the separate return 0 suppressed the error. distrib/sets/lists: certs.conf belongs in etc, not in base. Oops. certctl(8): Set certs.conf 644 and add it to etc/mtree/special. Now that we have /etc/openssl/certs.conf mentioned here, also list /etc/openssl. hier(7): Document /etc/openssl. certctl(8): Minor man page clarifications. - Specify exactly what /etc/openssl/certs gets populated with. - Change HTTPS to TLS. - Specify the permitted character class in certs.conf. (Maybe more conservative than strictly needed; but let's stay on the safe side.) certctl(8): Fix some bugs with evil pathnames. certctl(8): Fix quoting and whitespace style in evilpath test. No functional change intended. etc/mtree/special: Fix spaces/tabs. No functional change intended. mozilla-certdata: Install relative symlinks. Slightly more compact this way, and you can examine them in a destdir without chrooting. Not terribly important, but a minor convenience. certctl(8): Test more evil pathnames. certctl(8): Install certs.conf in /usr/share/examples too. This way postinstall(8) can refer to the default one when you've done an upgrade without etcupdate or similar to pull in new config files from etc.tgz. Not great -- we should do this systematically for all config files in /etc, but this one-off hack is less risky for 10. postinstall(8): Handle various certs.conf scenarios gracefully. Tested the following scenarios: 1. fresh install empty /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: fail -- needs rehash [x] fix: pass -- quietly rehash successfully (go to 4) 2. fresh upgrade empty /etc/openssl/certs no /etc/openssl/certs.conf - opensslcertsconf [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: pass -- install default /etc/openssl/certs.conf (go to 1) - opensslcertsrehash [x] check: fail -- complain missing /etc/openssl/certs.conf - [x] fix: fail -- complain missing /etc/openssl/certs.conf 3. upgrade from certctl, changes to certs certctl-managed /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: fail -- needs rehash [x] fix: pass -- quietly rehash successfully (go to 4) 4. upgrade from certctl, no changes to certs certctl-managed /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash [x] check: pass [x] fix: pass -- quietly rehash successfully (go to 4) 5. upgrade from mozilla-rootcerts populated /etc/openssl/certs no /etc/openssl/certs.conf - opensslcertsconf: [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: pass -- install manual /etc/openssl/certs.conf (go to 7) - opensslcertsrehash: [x] check: fail -- complain missing /etc/openssl/certs.conf [x] fix: fail -- complain missing /etc/openssl/certs.conf 6. upgrade from mozilla-rootcerts with etcupdate naively populated /etc/openssl/certs default /etc/openssl/certs.conf - opensslcertsconf: [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash: [x] check: fail -- complain mismatched certs/ and certs.conf [x] fix: fail -- complain mismatched certs/ and certs.conf 7. upgrade from mozilla-rootcerts with etcupdate manually populated /etc/openssl/certs manual /etc/openssl/certs.conf - opensslcertsconf: [x] check: pass [x] fix: pass -- nothing - opensslcertsrehash: [x] check: pass [x] fix: pass -- skip rehash because manual (go to 7) XXX Someone should draft automatic tests for postinstall. It has a very good track record, but it sure would be nice to automate this testing rather than redo it each time I make a tiny change.
file Makefile was added on branch netbsd-10 on 2023-09-04 17:33:27 +0000
mozilla-certdata: Install relative symlinks. Slightly more compact this way, and you can examine them in a destdir without chrooting. Not terribly important, but a minor convenience.
mozilla-certdata: Makefile infrastructure.