make-ca/Makefile
Xi Ruoyao d3562bc2f0
verify hg.mozilla.org with bundled CA root
Before this, make-ca does not verify the certificate of hg.mozilla.org
at all.  It makes sense as make-ca often runs on systems without trust
anchor.  But, a MIM can easily fake hg.mozilla.org and completely hijack
the trust anchor of a BLFS system.

To improve the situation, we ship the certificate of the CA root for
hg.mozilla.org (DigiCert Global Root CA) in the make-ca package, and use
it to verify hg.mozilla.org.
2022-01-31 19:07:08 +08:00

66 lines
1.6 KiB
Makefile

MANDIR=/usr/share/man
SBINDIR=/usr/sbin
ETCDIR=/etc/make-ca
LIBEXECDIR=/usr/libexec/make-ca
all: make_ca man
make_ca:
chmod 755 make-ca
man: make_ca
chmod 755 help2man
./help2man -s 8 -N ./make-ca -i include.h2m -o make-ca.8
clean: clean_make_ca clean_man
clean_make_ca:
chmod 0644 make-ca
clean_man:
rm -f make-ca.8
chmod 0644 help2man
install: all install_bin install_man install_systemd install_conf \
install_cs install_mozilla_ca_root
install_bin:
install -vdm755 $(DESTDIR)$(SBINDIR)
install -vm755 make-ca $(DESTDIR)$(SBINDIR)
install -vdm755 $(DESTDIR)$(LIBEXECDIR)
install -vm700 copy-trust-modifications $(DESTDIR)$(LIBEXECDIR)
install_cs:
install -vdm755 $(DESTDIR)$(ETCDIR)
install -vm644 CS.txt $(DESTDIR)$(ETCDIR)
install_systemd:
if test -x /usr/sbin/systemctl -o -x /usr/bin/systemctl; then \
if test -d /usr/lib/systemd/system; then \
install -vdm755 ${DESTDIR}/usr/lib/systemd/system; \
install -vm644 systemd/* $(DESTDIR)/usr/lib/systemd/system; \
elif test -d /lib/systemd/system; then \
install -vdm755 ${DESTDIR}/lib/systemd/system; \
install -vm644 systemd/* ${DESTDIR}/lib/systemd/system; \
fi; \
fi
install_man: man
install -vdm755 $(DESTDIR)$(MANDIR)/man8
install -vm644 make-ca.8 $(DESTDIR)$(MANDIR)/man8
install_conf:
install -vdm755 $(DESTDIR)$(ETCDIR)
install -vm644 make-ca.conf.dist $(DESTDIR)$(ETCDIR)
install_mozilla_ca_root:
install -vdm755 $(DESTDIR)$(ETCDIR)
install -vm644 mozilla-ca-root.pem $(DESTDIR)$(ETCDIR)
uninstall:
rm -f $(DESTDIR)$(SBINDIR)/make-ca
rm -f $(DESTDIR)$(MANDIR)/man8/make-ca.8
.PHONY: all install