# HG changeset patch # User Xander Ziiryanoff # Date 1481209770 -3600 # Node ID 7b8aba9dd5c8afa863fe716e6fbfab9fdbc1dcbd # Parent 5df35eb43b81398a0d41ebd8e5f15b81bd6781fb Add mplayer-cli, cacerts diff -r 5df35eb43b81 -r 7b8aba9dd5c8 cacerts/receipt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cacerts/receipt Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,56 @@ +# SliTaz package receipt. + +PACKAGE="cacerts" +VERSION="20160512" +CATEGORY="security" +SHORT_DESC="Certificate Authority Certificates" +MAINTAINER="al.bobylev@gmail.com" +LICENSE="MPL2" +WEB_SITE="http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html" +TARBALL="$PACKAGE-$VERSION.txt" +#WGET_URL="https://hg.mozilla.org/releases/mozilla-release/file/default/security/nss/lib/ckfw/builtins/certdata.txt" +WGET_URL="http://anduin.linuxfromscratch.org/BLFS/other/certdata.txt" +HOST_ARCH="any" + +DEPENDS="openssl" +BUILD_DEPENDS="openssl" + +# Rules to configure and make the package. +compile_rules() +{ + mv -f *.txt certdata.txt + cp -a $stuff/* $src + ./make-ca.sh && + ./remove-expired-certs.sh $src/certs +} + +# Rules to gen a SliTaz package suitable for Tazpkg. +genpkg_rules() +{ + mkdir -p $fs/etc/ssl/certs + cp -a $src/certs/*.pem $fs/etc/ssl/certs + cp -a $src/ca-bundle.crt $fs/etc/ssl + ln -s ../ca-bundle.crt $fs/etc/ssl/certs/ca-certificates.crt +} + +post_install() +{ + case "$1" in + /cross*) return + esac + + # Keep silence, for example, when installed on cook as build dependency + if [ -z "$quiet" ]; then + echo "Rehash certificates:" + out='&1' + else + out='/dev/null' + fi + + if [ -d "$1/$INSTALLED/perl" ]; then + chroot "$1/" c_rehash >$out + else + tazpkg get-install microperl --root="${1:-/}" + chroot "$1/" microperl /usr/bin/c_rehash >$out + fi +} diff -r 5df35eb43b81 -r 7b8aba9dd5c8 cacerts/stuff/make-ca.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cacerts/stuff/make-ca.sh Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,98 @@ +#!/bin/sh +# Begin make-ca.sh +# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs +# +# The file certdata.txt must exist in the local directory +# Version number is obtained from the version of the data. +# +# Authors: DJ Lucas +# Bruce Dubbs +# +# Version 20120211 + +# Some data in the certs have UTF-8 characters +export LANG=en_US.utf8 + +certdata="certdata.txt" + +if [ ! -r $certdata ]; then + echo "$certdata must be in the local directory" + exit 1 +fi + +REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$') + +if [ -z "${REVISION}" ]; then + echo "$certfile has no 'Revision' in CVS_ID" + exit 1 +fi + +VERSION=$(echo $REVISION | cut -f2 -d" ") + +TEMPDIR=$(mktemp -d) +TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH" +BUNDLE="ca-bundle.crt" +CONVERTSCRIPT="./make-cert.pl" +SSLDIR="${DESTDIR}/etc/ssl" + +mkdir "${TEMPDIR}/certs" + +# Get a list of starting lines for each cert +CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1) + +# Get a list of ending lines for each cert +CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1` + +# Start a loop +for certbegin in ${CERTBEGINLIST}; do + for certend in ${CERTENDLIST}; do + if test "${certend}" -gt "${certbegin}"; then + break + fi + done + + # Dump to a temp file with the name of the file as the beginning line number + sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp" +done + +unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend + +mkdir -p certs +rm -f certs/* # Make sure the directory is clean + +for tempfile in ${TEMPDIR}/certs/*.tmp; do + # Make sure that the cert is trusted... + grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \ + egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null + + if test "${?}" = "0"; then + # Throw a meaningful error and remove the file + cp "${tempfile}" tempfile.cer + perl ${CONVERTSCRIPT} > tempfile.crt + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) + echo "Certificate ${keyhash} is not trusted! Removing..." + rm -f tempfile.cer tempfile.crt "${tempfile}" + continue + fi + + # If execution made it to here in the loop, the temp cert is trusted + # Find the cert data and generate a cert file for it + + cp "${tempfile}" tempfile.cer + perl ${CONVERTSCRIPT} > tempfile.crt + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) + mv tempfile.crt "certs/${keyhash}.pem" + rm -f tempfile.cer "${tempfile}" + echo "Created ${keyhash}.pem" +done + +# Remove blacklisted files +# MD5 Collision Proof of Concept CA +if test -f certs/8f111d69.pem; then + echo "Certificate 8f111d69 is not trusted! Removing..." + rm -f certs/8f111d69.pem +fi + +# Finally, generate the bundle and clean up. +cat certs/*.pem > ${BUNDLE} +rm -r "${TEMPDIR}" diff -r 5df35eb43b81 -r 7b8aba9dd5c8 cacerts/stuff/make-cert.pl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cacerts/stuff/make-cert.pl Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,49 @@ +#!/usr/bin/perl -w + +# Used to generate PEM encoded files from Mozilla certdata.txt. +# Run as ./make-cert.pl > certificate.crt +# +# Parts of this script courtesy of RedHat (mkcabundle.pl) +# +# This script modified for use with single file data (tempfile.cer) extracted +# from certdata.txt, taken from the latest version in the Mozilla NSS source. +# mozilla/security/nss/lib/ckfw/builtins/certdata.txt +# +# Authors: DJ Lucas +# Bruce Dubbs +# +# Version 20120211 + +my $certdata = './tempfile.cer'; + +open( IN, "cat $certdata|" ) + || die "could not open $certdata"; + +my $incert = 0; + +while ( ) +{ + if ( /^CKA_VALUE MULTILINE_OCTAL/ ) + { + $incert = 1; + open( OUT, "|openssl x509 -text -inform DER -fingerprint" ) + || die "could not pipe to openssl x509"; + } + + elsif ( /^END/ && $incert ) + { + close( OUT ); + $incert = 0; + print "\n\n"; + } + + elsif ($incert) + { + my @bs = split( /\\/ ); + foreach my $b (@bs) + { + chomp $b; + printf( OUT "%c", oct($b) ) unless $b eq ''; + } + } +} diff -r 5df35eb43b81 -r 7b8aba9dd5c8 cacerts/stuff/remove-expired-certs.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cacerts/stuff/remove-expired-certs.sh Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,53 @@ +#!/bin/sh +# Begin remove-expired-certs.sh +# +# Version 20120211 + +# Make sure the date is parsed correctly on all systems +mydate() +{ + local y=$( echo $1 | cut -d" " -f4 ) + local M=$( echo $1 | cut -d" " -f1 ) + local d=$( echo $1 | cut -d" " -f2 ) + local m + + if [ ${d} -lt 10 ]; then d="0${d}"; fi + + case $M in + Jan) m="01";; + Feb) m="02";; + Mar) m="03";; + Apr) m="04";; + May) m="05";; + Jun) m="06";; + Jul) m="07";; + Aug) m="08";; + Sep) m="09";; + Oct) m="10";; + Nov) m="11";; + Dec) m="12";; + esac + + certdate="${y}${m}${d}" +} + +OPENSSL=/usr/bin/openssl +DIR=$DESTDIR/etc/ssl/certs + +if [ $# -gt 0 ]; then + DIR="$1" +fi + +certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" ) +today=$( date +%Y%m%d ) + +for cert in $certs; do + notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout ) + date=$( echo ${notafter} | sed 's/^notAfter=//' ) + mydate "$date" + + if [ ${certdate} -lt ${today} ]; then + echo "${cert} expired on ${certdate}! Removing..." + rm -f "${cert}" + fi +done diff -r 5df35eb43b81 -r 7b8aba9dd5c8 cacerts/stuff/remove_cnnic.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cacerts/stuff/remove_cnnic.patch Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,7 @@ +# Remove CNNIC Root certificate (temporarily) +# http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html +--- a/certdata.txt ++++ b/certdata.txt +@@ -14889 +14889 @@ +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR ++CKA_TRUST_SERVER_AUTH TRUST_UNKNOWN diff -r 5df35eb43b81 -r 7b8aba9dd5c8 mplayer-cli/receipt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mplayer-cli/receipt Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,66 @@ +# SliTaz package receipt. + +PACKAGE="mplayer-cli" +VERSION="1.1.1" +CATEGORY="multimedia" +SHORT_DESC="The Ultimate Movie Player For Linux (with minimal depends)" +MAINTAINER="psychomaniak@xakep.ru" +LICENSE="GPL2" +SOURCE="MPlayer" +TARBALL="$SOURCE-$VERSION.tar.xz" +WEB_SITE="http://www.mplayerhq.hu/design7/news.html" +WGET_URL="http://www1.mplayerhq.hu/MPlayer/releases/$TARBALL" + +DEPENDS=" alsa-lib ncurses xorg-libXdamage xorg-libXv xorg-libXxf86vm \ +xorg-libXss zlib" +BUILD_DEPENDS="xorg-libXv-dev alsa-lib-dev ncurses-dev xorg-libXdamage-dev +xorg-libXxf86vm-dev audiofile-dev zlib-dev xorg-xextproto \ +xorg-dev pkg-config yasm" + +# Rules to configure and make the package. +compile_rules() +{ + ./configure \ + --prefix=/usr \ + --confdir=/etc/mplayer \ + --libdir=/usr/lib/mplayer \ + --language="en de es fr it pl ru" \ + --enable-menu \ + --disable-mencoder \ + --disable-gl \ + --disable-jack \ + --disable-liblzo \ + --disable-libdv \ + --disable-fribidi \ + --disable-ivtv \ + --disable-smb \ + --disable-ftp \ + --disable-openal \ + --disable-faac \ + --disable-speex --disable-esd \ + --disable-lirc --disable-lircc \ + --disable-sdl \ + --enable-runtime-cpudetection \ + ${ARCH_ARGS} && + make $MAKEFLAGS && + make DESTDIR=$DESTDIR install | sed '/install: strip: .*/'d +} + +# Rules to gen a SliTaz package suitable for Tazpkg. +genpkg_rules() +{ + mkdir -p $fs/usr/share/mplayer + cp -a $install/usr/bin $fs/usr + cp -a $install/etc $fs + cp $src/etc/example.conf $fs/etc/mplayer + # Add /etc/mplayer/input.conf + cp $stuff/input.conf $fs/etc/mplayer + # Config + cp $stuff/mplayer.conf $fs/etc/mplayer + # No-gui, OSD ($username@slitaz:~$ mplayer -menu filename) + mkdir -p $fs/usr/share/applications + cp -f $stuff/mplayer.desktop $fs/usr/share/applications/mplayer.desktop + cp $src/etc/*menu.conf $fs/etc/mplayer + # Font + cd $fs/usr/share/mplayer && ln -s ../fonts/truetype/ttf-dejavu/DejaVuSans.ttf subfont.ttf +} \ No newline at end of file diff -r 5df35eb43b81 -r 7b8aba9dd5c8 mplayer-cli/stuff/input.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mplayer-cli/stuff/input.conf Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,3 @@ +MOUSE_BTN0-MOUSE_BTN0_DBL vo_fullscreen +ENTER vo_fullscreen +MOUSE_BTN2_DBL menu up \ No newline at end of file diff -r 5df35eb43b81 -r 7b8aba9dd5c8 mplayer-cli/stuff/mplayer.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mplayer-cli/stuff/mplayer.conf Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,15 @@ +# /etc/mplayer/mplayer.conf: MPlayer default configuration for SliTaz. +# For more info and examples, please see: /etc/mplayer/example.conf +# + +# Specify default video driver (see -vo help for a list). +vo=xv,x11,fbdev2, + +# Specify default audio driver (see -ao help for a list). +ao=oss,alsa:device=hw=0.0,alsa, +ac=mad, + +stop-xscreensaver="1" +heartbeat-cmd='echo -n ""' +quiet="1" + diff -r 5df35eb43b81 -r 7b8aba9dd5c8 mplayer-cli/stuff/mplayer.desktop --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/mplayer-cli/stuff/mplayer.desktop Thu Dec 08 16:09:30 2016 +0100 @@ -0,0 +1,13 @@ +[Desktop Entry] +Type=Application +Name=...open with pure MPlayer +GenericName=mplayer +X-GNOME-FullName=mplayer +Comment=backend +TryExec=mplayer +Exec=mplayer %F +Terminal=false +Icon=mplayer +NoDisplay=true +Categories=AudioVideo;Audio;Video;Player;TV; +MimeType=application/mxf;application/x-netshow-channel;application/ogg;application/ram;application/vnd.rn-realmedia;application/x-shockwave-flash;application/smil;audio/ac3;audio/x-adpcm;audio/x-aiff;audio/AMR;audio/AMR-WB;audio/x-ape;audio/basic;audio/flac;audio/x-flac;audio/x-flac+ogg;audio/x-m4b;audio/x-matroska;audio/mp2;audio/mp4;audio/mpeg;audio/x-mpegurl;audio/x-ms-asx;audio/x-ms-wma;audio/x-musepack;audio/ogg;audio/vnd.rn-realaudio;audio/x-scpls;audio/x-voc;audio/x-vorbis+ogg;audio/x-wav;audio/x-wavpack;video/3gpp;video/3gpp2;video/dv;video/x-flic;video/x-flv;video/x-matroska;video/mp2t;video/mp4;video/mpeg;video/x-ms-asf;video/x-ms-wmv;video/x-msvideo;video/x-nsv;video/ogg;video/x-ogm+ogg;video/quicktime;video/vnd.rn-realvideo;video/x-theora+ogg;video/webm;