diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:10:40 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:10:40 +0000 |
| commit | 566fd589c5ee5d23902ef807f0fde30701b9db93 (patch) | |
| tree | 6c661dce007545291cfc2f515a7af6cc15a418ff /examples | |
| parent | Initial commit. (diff) | |
| download | ca-certificates-upstream.tar.xz ca-certificates-upstream.zip | |
Adding upstream version 20240203.upstream/20240203upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/ca-certificates-local/Makefile | 14 | ||||
| -rw-r--r-- | examples/ca-certificates-local/README | 81 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/ca-certificates-local.triggers | 1 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/changelog | 5 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/compat | 1 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/control | 20 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/copyright | 6 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/postrm | 26 | ||||
| -rwxr-xr-x | examples/ca-certificates-local/debian/rules | 11 | ||||
| -rw-r--r-- | examples/ca-certificates-local/debian/source/format | 1 | ||||
| -rw-r--r-- | examples/ca-certificates-local/local/Local_Root_CA.crt | 3 | ||||
| -rw-r--r-- | examples/ca-certificates-local/local/Makefile | 13 |
12 files changed, 182 insertions, 0 deletions
diff --git a/examples/ca-certificates-local/Makefile b/examples/ca-certificates-local/Makefile new file mode 100644 index 0000000..a872252 --- /dev/null +++ b/examples/ca-certificates-local/Makefile @@ -0,0 +1,14 @@ +# +# Makefile +# + +LOCALCERTSDIR = /usr/local/share/ca-certificates + +all: + +clean: + +install: + mkdir -p $(DESTDIR)/$(LOCALCERTSDIR); \ + $(MAKE) -C local install LOCALCERTSDIR=$(DESTDIR)/$(LOCALCERTSDIR) + diff --git a/examples/ca-certificates-local/README b/examples/ca-certificates-local/README new file mode 100644 index 0000000..f00891b --- /dev/null +++ b/examples/ca-certificates-local/README @@ -0,0 +1,81 @@ +The Debian Package ca-certificates-local +---------------------------- + +This package includes local CA certificates to be installed in +/usr/local/share/ca-certificates. The CA certificates installed by this +package will be implicitly trusted. + +This is an example stub source package that includes a dummy CA +certificate in the local/ directory. Remove the dummy certificate, copy +your trusted local root CA (in PEM format with the filename ending in +".crt") to the local/ directory, edit files in the debian/ directory as +desired, and build your custom package. + +---------------------------- + +Steps to build your custom local root CA package from this example: + +- Check that your local root CA is in PEM-encoded format, the filename + ends in ".crt", and that it is properly usable by openssl; for example: + + $ openssl x509 -text -in Deep_Thought_Dummy_Root_CA.crt + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 66 (0x42) + Signature Algorithm: sha1WithRSAEncryption + Issuer: CN=Deep Thought Dummy Root CA + Validity + Not Before: Aug 29 00:00:00 2013 GMT + Not After : Aug 28 23:59:59 2042 GMT + Subject: CN=Deep Thought Dummy Root CA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:a2:e3:00:b0:d2:fa:92:57:02:97:5e:80:e0:1a: + <...> + c5:6e:dc:50:7f:3f:34:b8:29 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C3:FF:DB:49:E2:8A:A4:26:62:19:74:F0:66:41:E1:5F:F7:4B:3F:A7 + X509v3 Key Usage: + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA + Signature Algorithm: sha1WithRSAEncryption + 1f:32:49:f2:7f:ed:80:62:2e:49:b7:ce:84:b9:c1:c5:1a:f6: + <...> + 32:2d + -----BEGIN CERTIFICATE----- + MIICEjCCAXugAwIBAgIBQjANBgkqhkiG9w0BAQUFADAlMSMwIQYDVQQDExpEZWVw + <...> + yTxhjDIt + -----END CERTIFICATE----- + +- Copy this example source package somewhere to build as a normal user, + for instance your home directory: + + $ cp -a /usr/share/doc/ca-certificates/examples/ca-certificates-local ~/ + $ cd ~/ca-certificates-local/ + +- Remove the dummy CA certificate, copy your local root CA certificate(s) + to the local/ directory, and build the package: + + $ rm local/Local_Root_CA.crt + $ cp /path/to/YourOrg_Root_CA.crt local/ + $ dpkg-buildpackage + +- Install the package (or copy it to your local apt repository for + installation on lots of machines): + + $ sudo dpkg -i ../ca-certificates-local_0.1_all.deb + +- Feel free to edit the files under the debian/ directory for items like + the maintainer name and email address, version, etc. to better reflect + your own organization. This is just an example to get you started with + a proper local root CA package. + diff --git a/examples/ca-certificates-local/debian/ca-certificates-local.triggers b/examples/ca-certificates-local/debian/ca-certificates-local.triggers new file mode 100644 index 0000000..2508bbf --- /dev/null +++ b/examples/ca-certificates-local/debian/ca-certificates-local.triggers @@ -0,0 +1 @@ +activate update-ca-certificates-fresh diff --git a/examples/ca-certificates-local/debian/changelog b/examples/ca-certificates-local/debian/changelog new file mode 100644 index 0000000..dccdbf6 --- /dev/null +++ b/examples/ca-certificates-local/debian/changelog @@ -0,0 +1,5 @@ +ca-certificates-local (0.1) unstable; urgency=low + + * Initial Release. + + -- System Administrator <root@localhost.localdomain> Thu, 29 Aug 2013 00:42:42 -0000 diff --git a/examples/ca-certificates-local/debian/compat b/examples/ca-certificates-local/debian/compat new file mode 100644 index 0000000..45a4fb7 --- /dev/null +++ b/examples/ca-certificates-local/debian/compat @@ -0,0 +1 @@ +8 diff --git a/examples/ca-certificates-local/debian/control b/examples/ca-certificates-local/debian/control new file mode 100644 index 0000000..91cecf5 --- /dev/null +++ b/examples/ca-certificates-local/debian/control @@ -0,0 +1,20 @@ +Source: ca-certificates-local +Section: misc +Priority: extra +Maintainer: System Administrator <root@localhost.localdomain> +Build-Depends: debhelper (>= 8.0.0) +Standards-Version: 3.9.4 + +Package: ca-certificates-local +Architecture: all +Depends: ca-certificates (>= 20130119), ${misc:Depends} +Description: Local CA certificates + This package includes local CA certificates to be installed in + /usr/local/share/ca-certificates. The CA certificates installed by this + package will be implicitly trusted. + . + This is an example stub source package that includes a dummy CA + certificate in the local/ directory. Remove the dummy certificate, copy + your trusted local root CA (in PEM format with the filename ending in + ".crt") to the local/ directory, edit files in the debian/ directory as + desired, and build your custom package. diff --git a/examples/ca-certificates-local/debian/copyright b/examples/ca-certificates-local/debian/copyright new file mode 100644 index 0000000..33ce0fc --- /dev/null +++ b/examples/ca-certificates-local/debian/copyright @@ -0,0 +1,6 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: 2013 System Administrator <root@localhost.localdomain> +License: ... + diff --git a/examples/ca-certificates-local/debian/postrm b/examples/ca-certificates-local/debian/postrm new file mode 100644 index 0000000..2a8df55 --- /dev/null +++ b/examples/ca-certificates-local/debian/postrm @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + # Recreate the /usr/local/share/ca-certificates directory, since we are + # ignoring Debian Policy by intentionally installing here. Removal of + # ca-certificates-local removes this directory if empty. + if [ ! -e /usr/local/share/ca-certificates ]; then + if mkdir /usr/local/share/ca-certificates 2>/dev/null; then + chown root:staff /usr/local/share/ca-certificates + chmod 2775 /usr/local/share/ca-certificates + fi + fi + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/examples/ca-certificates-local/debian/rules b/examples/ca-certificates-local/debian/rules new file mode 100755 index 0000000..857806f --- /dev/null +++ b/examples/ca-certificates-local/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ + +# override_dh_usrlocal to do nothing +override_dh_usrlocal: + diff --git a/examples/ca-certificates-local/debian/source/format b/examples/ca-certificates-local/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/examples/ca-certificates-local/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/examples/ca-certificates-local/local/Local_Root_CA.crt b/examples/ca-certificates-local/local/Local_Root_CA.crt new file mode 100644 index 0000000..283ad2e --- /dev/null +++ b/examples/ca-certificates-local/local/Local_Root_CA.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +Dummy Root CA file; replace it with the PEM-encoded root certificate +-----END CERTIFICATE----- diff --git a/examples/ca-certificates-local/local/Makefile b/examples/ca-certificates-local/local/Makefile new file mode 100644 index 0000000..996cb12 --- /dev/null +++ b/examples/ca-certificates-local/local/Makefile @@ -0,0 +1,13 @@ +# +# Makefile +# + +all: + +clean: + +install: + for p in *.crt; do \ + install -m 644 $$p $(LOCALCERTSDIR)/$$p ; \ + done + |