Initial import

.gitignore

@@ -0,0 +1,17 @@
+.cache
+.clang-format
+.clangd
+.idea
+
+cmake-build*
+build/
+ _CPack_Packages/
+ CMakeFiles/
+ Makefile
+ cmake_install.cmake
+ CPackConfig.cmake
+ CPackSourceConfig.cmake
+ CTestTestfile.cmake
+ CMakeCache.txt
+
+dist/

CMakeLists.txt

@@ -0,0 +1,77 @@
+cmake_minimum_required(VERSION 3.16)
+
+project(ca-certificates-brazil)
+string(TIMESTAMP PROJECT_VERSION "%Y%m%d")
+
+set(SourceFiles 
+  "${CMAKE_SOURCE_DIR}/cmake"
+  "${CMAKE_SOURCE_DIR}/CMakeLists.txt"
+  "${CMAKE_SOURCE_DIR}/CPackLists.txt"
+  "${CMAKE_SOURCE_DIR}/sources"
+)
+
+include(CPackLists.txt)
+
+add_custom_target(clear-certs
+  COMMAND rm -rf 
+    certs/
+    isrg-root-x2.crt
+    lets-encrypt-ca-bundle.crt
+    icp-brasil-ca-bundle.crt
+)
+
+add_custom_target(certs
+  COMMAND xargs -n1 
+    curl 
+      --create-dirs 
+      --output-dir certs 
+      -ksO < ${CMAKE_CURRENT_SOURCE_DIR}/sources
+    && unzip -d certs certs/ACcompactado.zip
+  DEPENDS
+    clear-certs
+)
+
+add_custom_target(isrg-root-x2.crt
+  COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh 
+    buildroot/share/pki/ca-trust-source/anchors/isrg-root-x2.crt
+    certs/isrg-root-x2.pem
+  DEPENDS
+    certs
+)
+
+add_custom_target(lets-encrypt-ca-bundle.crt
+  COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh
+    buildroot/share/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt
+    certs/lets-encrypt-e1.pem
+    certs/lets-encrypt-e2.pem
+    certs/lets-encrypt-r3.pem
+    certs/lets-encrypt-r4.pem
+  DEPENDS
+    certs
+)
+
+add_custom_target(icp-brasil-ca-bundle.crt
+  COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/crt2bundle.sh
+    buildroot/share/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt
+    certs/*.crt
+  DEPENDS
+    certs
+)
+
+add_custom_target(archors ALL
+  DEPENDS
+    isrg-root-x2.crt
+    lets-encrypt-ca-bundle.crt
+    icp-brasil-ca-bundle.crt
+)
+
+install(
+  FILES
+    ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/isrg-root-x2.crt
+    ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt
+    ${CMAKE_CURRENT_BINARY_DIR}/buildroot/share/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt
+  DESTINATION
+    ./share/pki/ca-trust-source/anchors
+)
+
+# vim: ts=2:sw=2:sts=2:et

CPackLists.txt

@@ -0,0 +1,74 @@
+cmake_minimum_required(VERSION 3.16)
+
+set(CPACK_PACKAGE_VERSION "${PROJECT_VERSION}")
+set(CPACK_OUTPUT_FILE_PREFIX "${PROJECT_SOURCE_DIR}/dist")
+set(CPACK_VERBATIM_VARIABLES YES)
+
+set(SourceIgnoreFiles 
+  ".cache"
+  ".clang-format"
+  ".clangd"
+  ".git/"
+  ".gitea/"
+  ".github/"
+  ".gitignore"
+  ".idea"
+  "CMakeCache.txt"
+  "CMakeFiles/"
+  "CPackConfig.cmake$"
+  "CPackSourceConfig.cmake"
+  "CTestTestfile.cmake"
+  "Makefile"
+  "_CPack_Packages/"
+  "build/"
+  "cmake-build*"
+  "cmake_install.cmake"
+  "dist/"
+)
+
+# Escape any '.' and '/' characters
+string(REPLACE "." "\\\." SourceIgnoreFiles "${SourceIgnoreFiles}")
+string(REPLACE "/" "\\\/" SourceIgnoreFiles "${SourceIgnoreFiles}")
+
+set(CPACK_GENERATOR "TGZ")
+set(CPACK_TOPLEVEL_TAG "")
+set(CPACK_INCLUDE_TOPLEVEL_DIRECTORY 0)
+set(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${PROJECT_VERSION}")
+set(CPACK_IGNORE_FILES "${SourceIgnoreFiles}")
+set(CPACK_OUTPUT_CONFIG_FILE "${PROJECT_BINARY_DIR}/CPackConfig.cmake")
+configure_file(
+  "${PROJECT_SOURCE_DIR}/cmake/CPackConfig.cmake.in"
+  "${PROJECT_BINARY_DIR}/CPackConfig.cmake"
+  @ONLY
+)
+
+set(CPACK_SOURCE_GENERATOR "TGZ")
+set(CPACK_SOURCE_TOPLEVEL_TAG "src")
+set(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${PROJECT_VERSION}.${CPACK_SOURCE_TOPLEVEL_TAG}")
+set(CPACK_SOURCE_IGNORE_FILES "${SourceIgnoreFiles}")
+set(CPACK_SOURCE_OUTPUT_CONFIG_FILE "${PROJECT_BINARY_DIR}/CPackSourceConfig.cmake")
+configure_file(
+  "${PROJECT_SOURCE_DIR}/cmake/CPackConfig.cmake.in"
+  "${PROJECT_BINARY_DIR}/CPackSourceConfig.cmake"
+  @ONLY
+)
+
+include(CPack)
+
+add_custom_target(sdist
+  COMMAND "${CMAKE_COMMAND}"
+    --build "${CMAKE_BINARY_DIR}"
+    --target package_source
+  VERBATIM
+  USES_TERMINAL
+)
+
+add_custom_target(dist
+  COMMAND "${CMAKE_COMMAND}"
+    --build "${CMAKE_BINARY_DIR}"
+    --target package
+  VERBATIM
+  USES_TERMINAL
+)
+
+# vim: ts=2:sw=2:sts=2:et:syntax=cmake

README.md

@@ -1,2 +1,12 @@
 # ca-certificates-brazil
 The Brazilian Public Key Infrastructure:  ICP-Brasil
+
+## Description
+The Brazilian Public Key Infrastructure - ICP-Brasil is a hierarchical chain
+of trust that enables the issuance of digital certificates for the virtual
+identification of citizens.
+
+It is observed that the model adopted by Brazil was single-root certification,
+and the ITI, in addition to playing the role of Root Certifying Authority - Root AC,
+also has the role of accrediting and discrediting the other participants in the
+chain, supervise and audit the processes.

cmake/CPackConfig.cmake.in

@@ -0,0 +1,29 @@
+# This file will be configured to contain variables for CPack. These variables
+# should be set in the CMake list file of the project before CPack module is
+# included. Example variables are:
+#   CPACK_GENERATOR                     - Generator used to create package
+#   CPACK_INSTALL_CMAKE_PROJECTS        - For each project (path, name, component)
+#   CPACK_CMAKE_GENERATOR               - CMake Generator used for the projects
+#   CPACK_INSTALL_COMMANDS              - Extra commands to install components
+#   CPACK_INSTALL_DIRECTORIES           - Extra directories to install
+#   CPACK_PACKAGE_DESCRIPTION_FILE      - Description file for the package
+#   CPACK_PACKAGE_DESCRIPTION_SUMMARY   - Summary of the package
+#   CPACK_PACKAGE_EXECUTABLES           - List of pairs of executables and labels
+#   CPACK_PACKAGE_FILE_NAME             - Name of the package generated
+#   CPACK_PACKAGE_ICON                  - Icon used for the package
+#   CPACK_PACKAGE_INSTALL_DIRECTORY     - Name of directory for the installer
+#   CPACK_PACKAGE_NAME                  - Package project name
+#   CPACK_PACKAGE_VENDOR                - Package project vendor
+#   CPACK_PACKAGE_VERSION               - Package project version
+#   CPACK_PACKAGE_VERSION_MAJOR         - Package project version (major)
+#   CPACK_PACKAGE_VERSION_MINOR         - Package project version (minor)
+#   CPACK_PACKAGE_VERSION_PATCH         - Package project version (patch)
+
+# There are certain generator specific ones
+
+# NSIS Generator:
+#   CPACK_PACKAGE_INSTALL_REGISTRY_KEY  - Name of the registry key for the installer
+#   CPACK_NSIS_EXTRA_UNINSTALL_COMMANDS - Extra commands used during uninstall
+#   CPACK_NSIS_EXTRA_INSTALL_COMMANDS   - Extra commands used during install
+
+@_CPACK_OTHER_VARIABLES_@

crt2bundle.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+out=${1}
+mkdir -p $(dirname ${out})
+shift
+
+in=''
+for c in ${*}; do
+  echo "+ Loading CA certificate: ${c}";
+  in="${in} -certfile ${c}";
+done;
+
+openssl crl2pkcs7 -nocrl ${in} \
+  | openssl pkcs7 -print_certs -out ${out}

sources

@@ -0,0 +1,7 @@
+https://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/ACcompactado.zip
+https://acraiz.icpbrasil.gov.br/credenciadas/CertificadosAC-ICP-Brasil/hashsha512.txt
+https://letsencrypt.org/certs/isrg-root-x2.pem
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
+https://letsencrypt.org/certs/lets-encrypt-r3.pem
+https://letsencrypt.org/certs/lets-encrypt-r4.pem