Bug #5259 » 0001-upgrade-ca-certificates-to-latest-version.patch
| recipes-extra/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch | ||
|---|---|---|
| 1 |
ca-certificates is a package from Debian, but some host distros such as Fedora |
|
| 2 |
have a leaner run-parts provided by cron which doesn't support --verbose or the |
|
| 3 |
-- separator between arguments and paths. |
|
| 4 | ||
| 5 |
This solves errors such as |
|
| 6 | ||
| 7 |
| Running hooks in [...]/rootfs/etc/ca-certificates/update.d... |
|
| 8 |
| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found |
|
| 9 |
| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found |
|
| 10 |
| E: Not a directory: -- exited with code 127. |
|
| 11 | ||
| 12 | ||
| 13 |
Upstream-Status: Inappropriate |
|
| 14 |
Signed-off-by: Ross Burton <ross.burton@intel.com> |
|
| 15 |
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> |
|
| 16 |
--- |
|
| 17 |
sbin/update-ca-certificates | 4 +--- |
|
| 18 |
1 file changed, 1 insertion(+), 3 deletions(-) |
|
| 19 | ||
| 20 |
Index: git/sbin/update-ca-certificates |
|
| 21 |
=================================================================== |
|
| 22 |
--- git.orig/sbin/update-ca-certificates |
|
| 23 |
+++ git/sbin/update-ca-certificates |
|
| 24 |
@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] |
|
| 25 |
then |
|
| 26 |
|
|
| 27 |
echo "Running hooks in $HOOKSDIR..." |
|
| 28 |
- VERBOSE_ARG= |
|
| 29 |
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" |
|
| 30 |
- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook |
|
| 31 |
+ eval run-parts --test "$HOOKSDIR" | while read hook |
|
| 32 |
do |
|
| 33 |
( cat "$ADDED" |
|
| 34 |
cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." |
|
| recipes-extra/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch | ||
|---|---|---|
| 1 |
From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001 |
|
| 2 |
From: Ulf Samuelsson <ulf@emagii.com> |
|
| 3 |
Date: Tue, 28 Feb 2012 06:42:58 +0100 |
|
| 4 |
Subject: [PATCH] update-ca-certificates: remove c rehash |
|
| 5 | ||
| 6 |
Updated earlier patch to apply clean on 2012-02-12 |
|
| 7 |
Signed-off-by: Ulf Samuelsson <ulf@emagii.com> |
|
| 8 |
--- |
|
| 9 |
sbin/update-ca-certificates | 20 ++++++++++---------- |
|
| 10 |
1 files changed, 10 insertions(+), 10 deletions(-) |
|
| 11 | ||
| 12 |
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates |
|
| 13 |
index 5375950..c567e3d 100755 |
|
| 14 |
--- a/sbin/update-ca-certificates |
|
| 15 |
+++ b/sbin/update-ca-certificates |
|
| 16 |
@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE" |
|
| 17 |
ADDED_CNT=$(wc -l < "$ADDED") |
|
| 18 |
REMOVED_CNT=$(wc -l < "$REMOVED") |
|
| 19 |
|
|
| 20 |
-if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] |
|
| 21 |
-then |
|
| 22 |
- # only run if set of files has changed |
|
| 23 |
- if [ "$verbose" = 0 ] |
|
| 24 |
- then |
|
| 25 |
- c_rehash . > /dev/null |
|
| 26 |
- else |
|
| 27 |
- c_rehash . |
|
| 28 |
- fi |
|
| 29 |
-fi |
|
| 30 |
+#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] |
|
| 31 |
+#then |
|
| 32 |
+# # only run if set of files has changed |
|
| 33 |
+# if [ "$verbose" = 0 ] |
|
| 34 |
+# then |
|
| 35 |
+# c_rehash . > /dev/null |
|
| 36 |
+# else |
|
| 37 |
+# c_rehash . |
|
| 38 |
+# fi |
|
| 39 |
+#fi |
|
| 40 |
|
|
| 41 |
chmod 0644 "$TEMPBUNDLE" |
|
| 42 |
mv -f "$TEMPBUNDLE" "$CERTBUNDLE" |
|
| 43 |
-- |
|
| 44 |
1.7.4.1 |
|
| 45 | ||
| recipes-extra/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch | ||
|---|---|---|
| 1 |
Upstream-Status: Pending |
|
| 2 | ||
| 3 |
From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001 |
|
| 4 |
From: Andreas Oberritter <obi@opendreambox.org> |
|
| 5 |
Date: Tue, 19 Mar 2013 17:14:33 +0100 |
|
| 6 |
Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT |
|
| 7 | ||
| 8 |
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> |
|
| 9 |
--- |
|
| 10 |
sbin/update-ca-certificates | 14 +++++++------- |
|
| 11 |
1 file changed, 7 insertions(+), 7 deletions(-) |
|
| 12 | ||
| 13 |
Index: git/sbin/update-ca-certificates |
|
| 14 |
=================================================================== |
|
| 15 |
--- git.orig/sbin/update-ca-certificates |
|
| 16 |
+++ git/sbin/update-ca-certificates |
|
| 17 |
@@ -24,12 +24,12 @@ |
|
| 18 |
verbose=0 |
|
| 19 |
fresh=0 |
|
| 20 |
default=0 |
|
| 21 |
-CERTSCONF=/etc/ca-certificates.conf |
|
| 22 |
-CERTSDIR=/usr/share/ca-certificates |
|
| 23 |
-LOCALCERTSDIR=/usr/local/share/ca-certificates |
|
| 24 |
+CERTSCONF=$SYSROOT/etc/ca-certificates.conf |
|
| 25 |
+CERTSDIR=$SYSROOT/usr/share/ca-certificates |
|
| 26 |
+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates |
|
| 27 |
CERTBUNDLE=ca-certificates.crt |
|
| 28 |
-ETCCERTSDIR=/etc/ssl/certs |
|
| 29 |
-HOOKSDIR=/etc/ca-certificates/update.d |
|
| 30 |
+ETCCERTSDIR=$SYSROOT/etc/ssl/certs |
|
| 31 |
+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d |
|
| 32 |
|
|
| 33 |
while [ $# -gt 0 ]; |
|
| 34 |
do |
|
| 35 |
@@ -92,9 +92,9 @@ add() {
|
|
| 36 |
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ |
|
| 37 |
-e 's/[()]/=/g' \ |
|
| 38 |
-e 's/,/_/g').pem" |
|
| 39 |
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] |
|
| 40 |
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
|
| 41 |
then |
|
| 42 |
- ln -sf "$CERT" "$PEM" |
|
| 43 |
+ ln -sf "${CERT##$SYSROOT}" "$PEM"
|
|
| 44 |
echo "+$PEM" >> "$ADDED" |
|
| 45 |
fi |
|
| 46 |
# Add trailing newline to certificate, if it is missing (#635570) |
|
| recipes-extra/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch | ||
|---|---|---|
| 1 |
From a9fc13b2aee55655d58fcb77a3180fa99f96438a Mon Sep 17 00:00:00 2001 |
|
| 2 |
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com> |
|
| 3 |
Date: Wed, 28 Mar 2018 16:45:05 +0100 |
|
| 4 |
Subject: [PATCH] update-ca-certificates: use relative symlinks from |
|
| 5 |
$ETCCERTSDIR |
|
| 6 |
MIME-Version: 1.0 |
|
| 7 |
Content-Type: text/plain; charset=UTF-8 |
|
| 8 |
Content-Transfer-Encoding: 8bit |
|
| 9 | ||
| 10 |
update-ca-certificates symlinks (trusted) certificates |
|
| 11 |
from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR. |
|
| 12 |
update-ca-certificates can call hook scripts installed |
|
| 13 |
into /etc/ca-certificates/update.d. Those scripts are |
|
| 14 |
passed the pem file in /etc/ssl/certs/ that was added or |
|
| 15 |
removed in this run and those pem files are absolute |
|
| 16 |
symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment. |
|
| 17 | ||
| 18 |
When running update-ca-certificates during image build |
|
| 19 |
time, they thusly all point into the host's file system, |
|
| 20 |
not into the $SYSROOT. This means: |
|
| 21 |
* the host's file system layout must match the one |
|
| 22 |
produced by OE, and |
|
| 23 |
* it also means that the host must have installed the same |
|
| 24 |
(or more) certificates as the target in $CERTSDIR and |
|
| 25 |
$LOCALCERTSDIR |
|
| 26 | ||
| 27 |
This is a problem when wanting to execute hook scripts, |
|
| 28 |
because they all need to be taught about $SYSROOT, and |
|
| 29 |
behave differently depending on whether they're called |
|
| 30 |
at image build time, or on the target, as otherwise they |
|
| 31 |
will be trying to actually read the host's certificates |
|
| 32 |
from $CERTSDIR or $LOCALCERTSDIR. |
|
| 33 | ||
| 34 |
This also is a problem when running anything else during |
|
| 35 |
image build time that depends on the trusted CA |
|
| 36 |
certificates. |
|
| 37 | ||
| 38 |
Changing the symlink to be relative solves all of these |
|
| 39 |
problems. Do so. |
|
| 40 | ||
| 41 |
Upstream-Status: Inappropriate [OE-specific] |
|
| 42 |
Signed-off-by: André Draszik <andre.draszik@jci.com> |
|
| 43 |
--- |
|
| 44 |
sbin/update-ca-certificates | 6 ++++-- |
|
| 45 |
1 file changed, 4 insertions(+), 2 deletions(-) |
|
| 46 | ||
| 47 |
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates |
|
| 48 |
index 00f80c7..7e911a9 100755 |
|
| 49 |
--- a/sbin/update-ca-certificates |
|
| 50 |
+++ b/sbin/update-ca-certificates |
|
| 51 |
@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates |
|
| 52 |
LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates |
|
| 53 |
CERTBUNDLE=ca-certificates.crt |
|
| 54 |
ETCCERTSDIR=$SYSROOT/etc/ssl/certs |
|
| 55 |
+FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system |
|
| 56 |
HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d |
|
| 57 |
|
|
| 58 |
while [ $# -gt 0 ]; |
|
| 59 |
@@ -125,9 +126,10 @@ add() {
|
|
| 60 |
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ |
|
| 61 |
-e 's/[()]/=/g' \ |
|
| 62 |
-e 's/,/_/g').pem" |
|
| 63 |
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
|
| 64 |
+ DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )"
|
|
| 65 |
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
|
|
| 66 |
then |
|
| 67 |
- ln -sf "${CERT##$SYSROOT}" "$PEM"
|
|
| 68 |
+ ln -sf "${DST}" "$PEM"
|
|
| 69 |
echo "+$PEM" >> "$ADDED" |
|
| 70 |
fi |
|
| 71 |
# Add trailing newline to certificate, if it is missing (#635570) |
|
| recipes-extra/ca-certificates/ca-certificates/default-sysroot.patch | ||
|---|---|---|
| 1 |
Upstream-Status: Pending |
|
| 2 | ||
| 3 |
update-ca-certificates: find SYSROOT relative to its own location |
|
| 4 | ||
| 5 |
This makes the script relocatable. |
|
| 6 | ||
| 7 |
Index: git/sbin/update-ca-certificates |
|
| 8 |
=================================================================== |
|
| 9 |
--- git.orig/sbin/update-ca-certificates |
|
| 10 |
+++ git/sbin/update-ca-certificates |
|
| 11 |
@@ -66,6 +66,39 @@ do |
|
| 12 |
shift |
|
| 13 |
done |
|
| 14 |
|
|
| 15 |
+if [ -z "$SYSROOT" ]; then |
|
| 16 |
+ local_which () {
|
|
| 17 |
+ if [ $# -lt 1 ]; then |
|
| 18 |
+ return 1 |
|
| 19 |
+ fi |
|
| 20 |
+ |
|
| 21 |
+ ( |
|
| 22 |
+ IFS=: |
|
| 23 |
+ for entry in $PATH; do |
|
| 24 |
+ if [ -x "$entry/$1" ]; then |
|
| 25 |
+ echo "$entry/$1" |
|
| 26 |
+ exit 0 |
|
| 27 |
+ fi |
|
| 28 |
+ done |
|
| 29 |
+ exit 1 |
|
| 30 |
+ ) |
|
| 31 |
+ } |
|
| 32 |
+ |
|
| 33 |
+ case "$0" in |
|
| 34 |
+ */*) |
|
| 35 |
+ sbindir=$(cd ${0%/*} && pwd)
|
|
| 36 |
+ ;; |
|
| 37 |
+ *) |
|
| 38 |
+ sbindir=$(cd $(dirname $(local_which $0)) && pwd) |
|
| 39 |
+ ;; |
|
| 40 |
+ esac |
|
| 41 |
+ prefix=${sbindir%/*}
|
|
| 42 |
+ SYSROOT=${prefix%/*}
|
|
| 43 |
+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then |
|
| 44 |
+ SYSROOT= |
|
| 45 |
+ fi |
|
| 46 |
+fi |
|
| 47 |
+ |
|
| 48 |
if [ ! -s "$CERTSCONF" ] |
|
| 49 |
then |
|
| 50 |
fresh=1 |
|
| recipes-extra/ca-certificates/ca-certificates/sbindir.patch | ||
|---|---|---|
| 1 |
sbin/Makefile: Allow the sbin path to be configurable |
|
| 2 | ||
| 3 |
Some project sharing ca-certificates from Debian allow configuration |
|
| 4 |
of the installation location. Make the sbin location configurable. |
|
| 5 | ||
| 6 |
Also ensure the target directory exists |
|
| 7 | ||
| 8 |
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
|
| 9 |
Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] |
|
| 10 | ||
| 11 |
--- ca-certificates-20130119.orig/sbin/Makefile |
|
| 12 |
+++ ca-certificates-20130119/sbin/Makefile |
|
| 13 |
@@ -3,9 +3,12 @@ |
|
| 14 |
# |
|
| 15 |
# |
|
| 16 | ||
| 17 |
+SBINDIR = /usr/sbin |
|
| 18 |
+ |
|
| 19 |
all: |
|
| 20 | ||
| 21 |
clean: |
|
| 22 | ||
| 23 |
install: |
|
| 24 |
- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ |
|
| 25 |
+ install -d $(DESTDIR)$(SBINDIR) |
|
| 26 |
+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ |
|
| recipes-extra/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch | ||
|---|---|---|
| 1 |
update-ca-certificates: Replace deprecated mktemp -t with mktemp --tmpdir |
|
| 2 | ||
| 3 |
According to coreutils docs, mktemp -t is deprecated, switch to the |
|
| 4 |
--tmpdir option instead. |
|
| 5 | ||
| 6 |
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> |
|
| 7 |
Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/5] |
|
| 8 | ||
| 9 |
[This was originally for compatibility with toybox but toybox now |
|
| 10 |
supports -t] |
|
| 11 |
--- |
|
| 12 |
sbin/update-ca-certificates | 6 +++--- |
|
| 13 |
1 file changed, 3 insertions(+), 3 deletions(-) |
|
| 14 | ||
| 15 |
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates |
|
| 16 |
index 79c41bb..ae9e3f1 100755 |
|
| 17 |
--- a/sbin/update-ca-certificates |
|
| 18 |
+++ b/sbin/update-ca-certificates |
|
| 19 |
@@ -113,9 +113,9 @@ trap cleanup 0 |
|
| 20 |
|
|
| 21 |
# Helper files. (Some of them are not simple arrays because we spawn |
|
| 22 |
# subshells later on.) |
|
| 23 |
-TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
|
|
| 24 |
-ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" |
|
| 25 |
-REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" |
|
| 26 |
+TEMPBUNDLE="$(mktemp --tmpdir "${CERTBUNDLE}.tmp.XXXXXX")"
|
|
| 27 |
+ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" |
|
| 28 |
+REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" |
|
| 29 |
|
|
| 30 |
# Adds a certificate to the list of trusted ones. This includes a symlink |
|
| 31 |
# in /etc/ssl/certs to the certificate file and its inclusion into the |
|
| 32 |
-- |
|
| 33 |
2.1.4 |
|
| recipes-extra/ca-certificates/ca-certificates_20120623.bb | ||
|---|---|---|
| 1 |
DESCRIPTION = "Common CA certificates" |
|
| 2 |
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" |
|
| 3 |
SECTION = "misc" |
|
| 4 |
LICENSE = "GPLv2+" |
|
| 5 |
LIC_FILES_CHKSUM = "file://debian/copyright;md5=6135800ff6d893c7904d7aad90972eb5" |
|
| 6 | ||
| 7 |
SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+files/ca-certificates_${PV}.tar.gz \
|
|
| 8 |
file://0001-update-ca-certificates-remove-c-rehash.patch" |
|
| 9 | ||
| 10 |
SRC_URI[md5sum] = "5105d4cc086f0d4ecf7bf2e4c4667289" |
|
| 11 |
SRC_URI[sha256sum] = "878cd1130ba056fe5f96decde7e5fc1b71d35eb8565a1515744912e100731ee9" |
|
| 12 | ||
| 13 |
inherit allarch |
|
| 14 | ||
| 15 |
do_install_prepend() {
|
|
| 16 |
mkdir -p ${D}/usr/share/ca-certificates
|
|
| 17 |
mkdir -p ${D}/usr/sbin
|
|
| 18 |
mkdir -p ${D}/etc/ssl/certs
|
|
| 19 |
mkdir -p ${D}/etc/ca-certificates/update.d
|
|
| 20 | ||
| 21 |
oe_runmake 'DESTDIR=${D}' install
|
|
| 22 |
} |
|
| 23 | ||
| 24 |
do_install_append() {
|
|
| 25 |
cd ${D}/usr/share/ca-certificates
|
|
| 26 |
echo "# Lines starting with # will be ignored" > ${D}/etc/ca-certificates.conf
|
|
| 27 |
echo "# Lines starting with ! will remove certificate on next update" >> ${D}/etc/ca-certificates.conf
|
|
| 28 |
echo "#" >> ${D}/etc/ca-certificates.conf
|
|
| 29 |
for crt in $(find . -type f -name '*.crt' -print) |
|
| 30 |
do |
|
| 31 |
crt=$(echo $crt | sed -e 's/\.\///') |
|
| 32 |
echo $crt >> ${D}/etc/ca-certificates.conf
|
|
| 33 |
done |
|
| 34 |
} |
|
| 35 | ||
| 36 |
pkg_postinst_${PN} () {
|
|
| 37 |
if [ -n "$D" ] ; then |
|
| 38 |
exit 1 |
|
| 39 |
fi |
|
| 40 | ||
| 41 |
${sbindir}/update-ca-certificates
|
|
| 42 |
} |
|
| 43 | ||
| 44 |
CONFFILES_${PN} = "/etc/ca-certificates.conf"
|
|
| 45 | ||
| 46 |
DEFAULT_PREFERENCE = "-1" |
|
| recipes-extra/ca-certificates/ca-certificates_20210119.bb | ||
|---|---|---|
| 1 |
SUMMARY = "Common CA certificates" |
|
| 2 |
DESCRIPTION = "This package includes PEM files of CA certificates to allow \ |
|
| 3 |
SSL-based applications to check for the authenticity of SSL connections. \ |
|
| 4 |
This derived from Debian's CA Certificates." |
|
| 5 |
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" |
|
| 6 |
SECTION = "misc" |
|
| 7 |
LICENSE = "GPL-2.0+ & MPL-2.0" |
|
| 8 |
LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" |
|
| 9 | ||
| 10 |
# This is needed to ensure we can run the postinst at image creation time |
|
| 11 |
DEPENDS = "" |
|
| 12 |
DEPENDS_class-native = "openssl-native" |
|
| 13 |
DEPENDS_class-nativesdk = "openssl-native" |
|
| 14 |
# Need rehash from openssl and run-parts from debianutils |
|
| 15 |
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" |
|
| 16 | ||
| 17 |
SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" |
|
| 18 | ||
| 19 |
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ |
|
| 20 |
file://0002-update-ca-certificates-use-SYSROOT.patch \ |
|
| 21 |
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ |
|
| 22 |
file://update-ca-certificates-support-Toybox.patch \ |
|
| 23 |
file://default-sysroot.patch \ |
|
| 24 |
file://sbindir.patch \ |
|
| 25 |
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ |
|
| 26 |
" |
|
| 27 |
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)" |
|
| 28 | ||
| 29 |
S = "${WORKDIR}/git"
|
|
| 30 | ||
| 31 |
inherit allarch |
|
| 32 | ||
| 33 |
EXTRA_OEMAKE = "\ |
|
| 34 |
'CERTSDIR=${datadir}/ca-certificates' \
|
|
| 35 |
'SBINDIR=${sbindir}' \
|
|
| 36 |
" |
|
| 37 | ||
| 38 |
do_compile_prepend() {
|
|
| 39 |
oe_runmake clean |
|
| 40 |
} |
|
| 41 | ||
| 42 |
do_install () {
|
|
| 43 |
install -d ${D}${datadir}/ca-certificates \
|
|
| 44 |
${D}${sysconfdir}/ssl/certs \
|
|
| 45 |
${D}${sysconfdir}/ca-certificates/update.d
|
|
| 46 |
oe_runmake 'DESTDIR=${D}' install
|
|
| 47 | ||
| 48 |
install -d ${D}${mandir}/man8
|
|
| 49 |
install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
|
|
| 50 | ||
| 51 |
install -d ${D}${sysconfdir}
|
|
| 52 |
{
|
|
| 53 |
echo "# Lines starting with # will be ignored" |
|
| 54 |
echo "# Lines starting with ! will remove certificate on next update" |
|
| 55 |
echo "#" |
|
| 56 |
find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
|
|
| 57 |
sed 's,^${D}${datadir}/ca-certificates/,,' | sort
|
|
| 58 |
} >${D}${sysconfdir}/ca-certificates.conf
|
|
| 59 |
} |
|
| 60 | ||
| 61 |
do_install_append_class-target () {
|
|
| 62 |
sed -i -e 's,/etc/,${sysconfdir}/,' \
|
|
| 63 |
-e 's,/usr/share/,${datadir}/,' \
|
|
| 64 |
-e 's,/usr/local,${prefix}/local,' \
|
|
| 65 |
${D}${sbindir}/update-ca-certificates \
|
|
| 66 |
${D}${mandir}/man8/update-ca-certificates.8
|
|
| 67 |
} |
|
| 68 | ||
| 69 |
pkg_postinst_${PN}_class-target () {
|
|
| 70 |
SYSROOT="$D" $D${sbindir}/update-ca-certificates
|
|
| 71 |
} |
|
| 72 | ||
| 73 |
CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
|
|
| 74 | ||
| 75 |
# Rather than make a postinst script that works for both target and nativesdk, |
|
| 76 |
# we just run update-ca-certificate from do_install() for nativesdk. |
|
| 77 |
CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
|
|
| 78 |
do_install_append_class-nativesdk () {
|
|
| 79 |
SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
|
|
| 80 |
} |
|
| 81 | ||
| 82 |
do_install_append_class-native () {
|
|
| 83 |
SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
|
|
| 84 |
} |
|
| 85 | ||
| 86 |
RDEPENDS_${PN} += "openssl"
|
|
| 87 |
#RDEPENDS_${PN}_append_class-target = " openssl-bin openssl"
|
|
| 88 |
#RDEPENDS_${PN}_append_class-native = " openssl-native"
|
|
| 89 |
#RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
|
|
| 90 | ||
| 91 |
BBCLASSEXTEND = "native nativesdk" |
|
