summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/ca-certificates
diff options
context:
space:
mode:
authorChristopher Larson <chris_larson@mentor.com>2013-08-23 12:26:14 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2013-08-26 11:29:46 +0100
commit2413ff05ba98fc8b44bf1acd666950d252e6a1e9 (patch)
tree8a01efc3b795f86777bcf06c3a040b165079ba36 /meta/recipes-support/ca-certificates
parentf541b7388cebaceee5867825d250c568b2b1db3c (diff)
downloadpoky-2413ff05ba98fc8b44bf1acd666950d252e6a1e9.tar.gz
ca-certificates: add recipe (version 20130610)
We need this for certain nativesdk recipes, as we can't rely on the certificate path or bundle path being the same across distros, and it's useful in many cases on the target as well. This is based on the 20130119 recipe from meta-oe, with the following changes: - use the debian git repository to avoid vanishing sources - obey our target paths - default to a sysroot relative to the script location (make relocatable) - define SUMMARY - don't inherit autotools, this isn't an autotools package - add MPL-2.0 to LICENSE, as that's the license of the certdata - install the script man page - use a native rather than cross recipe, as it's not bound in any way to the target system - add nativesdk to bbclassextend, for use in SDKs (From OE-Core rev: ad2851cf0abc2ab35e0f60c96d3142c29a07c8fc) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/ca-certificates')
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch46
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch55
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch55
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch20
-rw-r--r--meta/recipes-support/ca-certificates/ca-certificates_20130610.bb63
5 files changed, 239 insertions, 0 deletions
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
new file mode 100644
index 0000000000..bf027233d1
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
@@ -0,0 +1,46 @@
1Upstream-Status: Pending
2
3From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001
4From: Ulf Samuelsson <ulf@emagii.com>
5Date: Tue, 28 Feb 2012 06:42:58 +0100
6Subject: [PATCH] update-ca-certificates: remove c rehash
7
8Updated earlier patch to apply clean on 2012-02-12
9Signed-off-by: Ulf Samuelsson <ulf@emagii.com>
10---
11 sbin/update-ca-certificates | 20 ++++++++++----------
12 1 files changed, 10 insertions(+), 10 deletions(-)
13
14diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
15index 5375950..c567e3d 100755
16--- a/sbin/update-ca-certificates
17+++ b/sbin/update-ca-certificates
18@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE"
19 ADDED_CNT=$(wc -l < "$ADDED")
20 REMOVED_CNT=$(wc -l < "$REMOVED")
21
22-if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
23-then
24- # only run if set of files has changed
25- if [ "$verbose" = 0 ]
26- then
27- c_rehash . > /dev/null
28- else
29- c_rehash .
30- fi
31-fi
32+#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
33+#then
34+# # only run if set of files has changed
35+# if [ "$verbose" = 0 ]
36+# then
37+# c_rehash . > /dev/null
38+# else
39+# c_rehash .
40+# fi
41+#fi
42
43 chmod 0644 "$TEMPBUNDLE"
44 mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
45--
461.7.4.1
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
new file mode 100644
index 0000000000..f4c84fea44
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -0,0 +1,55 @@
1Upstream-Status: Pending
2
3From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
4From: Andreas Oberritter <obi@opendreambox.org>
5Date: Tue, 19 Mar 2013 17:14:33 +0100
6Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
7
8Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
9---
10 sbin/update-ca-certificates | 14 +++++++-------
11 1 file changed, 7 insertions(+), 7 deletions(-)
12
13diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
14index c567e3d..923b68a 100755
15--- a/sbin/update-ca-certificates
16+++ b/sbin/update-ca-certificates
17@@ -37,11 +37,11 @@ do
18 shift
19 done
20
21-CERTSCONF=/etc/ca-certificates.conf
22-CERTSDIR=/usr/share/ca-certificates
23-LOCALCERTSDIR=/usr/local/share/ca-certificates
24+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
25+CERTSDIR=$SYSROOT/usr/share/ca-certificates
26+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
27 CERTBUNDLE=ca-certificates.crt
28-ETCCERTSDIR=/etc/ssl/certs
29+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
30
31 cleanup() {
32 rm -f "$TEMPBUNDLE"
33@@ -64,9 +64,9 @@ add() {
34 PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
35 -e 's/[()]/=/g' \
36 -e 's/,/_/g').pem"
37- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
38+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
39 then
40- ln -sf "$CERT" "$PEM"
41+ ln -sf "${CERT##$SYSROOT}" "$PEM"
42 echo +$PEM >> "$ADDED"
43 fi
44 cat "$CERT" >> "$TEMPBUNDLE"
45@@ -148,7 +148,7 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
46
47 echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
48
49-HOOKSDIR=/etc/ca-certificates/update.d
50+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
51 echo -n "Running hooks in $HOOKSDIR...."
52 VERBOSE_ARG=
53 [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
54--
551.7.10.4
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
new file mode 100644
index 0000000000..7e0ee4cd24
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,55 @@
1Upstream-Status: Pending
2
3update-ca-certificates: find SYSROOT relative to its own location
4
5This makes the script relocatable.
6
7--- ca-certificates-20130119.orig/sbin/update-ca-certificates
8+++ ca-certificates-20130119/sbin/update-ca-certificates
9@@ -37,11 +37,44 @@ do
10 shift
11 done
12
13-CERTSCONF=$SYSROOT/etc/ca-certificates.conf
14+if [ -z "$SYSROOT" ]; then
15+ local_which () {
16+ if [ $# -lt 1 ]; then
17+ return 1
18+ fi
19+
20+ (
21+ IFS=:
22+ for entry in $PATH; do
23+ if [ -x "$entry/$1" ]; then
24+ echo "$entry/$1"
25+ exit 0
26+ fi
27+ done
28+ exit 1
29+ )
30+ }
31+
32+ case "$0" in
33+ */*)
34+ sbindir=$(cd ${0%/*} && pwd)
35+ ;;
36+ *)
37+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
38+ ;;
39+ esac
40+ prefix=${sbindir%/*}
41+ SYSROOT=${prefix%/*}
42+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
43+ SYSROOT=
44+ fi
45+fi
46+
47 CERTSDIR=$SYSROOT/usr/share/ca-certificates
48+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
49+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
50 LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
51 CERTBUNDLE=ca-certificates.crt
52-ETCCERTSDIR=$SYSROOT/etc/ssl/certs
53
54 cleanup() {
55 rm -f "$TEMPBUNDLE"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
new file mode 100644
index 0000000000..a113fa8b15
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
1Upstream-Status: Pending
2
3Let us alter the install destination of the script via SBINDIR
4
5--- ca-certificates-20130119.orig/sbin/Makefile
6+++ ca-certificates-20130119/sbin/Makefile
7@@ -3,9 +3,12 @@
8 #
9 #
10
11+SBINDIR = /usr/sbin
12+
13 all:
14
15 clean:
16
17 install:
18- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
19+ install -d $(DESTDIR)$(SBINDIR)
20+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
new file mode 100644
index 0000000000..0692ca2499
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
@@ -0,0 +1,63 @@
1SUMMARY = "Common CA certificates"
2DESCRIPTION = "This package includes PEM files of CA certificates to allow \
3SSL-based applications to check for the authenticity of SSL connections."
4HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
5SECTION = "misc"
6LICENSE = "GPL-2.0+ & MPL-2.0"
7LIC_FILES_CHKSUM = "file://debian/copyright;md5=d8fc4ed45f01c31c87c9b496d4babcae"
8
9# This is needed to ensure we can run the postinst at image creation time
10DEPENDS = "ca-certificates-native"
11DEPENDS_class-native = ""
12
13# tag: debian/20130610
14SRCREV = "9f3c12784eaee1e2b005a23ce8b5c38e1e851404"
15
16SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
17 file://0001-update-ca-certificates-remove-c-rehash.patch \
18 file://0002-update-ca-certificates-use-SYSROOT.patch \
19 file://default-sysroot.patch \
20 file://sbindir.patch"
21S = "${WORKDIR}/git"
22
23inherit allarch
24
25EXTRA_OEMAKE = "\
26 'CERTSDIR=${datadir}/ca-certificates' \
27 'SBINDIR=${sbindir}' \
28"
29
30do_install () {
31 install -d ${D}${datadir}/ca-certificates \
32 ${D}${sysconfdir}/ssl/certs \
33 ${D}${sysconfdir}/ca-certificates/update.d
34 oe_runmake 'DESTDIR=${D}' install
35
36 install -d ${D}${mandir}/man8
37 install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
38
39 install -d ${D}${sysconfdir}
40 {
41 echo "# Lines starting with # will be ignored"
42 echo "# Lines starting with ! will remove certificate on next update"
43 echo "#"
44 find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
45 sed 's,^${D}${datadir}/ca-certificates/,,'
46 } >${D}${sysconfdir}/ca-certificates.conf
47}
48
49do_install_append_class-target () {
50 sed -i -e 's,/etc/,${sysconfdir}/,' \
51 -e 's,/usr/share/,${datadir}/,' \
52 -e 's,/usr/local,${prefix}/local,' \
53 ${D}${sbindir}/update-ca-certificates \
54 ${D}${mandir}/man8/update-ca-certificates.8
55}
56
57pkg_postinst_${PN} () {
58 SYSROOT="$D" update-ca-certificates
59}
60
61CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
62
63BBCLASSEXTEND += "native nativesdk"