diff options
author | Christopher Larson <chris_larson@mentor.com> | 2013-08-23 12:26:14 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-08-26 11:29:46 +0100 |
commit | 2413ff05ba98fc8b44bf1acd666950d252e6a1e9 (patch) | |
tree | 8a01efc3b795f86777bcf06c3a040b165079ba36 /meta/recipes-support/ca-certificates | |
parent | f541b7388cebaceee5867825d250c568b2b1db3c (diff) | |
download | poky-2413ff05ba98fc8b44bf1acd666950d252e6a1e9.tar.gz |
ca-certificates: add recipe (version 20130610)
We need this for certain nativesdk recipes, as we can't rely on the
certificate path or bundle path being the same across distros, and it's useful
in many cases on the target as well.
This is based on the 20130119 recipe from meta-oe, with the following changes:
- use the debian git repository to avoid vanishing sources
- obey our target paths
- default to a sysroot relative to the script location (make relocatable)
- define SUMMARY
- don't inherit autotools, this isn't an autotools package
- add MPL-2.0 to LICENSE, as that's the license of the certdata
- install the script man page
- use a native rather than cross recipe, as it's not bound in any way to the
target system
- add nativesdk to bbclassextend, for use in SDKs
(From OE-Core rev: ad2851cf0abc2ab35e0f60c96d3142c29a07c8fc)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/ca-certificates')
5 files changed, 239 insertions, 0 deletions
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch new file mode 100644 index 0000000000..bf027233d1 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001 | ||
4 | From: Ulf Samuelsson <ulf@emagii.com> | ||
5 | Date: Tue, 28 Feb 2012 06:42:58 +0100 | ||
6 | Subject: [PATCH] update-ca-certificates: remove c rehash | ||
7 | |||
8 | Updated earlier patch to apply clean on 2012-02-12 | ||
9 | Signed-off-by: Ulf Samuelsson <ulf@emagii.com> | ||
10 | --- | ||
11 | sbin/update-ca-certificates | 20 ++++++++++---------- | ||
12 | 1 files changed, 10 insertions(+), 10 deletions(-) | ||
13 | |||
14 | diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates | ||
15 | index 5375950..c567e3d 100755 | ||
16 | --- a/sbin/update-ca-certificates | ||
17 | +++ b/sbin/update-ca-certificates | ||
18 | @@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE" | ||
19 | ADDED_CNT=$(wc -l < "$ADDED") | ||
20 | REMOVED_CNT=$(wc -l < "$REMOVED") | ||
21 | |||
22 | -if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] | ||
23 | -then | ||
24 | - # only run if set of files has changed | ||
25 | - if [ "$verbose" = 0 ] | ||
26 | - then | ||
27 | - c_rehash . > /dev/null | ||
28 | - else | ||
29 | - c_rehash . | ||
30 | - fi | ||
31 | -fi | ||
32 | +#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] | ||
33 | +#then | ||
34 | +# # only run if set of files has changed | ||
35 | +# if [ "$verbose" = 0 ] | ||
36 | +# then | ||
37 | +# c_rehash . > /dev/null | ||
38 | +# else | ||
39 | +# c_rehash . | ||
40 | +# fi | ||
41 | +#fi | ||
42 | |||
43 | chmod 0644 "$TEMPBUNDLE" | ||
44 | mv -f "$TEMPBUNDLE" "$CERTBUNDLE" | ||
45 | -- | ||
46 | 1.7.4.1 | ||
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch new file mode 100644 index 0000000000..f4c84fea44 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001 | ||
4 | From: Andreas Oberritter <obi@opendreambox.org> | ||
5 | Date: Tue, 19 Mar 2013 17:14:33 +0100 | ||
6 | Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT | ||
7 | |||
8 | Signed-off-by: Andreas Oberritter <obi@opendreambox.org> | ||
9 | --- | ||
10 | sbin/update-ca-certificates | 14 +++++++------- | ||
11 | 1 file changed, 7 insertions(+), 7 deletions(-) | ||
12 | |||
13 | diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates | ||
14 | index c567e3d..923b68a 100755 | ||
15 | --- a/sbin/update-ca-certificates | ||
16 | +++ b/sbin/update-ca-certificates | ||
17 | @@ -37,11 +37,11 @@ do | ||
18 | shift | ||
19 | done | ||
20 | |||
21 | -CERTSCONF=/etc/ca-certificates.conf | ||
22 | -CERTSDIR=/usr/share/ca-certificates | ||
23 | -LOCALCERTSDIR=/usr/local/share/ca-certificates | ||
24 | +CERTSCONF=$SYSROOT/etc/ca-certificates.conf | ||
25 | +CERTSDIR=$SYSROOT/usr/share/ca-certificates | ||
26 | +LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates | ||
27 | CERTBUNDLE=ca-certificates.crt | ||
28 | -ETCCERTSDIR=/etc/ssl/certs | ||
29 | +ETCCERTSDIR=$SYSROOT/etc/ssl/certs | ||
30 | |||
31 | cleanup() { | ||
32 | rm -f "$TEMPBUNDLE" | ||
33 | @@ -64,9 +64,9 @@ add() { | ||
34 | PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \ | ||
35 | -e 's/[()]/=/g' \ | ||
36 | -e 's/,/_/g').pem" | ||
37 | - if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] | ||
38 | + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ] | ||
39 | then | ||
40 | - ln -sf "$CERT" "$PEM" | ||
41 | + ln -sf "${CERT##$SYSROOT}" "$PEM" | ||
42 | echo +$PEM >> "$ADDED" | ||
43 | fi | ||
44 | cat "$CERT" >> "$TEMPBUNDLE" | ||
45 | @@ -148,7 +148,7 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE" | ||
46 | |||
47 | echo "$ADDED_CNT added, $REMOVED_CNT removed; done." | ||
48 | |||
49 | -HOOKSDIR=/etc/ca-certificates/update.d | ||
50 | +HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d | ||
51 | echo -n "Running hooks in $HOOKSDIR...." | ||
52 | VERBOSE_ARG= | ||
53 | [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose | ||
54 | -- | ||
55 | 1.7.10.4 | ||
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch new file mode 100644 index 0000000000..7e0ee4cd24 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch | |||
@@ -0,0 +1,55 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | update-ca-certificates: find SYSROOT relative to its own location | ||
4 | |||
5 | This makes the script relocatable. | ||
6 | |||
7 | --- ca-certificates-20130119.orig/sbin/update-ca-certificates | ||
8 | +++ ca-certificates-20130119/sbin/update-ca-certificates | ||
9 | @@ -37,11 +37,44 @@ do | ||
10 | shift | ||
11 | done | ||
12 | |||
13 | -CERTSCONF=$SYSROOT/etc/ca-certificates.conf | ||
14 | +if [ -z "$SYSROOT" ]; then | ||
15 | + local_which () { | ||
16 | + if [ $# -lt 1 ]; then | ||
17 | + return 1 | ||
18 | + fi | ||
19 | + | ||
20 | + ( | ||
21 | + IFS=: | ||
22 | + for entry in $PATH; do | ||
23 | + if [ -x "$entry/$1" ]; then | ||
24 | + echo "$entry/$1" | ||
25 | + exit 0 | ||
26 | + fi | ||
27 | + done | ||
28 | + exit 1 | ||
29 | + ) | ||
30 | + } | ||
31 | + | ||
32 | + case "$0" in | ||
33 | + */*) | ||
34 | + sbindir=$(cd ${0%/*} && pwd) | ||
35 | + ;; | ||
36 | + *) | ||
37 | + sbindir=$(cd $(dirname $(local_which $0)) && pwd) | ||
38 | + ;; | ||
39 | + esac | ||
40 | + prefix=${sbindir%/*} | ||
41 | + SYSROOT=${prefix%/*} | ||
42 | + if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then | ||
43 | + SYSROOT= | ||
44 | + fi | ||
45 | +fi | ||
46 | + | ||
47 | CERTSDIR=$SYSROOT/usr/share/ca-certificates | ||
48 | +CERTSCONF=$SYSROOT/etc/ca-certificates.conf | ||
49 | +ETCCERTSDIR=$SYSROOT/etc/ssl/certs | ||
50 | LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates | ||
51 | CERTBUNDLE=ca-certificates.crt | ||
52 | -ETCCERTSDIR=$SYSROOT/etc/ssl/certs | ||
53 | |||
54 | cleanup() { | ||
55 | rm -f "$TEMPBUNDLE" | ||
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch new file mode 100644 index 0000000000..a113fa8b15 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch | |||
@@ -0,0 +1,20 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | Let us alter the install destination of the script via SBINDIR | ||
4 | |||
5 | --- ca-certificates-20130119.orig/sbin/Makefile | ||
6 | +++ ca-certificates-20130119/sbin/Makefile | ||
7 | @@ -3,9 +3,12 @@ | ||
8 | # | ||
9 | # | ||
10 | |||
11 | +SBINDIR = /usr/sbin | ||
12 | + | ||
13 | all: | ||
14 | |||
15 | clean: | ||
16 | |||
17 | install: | ||
18 | - install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ | ||
19 | + install -d $(DESTDIR)$(SBINDIR) | ||
20 | + install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ | ||
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb new file mode 100644 index 0000000000..0692ca2499 --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb | |||
@@ -0,0 +1,63 @@ | |||
1 | SUMMARY = "Common CA certificates" | ||
2 | DESCRIPTION = "This package includes PEM files of CA certificates to allow \ | ||
3 | SSL-based applications to check for the authenticity of SSL connections." | ||
4 | HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" | ||
5 | SECTION = "misc" | ||
6 | LICENSE = "GPL-2.0+ & MPL-2.0" | ||
7 | LIC_FILES_CHKSUM = "file://debian/copyright;md5=d8fc4ed45f01c31c87c9b496d4babcae" | ||
8 | |||
9 | # This is needed to ensure we can run the postinst at image creation time | ||
10 | DEPENDS = "ca-certificates-native" | ||
11 | DEPENDS_class-native = "" | ||
12 | |||
13 | # tag: debian/20130610 | ||
14 | SRCREV = "9f3c12784eaee1e2b005a23ce8b5c38e1e851404" | ||
15 | |||
16 | SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \ | ||
17 | file://0001-update-ca-certificates-remove-c-rehash.patch \ | ||
18 | file://0002-update-ca-certificates-use-SYSROOT.patch \ | ||
19 | file://default-sysroot.patch \ | ||
20 | file://sbindir.patch" | ||
21 | S = "${WORKDIR}/git" | ||
22 | |||
23 | inherit allarch | ||
24 | |||
25 | EXTRA_OEMAKE = "\ | ||
26 | 'CERTSDIR=${datadir}/ca-certificates' \ | ||
27 | 'SBINDIR=${sbindir}' \ | ||
28 | " | ||
29 | |||
30 | do_install () { | ||
31 | install -d ${D}${datadir}/ca-certificates \ | ||
32 | ${D}${sysconfdir}/ssl/certs \ | ||
33 | ${D}${sysconfdir}/ca-certificates/update.d | ||
34 | oe_runmake 'DESTDIR=${D}' install | ||
35 | |||
36 | install -d ${D}${mandir}/man8 | ||
37 | install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ | ||
38 | |||
39 | install -d ${D}${sysconfdir} | ||
40 | { | ||
41 | echo "# Lines starting with # will be ignored" | ||
42 | echo "# Lines starting with ! will remove certificate on next update" | ||
43 | echo "#" | ||
44 | find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ | ||
45 | sed 's,^${D}${datadir}/ca-certificates/,,' | ||
46 | } >${D}${sysconfdir}/ca-certificates.conf | ||
47 | } | ||
48 | |||
49 | do_install_append_class-target () { | ||
50 | sed -i -e 's,/etc/,${sysconfdir}/,' \ | ||
51 | -e 's,/usr/share/,${datadir}/,' \ | ||
52 | -e 's,/usr/local,${prefix}/local,' \ | ||
53 | ${D}${sbindir}/update-ca-certificates \ | ||
54 | ${D}${mandir}/man8/update-ca-certificates.8 | ||
55 | } | ||
56 | |||
57 | pkg_postinst_${PN} () { | ||
58 | SYSROOT="$D" update-ca-certificates | ||
59 | } | ||
60 | |||
61 | CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" | ||
62 | |||
63 | BBCLASSEXTEND += "native nativesdk" | ||