wok-backports rev 53
Add mplayer-cli, cacerts
| author | Xander Ziiryanoff <psychomaniak@xakep.ru> |
|---|---|
| date | Thu Dec 08 16:09:30 2016 +0100 (2016-12-08) |
| parents | 5df35eb43b81 |
| children | 6af397cf2eb5 |
| files | cacerts/receipt cacerts/stuff/make-ca.sh cacerts/stuff/make-cert.pl cacerts/stuff/remove-expired-certs.sh cacerts/stuff/remove_cnnic.patch mplayer-cli/receipt mplayer-cli/stuff/input.conf mplayer-cli/stuff/mplayer.conf mplayer-cli/stuff/mplayer.desktop |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/cacerts/receipt Thu Dec 08 16:09:30 2016 +0100 1.3 @@ -0,0 +1,56 @@ 1.4 +# SliTaz package receipt. 1.5 + 1.6 +PACKAGE="cacerts" 1.7 +VERSION="20160512" 1.8 +CATEGORY="security" 1.9 +SHORT_DESC="Certificate Authority Certificates" 1.10 +MAINTAINER="al.bobylev@gmail.com" 1.11 +LICENSE="MPL2" 1.12 +WEB_SITE="http://www.linuxfromscratch.org/blfs/view/svn/postlfs/cacerts.html" 1.13 +TARBALL="$PACKAGE-$VERSION.txt" 1.14 +#WGET_URL="https://hg.mozilla.org/releases/mozilla-release/file/default/security/nss/lib/ckfw/builtins/certdata.txt" 1.15 +WGET_URL="http://anduin.linuxfromscratch.org/BLFS/other/certdata.txt" 1.16 +HOST_ARCH="any" 1.17 + 1.18 +DEPENDS="openssl" 1.19 +BUILD_DEPENDS="openssl" 1.20 + 1.21 +# Rules to configure and make the package. 1.22 +compile_rules() 1.23 +{ 1.24 + mv -f *.txt certdata.txt 1.25 + cp -a $stuff/* $src 1.26 + ./make-ca.sh && 1.27 + ./remove-expired-certs.sh $src/certs 1.28 +} 1.29 + 1.30 +# Rules to gen a SliTaz package suitable for Tazpkg. 1.31 +genpkg_rules() 1.32 +{ 1.33 + mkdir -p $fs/etc/ssl/certs 1.34 + cp -a $src/certs/*.pem $fs/etc/ssl/certs 1.35 + cp -a $src/ca-bundle.crt $fs/etc/ssl 1.36 + ln -s ../ca-bundle.crt $fs/etc/ssl/certs/ca-certificates.crt 1.37 +} 1.38 + 1.39 +post_install() 1.40 +{ 1.41 + case "$1" in 1.42 + /cross*) return 1.43 + esac 1.44 + 1.45 + # Keep silence, for example, when installed on cook as build dependency 1.46 + if [ -z "$quiet" ]; then 1.47 + echo "Rehash certificates:" 1.48 + out='&1' 1.49 + else 1.50 + out='/dev/null' 1.51 + fi 1.52 + 1.53 + if [ -d "$1/$INSTALLED/perl" ]; then 1.54 + chroot "$1/" c_rehash >$out 1.55 + else 1.56 + tazpkg get-install microperl --root="${1:-/}" 1.57 + chroot "$1/" microperl /usr/bin/c_rehash >$out 1.58 + fi 1.59 +}
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/cacerts/stuff/make-ca.sh Thu Dec 08 16:09:30 2016 +0100 2.3 @@ -0,0 +1,98 @@ 2.4 +#!/bin/sh 2.5 +# Begin make-ca.sh 2.6 +# Script to populate OpenSSL's CApath from a bundle of PEM formatted CAs 2.7 +# 2.8 +# The file certdata.txt must exist in the local directory 2.9 +# Version number is obtained from the version of the data. 2.10 +# 2.11 +# Authors: DJ Lucas 2.12 +# Bruce Dubbs 2.13 +# 2.14 +# Version 20120211 2.15 + 2.16 +# Some data in the certs have UTF-8 characters 2.17 +export LANG=en_US.utf8 2.18 + 2.19 +certdata="certdata.txt" 2.20 + 2.21 +if [ ! -r $certdata ]; then 2.22 + echo "$certdata must be in the local directory" 2.23 + exit 1 2.24 +fi 2.25 + 2.26 +REVISION=$(grep CVS_ID $certdata | cut -f4 -d'$') 2.27 + 2.28 +if [ -z "${REVISION}" ]; then 2.29 + echo "$certfile has no 'Revision' in CVS_ID" 2.30 + exit 1 2.31 +fi 2.32 + 2.33 +VERSION=$(echo $REVISION | cut -f2 -d" ") 2.34 + 2.35 +TEMPDIR=$(mktemp -d) 2.36 +TRUSTATTRIBUTES="CKA_TRUST_SERVER_AUTH" 2.37 +BUNDLE="ca-bundle.crt" 2.38 +CONVERTSCRIPT="./make-cert.pl" 2.39 +SSLDIR="${DESTDIR}/etc/ssl" 2.40 + 2.41 +mkdir "${TEMPDIR}/certs" 2.42 + 2.43 +# Get a list of starting lines for each cert 2.44 +CERTBEGINLIST=$(grep -n "^# Certificate" "${certdata}" | cut -d ":" -f1) 2.45 + 2.46 +# Get a list of ending lines for each cert 2.47 +CERTENDLIST=`grep -n "^CKA_TRUST_STEP_UP_APPROVED" "${certdata}" | cut -d ":" -f 1` 2.48 + 2.49 +# Start a loop 2.50 +for certbegin in ${CERTBEGINLIST}; do 2.51 + for certend in ${CERTENDLIST}; do 2.52 + if test "${certend}" -gt "${certbegin}"; then 2.53 + break 2.54 + fi 2.55 + done 2.56 + 2.57 + # Dump to a temp file with the name of the file as the beginning line number 2.58 + sed -n "${certbegin},${certend}p" "${certdata}" > "${TEMPDIR}/certs/${certbegin}.tmp" 2.59 +done 2.60 + 2.61 +unset CERTBEGINLIST CERTDATA CERTENDLIST certbegin certend 2.62 + 2.63 +mkdir -p certs 2.64 +rm -f certs/* # Make sure the directory is clean 2.65 + 2.66 +for tempfile in ${TEMPDIR}/certs/*.tmp; do 2.67 + # Make sure that the cert is trusted... 2.68 + grep "CKA_TRUST_SERVER_AUTH" "${tempfile}" | \ 2.69 + egrep "TRUST_UNKNOWN|NOT_TRUSTED" > /dev/null 2.70 + 2.71 + if test "${?}" = "0"; then 2.72 + # Throw a meaningful error and remove the file 2.73 + cp "${tempfile}" tempfile.cer 2.74 + perl ${CONVERTSCRIPT} > tempfile.crt 2.75 + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) 2.76 + echo "Certificate ${keyhash} is not trusted! Removing..." 2.77 + rm -f tempfile.cer tempfile.crt "${tempfile}" 2.78 + continue 2.79 + fi 2.80 + 2.81 + # If execution made it to here in the loop, the temp cert is trusted 2.82 + # Find the cert data and generate a cert file for it 2.83 + 2.84 + cp "${tempfile}" tempfile.cer 2.85 + perl ${CONVERTSCRIPT} > tempfile.crt 2.86 + keyhash=$(openssl x509 -noout -in tempfile.crt -hash) 2.87 + mv tempfile.crt "certs/${keyhash}.pem" 2.88 + rm -f tempfile.cer "${tempfile}" 2.89 + echo "Created ${keyhash}.pem" 2.90 +done 2.91 + 2.92 +# Remove blacklisted files 2.93 +# MD5 Collision Proof of Concept CA 2.94 +if test -f certs/8f111d69.pem; then 2.95 + echo "Certificate 8f111d69 is not trusted! Removing..." 2.96 + rm -f certs/8f111d69.pem 2.97 +fi 2.98 + 2.99 +# Finally, generate the bundle and clean up. 2.100 +cat certs/*.pem > ${BUNDLE} 2.101 +rm -r "${TEMPDIR}"
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/cacerts/stuff/make-cert.pl Thu Dec 08 16:09:30 2016 +0100 3.3 @@ -0,0 +1,49 @@ 3.4 +#!/usr/bin/perl -w 3.5 + 3.6 +# Used to generate PEM encoded files from Mozilla certdata.txt. 3.7 +# Run as ./make-cert.pl > certificate.crt 3.8 +# 3.9 +# Parts of this script courtesy of RedHat (mkcabundle.pl) 3.10 +# 3.11 +# This script modified for use with single file data (tempfile.cer) extracted 3.12 +# from certdata.txt, taken from the latest version in the Mozilla NSS source. 3.13 +# mozilla/security/nss/lib/ckfw/builtins/certdata.txt 3.14 +# 3.15 +# Authors: DJ Lucas 3.16 +# Bruce Dubbs 3.17 +# 3.18 +# Version 20120211 3.19 + 3.20 +my $certdata = './tempfile.cer'; 3.21 + 3.22 +open( IN, "cat $certdata|" ) 3.23 + || die "could not open $certdata"; 3.24 + 3.25 +my $incert = 0; 3.26 + 3.27 +while ( <IN> ) 3.28 +{ 3.29 + if ( /^CKA_VALUE MULTILINE_OCTAL/ ) 3.30 + { 3.31 + $incert = 1; 3.32 + open( OUT, "|openssl x509 -text -inform DER -fingerprint" ) 3.33 + || die "could not pipe to openssl x509"; 3.34 + } 3.35 + 3.36 + elsif ( /^END/ && $incert ) 3.37 + { 3.38 + close( OUT ); 3.39 + $incert = 0; 3.40 + print "\n\n"; 3.41 + } 3.42 + 3.43 + elsif ($incert) 3.44 + { 3.45 + my @bs = split( /\\/ ); 3.46 + foreach my $b (@bs) 3.47 + { 3.48 + chomp $b; 3.49 + printf( OUT "%c", oct($b) ) unless $b eq ''; 3.50 + } 3.51 + } 3.52 +}
4.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 4.2 +++ b/cacerts/stuff/remove-expired-certs.sh Thu Dec 08 16:09:30 2016 +0100 4.3 @@ -0,0 +1,53 @@ 4.4 +#!/bin/sh 4.5 +# Begin remove-expired-certs.sh 4.6 +# 4.7 +# Version 20120211 4.8 + 4.9 +# Make sure the date is parsed correctly on all systems 4.10 +mydate() 4.11 +{ 4.12 + local y=$( echo $1 | cut -d" " -f4 ) 4.13 + local M=$( echo $1 | cut -d" " -f1 ) 4.14 + local d=$( echo $1 | cut -d" " -f2 ) 4.15 + local m 4.16 + 4.17 + if [ ${d} -lt 10 ]; then d="0${d}"; fi 4.18 + 4.19 + case $M in 4.20 + Jan) m="01";; 4.21 + Feb) m="02";; 4.22 + Mar) m="03";; 4.23 + Apr) m="04";; 4.24 + May) m="05";; 4.25 + Jun) m="06";; 4.26 + Jul) m="07";; 4.27 + Aug) m="08";; 4.28 + Sep) m="09";; 4.29 + Oct) m="10";; 4.30 + Nov) m="11";; 4.31 + Dec) m="12";; 4.32 + esac 4.33 + 4.34 + certdate="${y}${m}${d}" 4.35 +} 4.36 + 4.37 +OPENSSL=/usr/bin/openssl 4.38 +DIR=$DESTDIR/etc/ssl/certs 4.39 + 4.40 +if [ $# -gt 0 ]; then 4.41 + DIR="$1" 4.42 +fi 4.43 + 4.44 +certs=$( find ${DIR} -type f -name "*.pem" -o -name "*.crt" ) 4.45 +today=$( date +%Y%m%d ) 4.46 + 4.47 +for cert in $certs; do 4.48 + notafter=$( $OPENSSL x509 -enddate -in "${cert}" -noout ) 4.49 + date=$( echo ${notafter} | sed 's/^notAfter=//' ) 4.50 + mydate "$date" 4.51 + 4.52 + if [ ${certdate} -lt ${today} ]; then 4.53 + echo "${cert} expired on ${certdate}! Removing..." 4.54 + rm -f "${cert}" 4.55 + fi 4.56 +done
5.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 5.2 +++ b/cacerts/stuff/remove_cnnic.patch Thu Dec 08 16:09:30 2016 +0100 5.3 @@ -0,0 +1,7 @@ 5.4 +# Remove CNNIC Root certificate (temporarily) 5.5 +# http://googleonlinesecurity.blogspot.com/2015/03/maintaining-digital-certificate-security.html 5.6 +--- a/certdata.txt 5.7 ++++ b/certdata.txt 5.8 +@@ -14889 +14889 @@ 5.9 +-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR 5.10 ++CKA_TRUST_SERVER_AUTH TRUST_UNKNOWN
6.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 6.2 +++ b/mplayer-cli/receipt Thu Dec 08 16:09:30 2016 +0100 6.3 @@ -0,0 +1,66 @@ 6.4 +# SliTaz package receipt. 6.5 + 6.6 +PACKAGE="mplayer-cli" 6.7 +VERSION="1.1.1" 6.8 +CATEGORY="multimedia" 6.9 +SHORT_DESC="The Ultimate Movie Player For Linux (with minimal depends)" 6.10 +MAINTAINER="psychomaniak@xakep.ru" 6.11 +LICENSE="GPL2" 6.12 +SOURCE="MPlayer" 6.13 +TARBALL="$SOURCE-$VERSION.tar.xz" 6.14 +WEB_SITE="http://www.mplayerhq.hu/design7/news.html" 6.15 +WGET_URL="http://www1.mplayerhq.hu/MPlayer/releases/$TARBALL" 6.16 + 6.17 +DEPENDS=" alsa-lib ncurses xorg-libXdamage xorg-libXv xorg-libXxf86vm \ 6.18 +xorg-libXss zlib" 6.19 +BUILD_DEPENDS="xorg-libXv-dev alsa-lib-dev ncurses-dev xorg-libXdamage-dev 6.20 +xorg-libXxf86vm-dev audiofile-dev zlib-dev xorg-xextproto \ 6.21 +xorg-dev pkg-config yasm" 6.22 + 6.23 +# Rules to configure and make the package. 6.24 +compile_rules() 6.25 +{ 6.26 + ./configure \ 6.27 + --prefix=/usr \ 6.28 + --confdir=/etc/mplayer \ 6.29 + --libdir=/usr/lib/mplayer \ 6.30 + --language="en de es fr it pl ru" \ 6.31 + --enable-menu \ 6.32 + --disable-mencoder \ 6.33 + --disable-gl \ 6.34 + --disable-jack \ 6.35 + --disable-liblzo \ 6.36 + --disable-libdv \ 6.37 + --disable-fribidi \ 6.38 + --disable-ivtv \ 6.39 + --disable-smb \ 6.40 + --disable-ftp \ 6.41 + --disable-openal \ 6.42 + --disable-faac \ 6.43 + --disable-speex --disable-esd \ 6.44 + --disable-lirc --disable-lircc \ 6.45 + --disable-sdl \ 6.46 + --enable-runtime-cpudetection \ 6.47 + ${ARCH_ARGS} && 6.48 + make $MAKEFLAGS && 6.49 + make DESTDIR=$DESTDIR install | sed '/install: strip: .*/'d 6.50 +} 6.51 + 6.52 +# Rules to gen a SliTaz package suitable for Tazpkg. 6.53 +genpkg_rules() 6.54 +{ 6.55 + mkdir -p $fs/usr/share/mplayer 6.56 + cp -a $install/usr/bin $fs/usr 6.57 + cp -a $install/etc $fs 6.58 + cp $src/etc/example.conf $fs/etc/mplayer 6.59 + # Add /etc/mplayer/input.conf 6.60 + cp $stuff/input.conf $fs/etc/mplayer 6.61 + # Config 6.62 + cp $stuff/mplayer.conf $fs/etc/mplayer 6.63 + # No-gui, OSD ($username@slitaz:~$ mplayer -menu filename) 6.64 + mkdir -p $fs/usr/share/applications 6.65 + cp -f $stuff/mplayer.desktop $fs/usr/share/applications/mplayer.desktop 6.66 + cp $src/etc/*menu.conf $fs/etc/mplayer 6.67 + # Font 6.68 + cd $fs/usr/share/mplayer && ln -s ../fonts/truetype/ttf-dejavu/DejaVuSans.ttf subfont.ttf 6.69 +} 6.70 \ No newline at end of file
7.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 7.2 +++ b/mplayer-cli/stuff/input.conf Thu Dec 08 16:09:30 2016 +0100 7.3 @@ -0,0 +1,3 @@ 7.4 +MOUSE_BTN0-MOUSE_BTN0_DBL vo_fullscreen 7.5 +ENTER vo_fullscreen 7.6 +MOUSE_BTN2_DBL menu up 7.7 \ No newline at end of file
8.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 8.2 +++ b/mplayer-cli/stuff/mplayer.conf Thu Dec 08 16:09:30 2016 +0100 8.3 @@ -0,0 +1,15 @@ 8.4 +# /etc/mplayer/mplayer.conf: MPlayer default configuration for SliTaz. 8.5 +# For more info and examples, please see: /etc/mplayer/example.conf 8.6 +# 8.7 + 8.8 +# Specify default video driver (see -vo help for a list). 8.9 +vo=xv,x11,fbdev2, 8.10 + 8.11 +# Specify default audio driver (see -ao help for a list). 8.12 +ao=oss,alsa:device=hw=0.0,alsa, 8.13 +ac=mad, 8.14 + 8.15 +stop-xscreensaver="1" 8.16 +heartbeat-cmd='echo -n ""' 8.17 +quiet="1" 8.18 +
9.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 9.2 +++ b/mplayer-cli/stuff/mplayer.desktop Thu Dec 08 16:09:30 2016 +0100 9.3 @@ -0,0 +1,13 @@ 9.4 +[Desktop Entry] 9.5 +Type=Application 9.6 +Name=...open with pure MPlayer 9.7 +GenericName=mplayer 9.8 +X-GNOME-FullName=mplayer 9.9 +Comment=backend 9.10 +TryExec=mplayer 9.11 +Exec=mplayer %F 9.12 +Terminal=false 9.13 +Icon=mplayer 9.14 +NoDisplay=true 9.15 +Categories=AudioVideo;Audio;Video;Player;TV; 9.16 +MimeType=application/mxf;application/x-netshow-channel;application/ogg;application/ram;application/vnd.rn-realmedia;application/x-shockwave-flash;application/smil;audio/ac3;audio/x-adpcm;audio/x-aiff;audio/AMR;audio/AMR-WB;audio/x-ape;audio/basic;audio/flac;audio/x-flac;audio/x-flac+ogg;audio/x-m4b;audio/x-matroska;audio/mp2;audio/mp4;audio/mpeg;audio/x-mpegurl;audio/x-ms-asx;audio/x-ms-wma;audio/x-musepack;audio/ogg;audio/vnd.rn-realaudio;audio/x-scpls;audio/x-voc;audio/x-vorbis+ogg;audio/x-wav;audio/x-wavpack;video/3gpp;video/3gpp2;video/dv;video/x-flic;video/x-flv;video/x-matroska;video/mp2t;video/mp4;video/mpeg;video/x-ms-asf;video/x-ms-wmv;video/x-msvideo;video/x-nsv;video/ogg;video/x-ogm+ogg;video/quicktime;video/vnd.rn-realvideo;video/x-theora+ogg;video/webm;