diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b977579 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +.cache +.clang-format +.clangd +.idea + +cmake-build* +build/ + _CPack_Packages/ + CMakeFiles/ + Makefile + cmake_install.cmake + CPackConfig.cmake + CPackSourceConfig.cmake + CTestTestfile.cmake + CMakeCache.txt + +dist/ diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..ddb010c --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,77 @@ +cmake_minimum_required(VERSION 3.16) + +project(ca-certificates-brazil) +string(TIMESTAMP PROJECT_VERSION "%Y%m%d") + +set(SourceFiles + "${CMAKE_SOURCE_DIR}/cmake" + "${CMAKE_SOURCE_DIR}/CMakeLists.txt" + "${CMAKE_SOURCE_DIR}/CPackLists.txt" + "${CMAKE_SOURCE_DIR}/sources" +) + +include(CPackLists.txt) + +add_custom_target(clear-certs + COMMAND rm -rf + certs/ + isrg-root-x2.crt + lets-encrypt-ca-bundle.crt + icp-brasil-ca-bundle.crt +) + +add_custom_target(certs + COMMAND xargs -n1 + curl + --create-dirs + --output-dir certs + -ksO < ${CMAKE_CURRENT_SOURCE_DIR}/sources + && unzip -d certs certs/ACcompactado.zip + DEPENDS + clear-certs +) + +add_custom_target(isrg-root-x2.crt + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh + buildroot/share/pki/ca-trust-source/anchors/isrg-root-x2.crt + certs/isrg-root-x2.pem + DEPENDS + certs +) + +add_custom_target(lets-encrypt-ca-bundle.crt + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh + buildroot/share/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt + certs/lets-encrypt-e1.pem + certs/lets-encrypt-e2.pem + certs/lets-encrypt-r3.pem + certs/lets-encrypt-r4.pem + DEPENDS + certs +) + +add_custom_target(icp-brasil-ca-bundle.crt + COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh + buildroot/share/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt + certs/*.crt + DEPENDS + certs +) + +add_custom_target(archors ALL + DEPENDS + isrg-root-x2.crt + lets-encrypt-ca-bundle.crt + icp-brasil-ca-bundle.crt +) + +install( + FILES + ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/isrg-root-x2.crt + ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt + ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt + DESTINATION + ./share/pki/ca-trust-source/anchors +) + +# vim: ts=2:sw=2:sts=2:et diff --git a/CPackLists.txt b/CPackLists.txt new file mode 100644 index 0000000..f20006a --- /dev/null +++ b/CPackLists.txt @@ -0,0 +1,74 @@ +cmake_minimum_required(VERSION 3.16) + +set(CPACK_PACKAGE_VERSION "${PROJECT_VERSION}") +set(CPACK_OUTPUT_FILE_PREFIX "${PROJECT_SOURCE_DIR}/dist") +set(CPACK_VERBATIM_VARIABLES YES) + +set(SourceIgnoreFiles + ".cache" + ".clang-format" + ".clangd" + ".git/" + ".gitea/" + ".github/" + ".gitignore" + ".idea" + "CMakeCache.txt" + "CMakeFiles/" + "CPackConfig.cmake$" + "CPackSourceConfig.cmake" + "CTestTestfile.cmake" + "Makefile" + "_CPack_Packages/" + "build/" + "cmake-build*" + "cmake_install.cmake" + "dist/" +) + +# Escape any '.' and '/' characters +string(REPLACE "." "\\\." SourceIgnoreFiles "${SourceIgnoreFiles}") +string(REPLACE "/" "\\\/" SourceIgnoreFiles "${SourceIgnoreFiles}") + +set(CPACK_GENERATOR "TGZ") +set(CPACK_TOPLEVEL_TAG "") +set(CPACK_INCLUDE_TOPLEVEL_DIRECTORY 0) +set(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${PROJECT_VERSION}") +set(CPACK_IGNORE_FILES "${SourceIgnoreFiles}") +set(CPACK_OUTPUT_CONFIG_FILE "${PROJECT_BINARY_DIR}/CPackConfig.cmake") +configure_file( + "${PROJECT_SOURCE_DIR}/cmake/CPackConfig.cmake.in" + "${PROJECT_BINARY_DIR}/CPackConfig.cmake" + @ONLY +) + +set(CPACK_SOURCE_GENERATOR "TGZ") +set(CPACK_SOURCE_TOPLEVEL_TAG "src") +set(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${PROJECT_VERSION}.${CPACK_SOURCE_TOPLEVEL_TAG}") +set(CPACK_SOURCE_IGNORE_FILES "${SourceIgnoreFiles}") +set(CPACK_SOURCE_OUTPUT_CONFIG_FILE "${PROJECT_BINARY_DIR}/CPackSourceConfig.cmake") +configure_file( + "${PROJECT_SOURCE_DIR}/cmake/CPackConfig.cmake.in" + "${PROJECT_BINARY_DIR}/CPackSourceConfig.cmake" + @ONLY +) + +include(CPack) + +add_custom_target(sdist + COMMAND "${CMAKE_COMMAND}" + --build "${CMAKE_BINARY_DIR}" + --target package_source + VERBATIM + USES_TERMINAL +) + +add_custom_target(dist + COMMAND "${CMAKE_COMMAND}" + --build "${CMAKE_BINARY_DIR}" + --target package + VERBATIM + USES_TERMINAL +) + +# vim: ts=2:sw=2:sts=2:et:syntax=cmake diff --git a/README.md b/README.md index bce3180..ff4666d 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,12 @@ # ca-certificates-brazil The Brazilian Public Key Infrastructure: ICP-Brasil + +## Description +The Brazilian Public Key Infrastructure - ICP-Brasil is a hierarchical chain +of trust that enables the issuance of digital certificates for the virtual +identification of citizens. + +It is observed that the model adopted by Brazil was single-root certification, +and the ITI, in addition to playing the role of Root Certifying Authority - Root AC, +also has the role of accrediting and discrediting the other participants in the +chain, supervise and audit the processes. diff --git a/cmake/CPackConfig.cmake.in b/cmake/CPackConfig.cmake.in new file mode 100644 index 0000000..0406392 --- /dev/null +++ b/cmake/CPackConfig.cmake.in @@ -0,0 +1,29 @@ +# This file will be configured to contain variables for CPack. These variables +# should be set in the CMake list file of the project before CPack module is +# included. Example variables are: +# CPACK_GENERATOR - Generator used to create package +# CPACK_INSTALL_CMAKE_PROJECTS - For each project (path, name, component) +# CPACK_CMAKE_GENERATOR - CMake Generator used for the projects +# CPACK_INSTALL_COMMANDS - Extra commands to install components +# CPACK_INSTALL_DIRECTORIES - Extra directories to install +# CPACK_PACKAGE_DESCRIPTION_FILE - Description file for the package +# CPACK_PACKAGE_DESCRIPTION_SUMMARY - Summary of the package +# CPACK_PACKAGE_EXECUTABLES - List of pairs of executables and labels +# CPACK_PACKAGE_FILE_NAME - Name of the package generated +# CPACK_PACKAGE_ICON - Icon used for the package +# CPACK_PACKAGE_INSTALL_DIRECTORY - Name of directory for the installer +# CPACK_PACKAGE_NAME - Package project name +# CPACK_PACKAGE_VENDOR - Package project vendor +# CPACK_PACKAGE_VERSION - Package project version +# CPACK_PACKAGE_VERSION_MAJOR - Package project version (major) +# CPACK_PACKAGE_VERSION_MINOR - Package project version (minor) +# CPACK_PACKAGE_VERSION_PATCH - Package project version (patch) + +# There are certain generator specific ones + +# NSIS Generator: +# CPACK_PACKAGE_INSTALL_REGISTRY_KEY - Name of the registry key for the installer +# CPACK_NSIS_EXTRA_UNINSTALL_COMMANDS - Extra commands used during uninstall +# CPACK_NSIS_EXTRA_INSTALL_COMMANDS - Extra commands used during install + +@_CPACK_OTHER_VARIABLES_@ diff --git a/crt2bundle.sh b/crt2bundle.sh new file mode 100755 index 0000000..04c856a --- /dev/null +++ b/crt2bundle.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +out=${1} +mkdir -p $(dirname ${out}) +shift + +in='' +for c in ${*}; do + echo "+ Loading CA certificate: ${c}"; + in="${in} -certfile ${c}"; +done; + +openssl crl2pkcs7 -nocrl ${in} \ + | openssl pkcs7 -print_certs -out ${out} diff --git a/sources b/sources new file mode 100644 index 0000000..5432524 --- /dev/null +++ b/sources @@ -0,0 +1,7 @@ +https://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip +https://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/hashsha512.txt +https://letsencrypt.org/certs/isrg-root-x2.pem +https://letsencrypt.org/certs/lets-encrypt-e1.pem +https://letsencrypt.org/certs/lets-encrypt-e2.pem +https://letsencrypt.org/certs/lets-encrypt-r3.pem +https://letsencrypt.org/certs/lets-encrypt-r4.pem