ca-certificates: update to latest version

Use recipes from poky/master to get latest versions for ca-certificates. Old certificates were causing problems with webengine. The patch removing usage of c_rehash was not included, as we don't use it. Change-Id: I099bed36de9cfa3f78d8e8ca0b6e1f7c30c6c16e Reviewed-by: aavit <eirik.aavitsland@theqtcompany.com>
author: Samuli Piippo <samuli.piippo@theqtcompany.com> 2015-08-20 09:28:53 +0300
committer: Samuli Piippo <samuli.piippo@theqtcompany.com> 2015-08-21 05:15:14 +0000
commit: 08d414d1e8751fa40ca8f6aa993b3ffc2b35cbeb (patch)
tree: 084f379552b63db05a95e59079066e6645473fb6 /recipes/ca-certificates
parent: 17dd65fe3e5774a5c55124d169646e87d86dbce1 (diff)
download: meta-boot2qt-08d414d1e8751fa40ca8f6aa993b3ffc2b35cbeb.tar.gz
5 files changed, 226 insertions, 0 deletions
diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
new file mode 100644
index 0000000..4b4b287
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -0,0 +1,30 @@
+ca-certificates is a package from Debian, but some host distros such as Fedora
+have a leaner run-parts provided by cron which doesn't support --verbose or the
+ -- separator between arguments and paths.
+This solves errors such as
+| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
+| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ sbin/update-ca-certificates | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
+@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
+ then
+ 
+   echo "Running hooks in $HOOKSDIR..."
+-  VERBOSE_ARG=
+-  [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
+-  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+  eval run-parts --test -- "$HOOKSDIR" | while read hook
+   do
+     ( cat "$ADDED"
+       cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
new file mode 100644
index 0000000..792b403
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Pending
+From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
+From: Andreas Oberritter <obi@opendreambox.org>
+Date: Tue, 19 Mar 2013 17:14:33 +0100
+Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+---
+ sbin/update-ca-certificates |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
+@@ -24,12 +24,12 @@
+ verbose=0
+ fresh=0
+ default=0
+-CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
+CERTSDIR=$SYSROOT/usr/share/ca-certificates
+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=/etc/ssl/certs
+-HOOKSDIR=/etc/ca-certificates/update.d
+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
+ 
+ while [ $# -gt 0 ];
+ do
+@@ -92,9 +92,9 @@ add() {
+   PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
+                                                   -e 's/[()]/=/g' \
+                                                   -e 's/,/_/g').pem"
+-  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
+   then
+-    ln -sf "$CERT" "$PEM"
+    ln -sf "${CERT##$SYSROOT}" "$PEM"
+     echo "+$PEM" >> "$ADDED"
+   fi
+   # Add trailing newline to certificate, if it is missing (#635570)
diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
new file mode 100644
index 0000000..f8b0791
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Pending
+update-ca-certificates: find SYSROOT relative to its own location
+This makes the script relocatable.
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
+++ git/sbin/update-ca-certificates
+@@ -66,6 +66,39 @@ do
+   shift
+ done
+ 
+if [ -z "$SYSROOT" ]; then
+  local_which () {
+    if [ $# -lt 1 ]; then
+      return 1
+    fi
+
+    (
+      IFS=:
+      for entry in $PATH; do
+        if [ -x "$entry/$1" ]; then
+          echo "$entry/$1"
+          exit 0
+        fi
+      done
+      exit 1
+    )
+  }
+
+  case "$0" in
+    */*)
+      sbindir=$(cd ${0%/*} && pwd)
+      ;;
+    *)
+      sbindir=$(cd $(dirname $(local_which $0)) && pwd)
+      ;;
+  esac
+  prefix=${sbindir%/*}
+  SYSROOT=${prefix%/*}
+  if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
+    SYSROOT=
+  fi
+fi
+
+ if [ ! -s "$CERTSCONF" ]
+ then
+   fresh=1
diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch
new file mode 100644
index 0000000..a113fa8
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
+Upstream-Status: Pending
+Let us alter the install destination of the script via SBINDIR
+--- ca-certificates-20130119.orig/sbin/Makefile
+++ ca-certificates-20130119/sbin/Makefile
+@@ -3,9 +3,12 @@
+ #
+ #
+SBINDIR = /usr/sbin
+
+ all:
+ clean:
+ install:
+-       install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
+       install -d $(DESTDIR)$(SBINDIR)
+       install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/recipes/ca-certificates/ca-certificates_20150426.bb b/recipes/ca-certificates/ca-certificates_20150426.bb
new file mode 100644
index 0000000..716e3df
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates_20150426.bb
@@ -0,0 +1,80 @@
+SUMMARY = "Common CA certificates"
+DESCRIPTION = "This package includes PEM files of CA certificates to allow \
+SSL-based applications to check for the authenticity of SSL connections. \
+This derived from Debian's CA Certificates."
+HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
+SECTION = "misc"
+LICENSE = "GPL-2.0+ & MPL-2.0"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a"
+# This is needed to ensure we can run the postinst at image creation time
+DEPENDS = "ca-certificates-native"
+DEPENDS_class-native = ""
+# tag: debian/20150426 + 2
+SRCREV = "d4790d2832aaac9152f450e06661511067592227"
+SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
+           file://0001-update-ca-certificates-remove-c-rehash.patch \
+           file://0002-update-ca-certificates-use-SYSROOT.patch \
+           file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
+           file://default-sysroot.patch \
+           file://sbindir.patch"
+S = "${WORKDIR}/git"
+inherit allarch
+EXTRA_OEMAKE = "\
+    'CERTSDIR=${datadir}/ca-certificates' \
+    'SBINDIR=${sbindir}' \
+"
+do_compile_prepend() {
+    oe_runmake clean
+}
+do_install () {
+    install -d ${D}${datadir}/ca-certificates \
+               ${D}${sysconfdir}/ssl/certs \
+               ${D}${sysconfdir}/ca-certificates/update.d
+    oe_runmake 'DESTDIR=${D}' install
+    install -d ${D}${mandir}/man8
+    install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
+    install -d ${D}${sysconfdir}
+    {
+        echo "# Lines starting with # will be ignored"
+        echo "# Lines starting with ! will remove certificate on next update"
+        echo "#"
+        find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
+            sed 's,^${D}${datadir}/ca-certificates/,,'
+    } >${D}${sysconfdir}/ca-certificates.conf
+}
+do_install_append_class-target () {
+    sed -i -e 's,/etc/,${sysconfdir}/,' \
+           -e 's,/usr/share/,${datadir}/,' \
+           -e 's,/usr/local,${prefix}/local,' \
+        ${D}${sbindir}/update-ca-certificates \
+        ${D}${mandir}/man8/update-ca-certificates.8
+}
+pkg_postinst_${PN} () {
+    SYSROOT="$D" update-ca-certificates
+}
+CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
+CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
+do_install_append_class-nativesdk () {
+    SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
+}
+do_install_append_class-native () {
+    SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
+}
+BBCLASSEXTEND += "native nativesdk"
author	Samuli Piippo <samuli.piippo@theqtcompany.com>	2015-08-20 09:28:53 +0300
committer	Samuli Piippo <samuli.piippo@theqtcompany.com>	2015-08-21 05:15:14 +0000
commit	08d414d1e8751fa40ca8f6aa993b3ffc2b35cbeb (patch)
tree	084f379552b63db05a95e59079066e6645473fb6 /recipes/ca-certificates
parent	17dd65fe3e5774a5c55124d169646e87d86dbce1 (diff)
download	meta-boot2qt-08d414d1e8751fa40ca8f6aa993b3ffc2b35cbeb.tar.gz

diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch new file mode 100644 index 0000000..4b4b287 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -0,0 +1,30 @@
	1	ca-certificates is a package from Debian, but some host distros such as Fedora
	2	have a leaner run-parts provided by cron which doesn't support --verbose or the
	3	-- separator between arguments and paths.
	4
	5	This solves errors such as
	6
	7	\| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
	8	\| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
	9
	10	Upstream-Status: Inappropriate
	11	Signed-off-by: Ross Burton <ross.burton@intel.com>
	12	---
	13	sbin/update-ca-certificates \| 4 +---
	14	1 file changed, 1 insertion(+), 3 deletions(-)
	15
	16	Index: git/sbin/update-ca-certificates
	17	===================================================================
	18	--- git.orig/sbin/update-ca-certificates
	19	+++ git/sbin/update-ca-certificates
	20	@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
	21	then
	22
	23	echo "Running hooks in $HOOKSDIR..."
	24	- VERBOSE_ARG=
	25	- [ "$verbose" = 0 ] \|\| VERBOSE_ARG="--verbose"
	26	- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" \| while read hook
	27	+ eval run-parts --test -- "$HOOKSDIR" \| while read hook
	28	do
	29	( cat "$ADDED"
	30	cat "$REMOVED" ) \| "$hook" \|\| echo "E: $hook exited with code $?."


diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch new file mode 100644 index 0000000..792b403 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -0,0 +1,46 @@
	1	Upstream-Status: Pending
	2
	3	From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
	4	From: Andreas Oberritter <obi@opendreambox.org>
	5	Date: Tue, 19 Mar 2013 17:14:33 +0100
	6	Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
	7
	8	Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
	9	---
	10	sbin/update-ca-certificates \| 14 +++++++-------
	11	1 file changed, 7 insertions(+), 7 deletions(-)
	12
	13	Index: git/sbin/update-ca-certificates
	14	===================================================================
	15	--- git.orig/sbin/update-ca-certificates
	16	+++ git/sbin/update-ca-certificates
	17	@@ -24,12 +24,12 @@
	18	verbose=0
	19	fresh=0
	20	default=0
	21	-CERTSCONF=/etc/ca-certificates.conf
	22	-CERTSDIR=/usr/share/ca-certificates
	23	-LOCALCERTSDIR=/usr/local/share/ca-certificates
	24	+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
	25	+CERTSDIR=$SYSROOT/usr/share/ca-certificates
	26	+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
	27	CERTBUNDLE=ca-certificates.crt
	28	-ETCCERTSDIR=/etc/ssl/certs
	29	-HOOKSDIR=/etc/ca-certificates/update.d
	30	+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
	31	+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
	32
	33	while [ $# -gt 0 ];
	34	do
	35	@@ -92,9 +92,9 @@ add() {
	36	PEM="$ETCCERTSDIR/$(basename "$CERT" .crt \| sed -e 's/ /_/g' \
	37	-e 's/[()]/=/g' \
	38	-e 's/,/_/g').pem"
	39	- if ! test -e "$PEM" \|\| [ "$(readlink "$PEM")" != "$CERT" ]
	40	+ if ! test -e "$PEM" \|\| [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
	41	then
	42	- ln -sf "$CERT" "$PEM"
	43	+ ln -sf "${CERT##$SYSROOT}" "$PEM"
	44	echo "+$PEM" >> "$ADDED"
	45	fi
	46	# Add trailing newline to certificate, if it is missing (#635570)


diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch new file mode 100644 index 0000000..f8b0791 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,50 @@
	1	Upstream-Status: Pending
	2
	3	update-ca-certificates: find SYSROOT relative to its own location
	4
	5	This makes the script relocatable.
	6
	7	Index: git/sbin/update-ca-certificates
	8	===================================================================
	9	--- git.orig/sbin/update-ca-certificates
	10	+++ git/sbin/update-ca-certificates
	11	@@ -66,6 +66,39 @@ do
	12	shift
	13	done
	14
	15	+if [ -z "$SYSROOT" ]; then
	16	+ local_which () {
	17	+ if [ $# -lt 1 ]; then
	18	+ return 1
	19	+ fi
	20	+
	21	+ (
	22	+ IFS=:
	23	+ for entry in $PATH; do
	24	+ if [ -x "$entry/$1" ]; then
	25	+ echo "$entry/$1"
	26	+ exit 0
	27	+ fi
	28	+ done
	29	+ exit 1
	30	+ )
	31	+ }
	32	+
	33	+ case "$0" in
	34	+ /)
	35	+ sbindir=$(cd ${0%/*} && pwd)
	36	+ ;;
	37	+ *)
	38	+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
	39	+ ;;
	40	+ esac
	41	+ prefix=${sbindir%/*}
	42	+ SYSROOT=${prefix%/*}
	43	+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
	44	+ SYSROOT=
	45	+ fi
	46	+fi
	47	+
	48	if [ ! -s "$CERTSCONF" ]
	49	then
	50	fresh=1


diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch new file mode 100644 index 0000000..a113fa8 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
	1	Upstream-Status: Pending
	2
	3	Let us alter the install destination of the script via SBINDIR
	4
	5	--- ca-certificates-20130119.orig/sbin/Makefile
	6	+++ ca-certificates-20130119/sbin/Makefile
	7	@@ -3,9 +3,12 @@
	8	#
	9	#
	10
	11	+SBINDIR = /usr/sbin
	12	+
	13	all:
	14
	15	clean:
	16
	17	install:
	18	- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
	19	+ install -d $(DESTDIR)$(SBINDIR)
	20	+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/


diff --git a/recipes/ca-certificates/ca-certificates_20150426.bb b/recipes/ca-certificates/ca-certificates_20150426.bb new file mode 100644 index 0000000..716e3df --- /dev/null +++ b/recipes/ca-certificates/ca-certificates_20150426.bb
@@ -0,0 +1,80 @@
	1	SUMMARY = "Common CA certificates"
	2	DESCRIPTION = "This package includes PEM files of CA certificates to allow \
	3	SSL-based applications to check for the authenticity of SSL connections. \
	4	This derived from Debian's CA Certificates."
	5	HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
	6	SECTION = "misc"
	7	LICENSE = "GPL-2.0+ & MPL-2.0"
	8	LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a"
	9
	10	# This is needed to ensure we can run the postinst at image creation time
	11	DEPENDS = "ca-certificates-native"
	12	DEPENDS_class-native = ""
	13
	14	# tag: debian/20150426 + 2
	15	SRCREV = "d4790d2832aaac9152f450e06661511067592227"
	16
	17	SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
	18	file://0001-update-ca-certificates-remove-c-rehash.patch \
	19	file://0002-update-ca-certificates-use-SYSROOT.patch \
	20	file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
	21	file://default-sysroot.patch \
	22	file://sbindir.patch"
	23
	24	S = "${WORKDIR}/git"
	25
	26	inherit allarch
	27
	28	EXTRA_OEMAKE = "\
	29	'CERTSDIR=${datadir}/ca-certificates' \
	30	'SBINDIR=${sbindir}' \
	31	"
	32
	33	do_compile_prepend() {
	34	oe_runmake clean
	35	}
	36
	37	do_install () {
	38	install -d ${D}${datadir}/ca-certificates \
	39	${D}${sysconfdir}/ssl/certs \
	40	${D}${sysconfdir}/ca-certificates/update.d
	41	oe_runmake 'DESTDIR=${D}' install
	42
	43	install -d ${D}${mandir}/man8
	44	install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
	45
	46	install -d ${D}${sysconfdir}
	47	{
	48	echo "# Lines starting with # will be ignored"
	49	echo "# Lines starting with ! will remove certificate on next update"
	50	echo "#"
	51	find ${D}${datadir}/ca-certificates -type f -name '*.crt' \| \
	52	sed 's,^${D}${datadir}/ca-certificates/,,'
	53	} >${D}${sysconfdir}/ca-certificates.conf
	54	}
	55
	56	do_install_append_class-target () {
	57	sed -i -e 's,/etc/,${sysconfdir}/,' \
	58	-e 's,/usr/share/,${datadir}/,' \
	59	-e 's,/usr/local,${prefix}/local,' \
	60	${D}${sbindir}/update-ca-certificates \
	61	${D}${mandir}/man8/update-ca-certificates.8
	62	}
	63
	64	pkg_postinst_${PN} () {
	65	SYSROOT="$D" update-ca-certificates
	66	}
	67
	68	CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
	69
	70	# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
	71	CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
	72	do_install_append_class-nativesdk () {
	73	SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
	74	}
	75
	76	do_install_append_class-native () {
	77	SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
	78	}
	79
	80	BBCLASSEXTEND += "native nativesdk"