commit cdd2956475fed683684b4a1a435c87fd6ac436ab Author: Thomas NOEL Date: Thu Apr 28 13:57:42 2016 +0200 Initial commit diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a872252 --- /dev/null +++ b/Makefile @@ -0,0 +1,14 @@ +# +# Makefile +# + +LOCALCERTSDIR = /usr/local/share/ca-certificates + +all: + +clean: + +install: + mkdir -p $(DESTDIR)/$(LOCALCERTSDIR); \ + $(MAKE) -C local install LOCALCERTSDIR=$(DESTDIR)/$(LOCALCERTSDIR) + diff --git a/README b/README new file mode 100644 index 0000000..1f1d079 --- /dev/null +++ b/README @@ -0,0 +1,6 @@ +This package includes local CA certificates to be installed in +/usr/local/share/ca-certificates. The CA certificates installed by this +package will be implicitly trusted. + +Copy trusted root CA (in PEM format with the filename ending in ".crt") to the +local/ directory. diff --git a/debian/ca-certificates-entrouvert.triggers b/debian/ca-certificates-entrouvert.triggers new file mode 100644 index 0000000..2508bbf --- /dev/null +++ b/debian/ca-certificates-entrouvert.triggers @@ -0,0 +1 @@ +activate update-ca-certificates-fresh diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..bde00f0 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +ca-certificates-entrouvert (1) unstable; urgency=low + + * Initial Release. + + -- Thomas NOEL Thu, 28 Apr 2016 13:50:24 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..45a4fb7 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +8 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..9e75f11 --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: ca-certificates-entrouvert +Section: misc +Priority: extra +Maintainer: Thomas NOEL +Build-Depends: debhelper (>= 8.0.0) +Standards-Version: 3.9.4 + +Package: ca-certificates-entrouvert +Architecture: all +Depends: ca-certificates (>= 20130119), ${misc:Depends} +Description: Entr'ouvert and friends CA certificates + This package includes Entr'ouvert and friends CA certificates to be installed + in /usr/local/share/ca-certificates. The CA certificates installed by this + package will be implicitly trusted. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..dbca61b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,6 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ + +Files: * +Copyright: 2016 Entr'ouvert www.entrouvert.com +License: WTFPL + diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000..b62494c --- /dev/null +++ b/debian/postrm @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + # Recreate the /usr/local/share/ca-certificates directory, since we are + # ignoring Debian Policy by intentionally installing here. Removal of + # ca-certificates-entrouvert removes this directory if empty. + if [ ! -e /usr/local/share/ca-certificates ]; then + if mkdir /usr/local/share/ca-certificates 2>/dev/null; then + chown root:staff /usr/local/share/ca-certificates + chmod 2775 /usr/local/share/ca-certificates + fi + fi + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..857806f --- /dev/null +++ b/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ + +# override_dh_usrlocal to do nothing +override_dh_usrlocal: + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/local/Makefile b/local/Makefile new file mode 100644 index 0000000..996cb12 --- /dev/null +++ b/local/Makefile @@ -0,0 +1,13 @@ +# +# Makefile +# + +all: + +clean: + +install: + for p in *.crt; do \ + install -m 644 $$p $(LOCALCERTSDIR)/$$p ; \ + done + diff --git a/local/easter-eggs.crt b/local/easter-eggs.crt new file mode 100644 index 0000000..d10e05a --- /dev/null +++ b/local/easter-eggs.crt @@ -0,0 +1,95 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10460338686491629015 (0x912a969d369c15d7) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=FR, O=Easter-eggs, OU=Certification services, CN=Easter-eggs Root CA/emailAddress=admin@easter-eggs.com + Validity + Not Before: May 16 08:56:20 2008 GMT + Not After : May 11 08:56:20 2028 GMT + Subject: C=FR, O=Easter-eggs, OU=Certification services, CN=Easter-eggs Root CA/emailAddress=admin@easter-eggs.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a1:e1:1d:8b:34:eb:4b:56:84:59:13:f2:f7:8f: + 6b:ac:3f:c0:b6:fe:f1:bf:f9:b0:4a:61:be:45:0a: + 22:25:05:92:9b:22:35:61:1b:05:a0:f6:56:17:62: + 83:aa:b8:b1:e6:2e:60:35:88:d9:5f:e7:07:82:64: + cc:26:93:ea:fe:26:1e:32:6a:a3:44:68:80:64:90: + 9d:de:b5:03:40:8a:6a:4e:ed:91:99:0d:1a:ef:7a: + 43:85:20:26:ec:37:8c:78:a2:ca:22:80:03:bb:cb: + a3:a2:82:ad:da:92:dd:06:fe:3e:23:e1:6e:ef:47: + 4c:dd:6d:60:84:25:b4:9d:34:32:4a:cd:ab:10:6e: + c5:67:2a:78:39:8b:90:d6:85:37:aa:65:37:de:a2: + f0:ef:c0:e4:fa:e8:23:88:12:19:c4:0c:71:c1:e0: + e4:24:9b:43:c5:8f:0d:68:14:b7:1f:b3:15:3f:1a: + b8:7e:c0:ae:d1:49:4d:05:22:27:eb:24:82:8a:3c: + e3:7d:87:fa:4a:50:de:ea:0d:ce:94:41:7b:c8:b2: + 3c:6a:eb:56:e9:7e:db:3a:7d:10:b9:41:c1:28:77: + b0:d4:d5:81:34:67:01:f5:a9:01:fe:d6:09:fe:de: + c0:d9:44:5e:51:a5:76:a6:95:06:0a:9b:ee:8e:cf: + 90:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 38:D4:60:4E:B4:3E:09:B0:06:A0:42:B8:2D:C7:96:EB:14:74:89:75 + X509v3 Authority Key Identifier: + keyid:38:D4:60:4E:B4:3E:09:B0:06:A0:42:B8:2D:C7:96:EB:14:74:89:75 + DirName:/C=FR/O=Easter-eggs/OU=Certification services/CN=Easter-eggs Root CA/emailAddress=admin@easter-eggs.com + serial:91:2A:96:9D:36:9C:15:D7 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:https://ssl.easter-eggs.com/revoke.crl + + Netscape CA Revocation Url: + https://ssl.easter-eggs.com/revoke.crl + Signature Algorithm: sha1WithRSAEncryption + 73:ac:14:a4:8d:ad:d8:2c:d4:d4:4e:ab:73:16:a4:8c:26:37: + 20:13:1d:88:3d:8d:8f:70:ee:4a:64:58:d1:f4:69:7f:26:bb: + e4:db:9d:d7:f9:f5:87:d5:16:5c:45:95:23:d4:75:38:be:bf: + e8:6d:88:86:63:d2:3a:80:21:a8:15:8e:ff:c0:5a:b4:07:79: + 67:b3:40:87:f5:e2:c8:5b:e6:e2:51:13:00:e9:25:86:ab:44: + 57:98:5b:77:81:d1:e7:fc:c8:37:24:c6:2d:30:0f:3f:6b:58: + 29:2b:1d:b7:75:ae:e7:7d:3c:b9:b4:45:25:c8:54:6c:dc:6e: + 97:ca:cd:78:11:f8:25:fd:6d:4c:a0:b4:23:9f:69:bf:98:76: + 65:0d:71:62:e1:0f:d6:9e:e1:d7:29:99:70:10:e2:62:1a:4d: + e3:d1:3b:07:1d:20:02:f4:2c:a3:ba:6f:9c:4d:72:7a:27:2a: + d2:3e:37:2b:fc:91:dc:21:37:a8:25:24:61:59:4b:66:47:f9: + 93:f2:f4:0f:f3:2e:6a:a9:dc:4a:bf:05:bb:04:ee:39:87:8e: + c3:bd:cf:33:bf:94:2d:8f:32:60:59:f3:1e:0d:fe:e0:ba:3f: + d6:91:1f:60:65:5f:59:56:ab:65:9f:bb:d1:04:6e:ca:20:eb: + a4:aa:57:03 +-----BEGIN CERTIFICATE----- +MIIE+zCCA+OgAwIBAgIJAJEqlp02nBXXMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD +VQQGEwJGUjEUMBIGA1UEChMLRWFzdGVyLWVnZ3MxHzAdBgNVBAsTFkNlcnRpZmlj +YXRpb24gc2VydmljZXMxHDAaBgNVBAMTE0Vhc3Rlci1lZ2dzIFJvb3QgQ0ExJDAi +BgkqhkiG9w0BCQEWFWFkbWluQGVhc3Rlci1lZ2dzLmNvbTAeFw0wODA1MTYwODU2 +MjBaFw0yODA1MTEwODU2MjBaMIGIMQswCQYDVQQGEwJGUjEUMBIGA1UEChMLRWFz +dGVyLWVnZ3MxHzAdBgNVBAsTFkNlcnRpZmljYXRpb24gc2VydmljZXMxHDAaBgNV +BAMTE0Vhc3Rlci1lZ2dzIFJvb3QgQ0ExJDAiBgkqhkiG9w0BCQEWFWFkbWluQGVh +c3Rlci1lZ2dzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKHh +HYs060tWhFkT8vePa6w/wLb+8b/5sEphvkUKIiUFkpsiNWEbBaD2Vhdig6q4seYu +YDWI2V/nB4JkzCaT6v4mHjJqo0RogGSQnd61A0CKak7tkZkNGu96Q4UgJuw3jHii +yiKAA7vLo6KCrdqS3Qb+PiPhbu9HTN1tYIQltJ00MkrNqxBuxWcqeDmLkNaFN6pl +N96i8O/A5ProI4gSGcQMccHg5CSbQ8WPDWgUtx+zFT8auH7ArtFJTQUiJ+skgoo8 +432H+kpQ3uoNzpRBe8iyPGrrVul+2zp9ELlBwSh3sNTVgTRnAfWpAf7WCf7ewNlE +XlGldqaVBgqb7o7PkE0CAwEAAaOCAWQwggFgMB0GA1UdDgQWBBQ41GBOtD4JsAag +Qrgtx5brFHSJdTCBvQYDVR0jBIG1MIGygBQ41GBOtD4JsAagQrgtx5brFHSJdaGB +jqSBizCBiDELMAkGA1UEBhMCRlIxFDASBgNVBAoTC0Vhc3Rlci1lZ2dzMR8wHQYD +VQQLExZDZXJ0aWZpY2F0aW9uIHNlcnZpY2VzMRwwGgYDVQQDExNFYXN0ZXItZWdn +cyBSb290IENBMSQwIgYJKoZIhvcNAQkBFhVhZG1pbkBlYXN0ZXItZWdncy5jb22C +CQCRKpadNpwV1zAPBgNVHRMBAf8EBTADAQH/MDcGA1UdHwQwMC4wLKAqoCiGJmh0 +dHBzOi8vc3NsLmVhc3Rlci1lZ2dzLmNvbS9yZXZva2UuY3JsMDUGCWCGSAGG+EIB +BAQoFiZodHRwczovL3NzbC5lYXN0ZXItZWdncy5jb20vcmV2b2tlLmNybDANBgkq +hkiG9w0BAQUFAAOCAQEAc6wUpI2t2CzU1E6rcxakjCY3IBMdiD2Nj3DuSmRY0fRp +fya75Nud1/n1h9UWXEWVI9R1OL6/6G2IhmPSOoAhqBWO/8BatAd5Z7NAh/XiyFvm +4lETAOklhqtEV5hbd4HR5/zINyTGLTAPP2tYKSsdt3Wu5308ubRFJchUbNxul8rN +eBH4Jf1tTKC0I59pv5h2ZQ1xYuEP1p7h1ymZcBDiYhpN49E7Bx0gAvQso7pvnE1y +eicq0j43K/yR3CE3qCUkYVlLZkf5k/L0D/MuaqncSr8FuwTuOYeOw73PM7+ULY8y +YFnzHg3+4Lo/1pEfYGVfWVarZZ+70QRuyiDrpKpXAw== +-----END CERTIFICATE----- diff --git a/local/entrouvert-ca.crt b/local/entrouvert-ca.crt new file mode 100644 index 0000000..7d30db4 --- /dev/null +++ b/local/entrouvert-ca.crt @@ -0,0 +1,84 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18301587742764937701 (0xfdfc4d160925b1e5) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=FR, L=Paris, O=Entr'ouvert, CN=Entr'ouvert CA/emailAddress=pki@entrouvert.com + Validity + Not Before: Mar 27 11:34:06 2016 GMT + Not After : Mar 27 11:34:06 2036 GMT + Subject: C=FR, L=Paris, O=Entr'ouvert, CN=Entr'ouvert CA/emailAddress=pki@entrouvert.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c6:0c:25:10:ab:c1:40:c4:6d:c0:89:79:c0:97: + 11:ac:83:02:8f:73:86:17:fa:f6:52:8d:08:b6:f8: + 05:ff:3e:6b:e8:d6:02:0e:d5:f2:db:46:9a:c9:49: + ce:43:6f:ac:2a:de:80:e4:eb:47:b2:6e:cc:2c:81: + 37:b3:8a:55:9f:68:a2:a6:84:64:87:89:ae:94:26: + b0:1f:21:06:f6:f2:17:e7:0f:88:3c:48:bc:b2:13: + 23:ac:e6:16:fb:10:75:f7:50:5e:1a:7a:ef:42:9f: + ec:1c:28:84:cc:83:47:c1:55:33:a5:65:9e:ca:47: + 41:d9:83:31:5b:e8:a5:61:f2:da:80:43:f3:d1:7f: + 09:26:6e:5b:05:21:2c:39:45:61:68:78:41:cc:2b: + 51:f1:35:ba:8a:8c:5c:9f:6d:a4:55:47:d2:1f:cc: + ea:67:6e:49:da:ce:3f:2d:42:39:55:6b:a6:5c:da: + 9c:15:7f:9c:6e:91:01:61:fe:33:cd:61:54:ae:94: + 66:26:55:3b:1a:45:ca:60:a4:f1:ab:95:7c:17:31: + 1d:62:68:dc:0d:6d:ee:57:ab:36:d0:57:1a:b3:28: + 01:69:cc:96:ea:94:f0:f5:f5:b2:b2:1b:33:9b:bf: + 81:f2:0c:da:02:92:61:42:67:3d:7b:af:56:42:7c: + 46:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2D:C4:E1:4A:58:40:24:E1:8D:92:A8:CE:86:89:25:9B:F0:05:06:05 + X509v3 Authority Key Identifier: + keyid:2D:C4:E1:4A:58:40:24:E1:8D:92:A8:CE:86:89:25:9B:F0:05:06:05 + DirName:/C=FR/L=Paris/O=Entr'ouvert/CN=Entr'ouvert CA/emailAddress=pki@entrouvert.com + serial:FD:FC:4D:16:09:25:B1:E5 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 07:c9:a4:10:46:15:c4:75:ac:d0:c2:8d:08:86:56:de:2d:2f: + e6:c6:b6:a8:17:7d:9c:57:f7:f1:ee:9c:4e:1f:b4:50:c6:d2: + f5:4f:a2:c2:b8:26:00:0d:88:3d:66:d3:13:21:ab:03:35:35: + aa:cf:d9:e6:76:67:25:36:81:36:87:a6:e6:21:0a:55:13:86: + e8:97:b4:67:d4:28:26:3e:92:aa:a1:58:3b:90:cd:4f:df:62: + 2f:cc:4c:00:51:9d:e7:ba:ad:24:9c:1e:18:b7:15:6b:51:bc: + fa:df:62:2d:28:5f:f0:dd:07:9c:b2:58:88:cf:42:55:e6:c4: + b2:0c:ad:6b:23:43:94:da:8c:21:77:c5:d5:1a:d0:9e:7c:66: + d7:27:6e:bc:b4:6a:2f:a0:55:b8:f3:b0:3e:05:ae:ac:fe:09: + 2a:f3:31:5d:45:b3:67:36:04:0d:78:4a:13:aa:a7:47:fc:17: + 55:41:8e:9a:b0:13:ab:ef:4a:0e:9d:60:2a:44:01:f8:cf:c7: + d7:64:18:1e:6d:77:db:da:df:a9:90:32:03:a4:ee:72:36:60: + e6:a0:5d:a8:3c:e0:7e:8f:7e:17:6c:e6:2c:67:bd:8f:ef:d4: + a8:03:ce:7e:b3:6a:2f:48:67:35:ee:c3:e2:1c:93:e8:14:15: + 33:17:a5:0e +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIJAP38TRYJJbHlMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV +BAYTAkZSMQ4wDAYDVQQHEwVQYXJpczEUMBIGA1UEChMLRW50cidvdXZlcnQxFzAV +BgNVBAMTDkVudHInb3V2ZXJ0IENBMSEwHwYJKoZIhvcNAQkBFhJwa2lAZW50cm91 +dmVydC5jb20wHhcNMTYwMzI3MTEzNDA2WhcNMzYwMzI3MTEzNDA2WjBvMQswCQYD +VQQGEwJGUjEOMAwGA1UEBxMFUGFyaXMxFDASBgNVBAoTC0VudHInb3V2ZXJ0MRcw +FQYDVQQDEw5FbnRyJ291dmVydCBDQTEhMB8GCSqGSIb3DQEJARYScGtpQGVudHJv +dXZlcnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgwlEKvB +QMRtwIl5wJcRrIMCj3OGF/r2Uo0ItvgF/z5r6NYCDtXy20aayUnOQ2+sKt6A5OtH +sm7MLIE3s4pVn2iipoRkh4mulCawHyEG9vIX5w+IPEi8shMjrOYW+xB191BeGnrv +Qp/sHCiEzINHwVUzpWWeykdB2YMxW+ilYfLagEPz0X8JJm5bBSEsOUVhaHhBzCtR +8TW6ioxcn22kVUfSH8zqZ25J2s4/LUI5VWumXNqcFX+cbpEBYf4zzWFUrpRmJlU7 +GkXKYKTxq5V8FzEdYmjcDW3uV6s20FcasygBacyW6pTw9fWyshszm7+B8gzaApJh +Qmc9e69WQnxG9QIDAQABo4HUMIHRMB0GA1UdDgQWBBQtxOFKWEAk4Y2SqM6GiSWb +8AUGBTCBoQYDVR0jBIGZMIGWgBQtxOFKWEAk4Y2SqM6GiSWb8AUGBaFzpHEwbzEL +MAkGA1UEBhMCRlIxDjAMBgNVBAcTBVBhcmlzMRQwEgYDVQQKEwtFbnRyJ291dmVy +dDEXMBUGA1UEAxMORW50cidvdXZlcnQgQ0ExITAfBgkqhkiG9w0BCQEWEnBraUBl +bnRyb3V2ZXJ0LmNvbYIJAP38TRYJJbHlMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQELBQADggEBAAfJpBBGFcR1rNDCjQiGVt4tL+bGtqgXfZxX9/HunE4ftFDG0vVP +osK4JgANiD1m0xMhqwM1NarP2eZ2ZyU2gTaHpuYhClUThuiXtGfUKCY+kqqhWDuQ +zU/fYi/MTABRnee6rSScHhi3FWtRvPrfYi0oX/DdB5yyWIjPQlXmxLIMrWsjQ5Ta +jCF3xdUa0J58Ztcnbry0ai+gVbjzsD4Frqz+CSrzMV1Fs2c2BA14ShOqp0f8F1VB +jpqwE6vvSg6dYCpEAfjPx9dkGB5td9va36mQMgOk7nI2YOagXag84H6Pfhds5ixn +vY/v1KgDzn6zai9IZzXuw+Ick+gUFTMXpQ4= +-----END CERTIFICATE-----