summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOtavio Salvador <otavio@ossystems.com.br>2016-05-23 17:45:27 -0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 13:14:22 +0100
commit8aea6ad597063fce98aefdd0b13cd834b718247a (patch)
treece388c8c2417bb88db3a1d959134bb4f022b7f83
parent051883f8776c895841f6d274e81b3f9691ca4b3a (diff)
downloadpoky-8aea6ad597063fce98aefdd0b13cd834b718247a.tar.gz
openssl: Ensure SSL certificates are stored on sysconfdir
Debian and other generic distributions has moved the certificates for sysconfdir (/etc/ssl) and made the libdir content to link for it. This provides several advantages specially for read-only rootfs. Another benefit is that it ensures foreign implementations (e.g: BoringSSL, from Chromium, when running with OpenSSL backend for the certificates) to find the content correctly. (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95) (From OE-Core rev: 735f4528b5046024f118658cda8ee340ff8aa082) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl.inc17
1 files changed, 14 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a10c45e0c7..20dd74062a 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
43# package RRECOMMENDS on this package. This will enable the configuration 43# package RRECOMMENDS on this package. This will enable the configuration
44# file to be installed for both the base openssl package and the libcrypto 44# file to be installed for both the base openssl package and the libcrypto
45# package since the base openssl package depends on the libcrypto package. 45# package since the base openssl package depends on the libcrypto package.
46FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" 46FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
47CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" 47CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
48RRECOMMENDS_libcrypto += "openssl-conf" 48RRECOMMENDS_libcrypto += "openssl-conf"
49RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" 49RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
50 50
@@ -185,6 +185,17 @@ do_install () {
185 else 185 else
186 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget 186 rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
187 fi 187 fi
188
189 # Create SSL structure
190 install -d ${D}${sysconfdir}/ssl/
191 mv ${D}${libdir}/ssl/openssl.cnf \
192 ${D}${libdir}/ssl/certs \
193 ${D}${libdir}/ssl/private \
194 \
195 ${D}${sysconfdir}/ssl/
196 ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
197 ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
198 ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
188} 199}
189 200
190do_install_ptest () { 201do_install_ptest () {
@@ -198,7 +209,7 @@ do_install_ptest () {
198 cp -r certs ${D}${PTEST_PATH} 209 cp -r certs ${D}${PTEST_PATH}
199 mkdir -p ${D}${PTEST_PATH}/apps 210 mkdir -p ${D}${PTEST_PATH}/apps
200 ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps 211 ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
201 ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps 212 ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
202 ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps 213 ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
203 cp apps/server2.pem ${D}${PTEST_PATH}/apps 214 cp apps/server2.pem ${D}${PTEST_PATH}/apps
204 mkdir -p ${D}${PTEST_PATH}/util 215 mkdir -p ${D}${PTEST_PATH}/util