summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/pinentry
diff options
context:
space:
mode:
authorAndré Draszik <andre.draszik@jci.com>2018-03-29 16:43:19 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-03-31 09:48:42 +0100
commit20e6d8762b11e53b91c1427b4652d6e9fce77899 (patch)
tree392b6bc256e6aa4e1ea3ec11025b1647fce3da7a /meta/recipes-support/pinentry
parent56bd66ee8e3f96622f9672efe660324fa66e93be (diff)
downloadpoky-20e6d8762b11e53b91c1427b4652d6e9fce77899.tar.gz
ca-certificates: use relative symlinks from $ETCCERTSDIR
update-ca-certificates symlinks (trusted) certificates from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR. update-ca-certificates can call hook scripts installed into /etc/ca-certificates/update.d. Those scripts are passed the pem file in /etc/ssl/certs/ that was added or removed in this run and those pem files are absolute symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment. When running update-ca-certificates during image build time, they thusly all point into the host's file system, not into the $SYSROOT. This means: * the host's file system layout must match the one produced by OE, and * it also means that the host must have installed the same (or more) certificates as the target in $CERTSDIR and $LOCALCERTSDIR This is a problem when wanting to execute hook scripts, because they all need to be taught about $SYSROOT, and behave differently depending on whether they're called at image build time, or on the target, as otherwise they will be trying to actually read the host's certificates from $CERTSDIR or $LOCALCERTSDIR. This also is a problem when running anything else during image build time that depends on the trusted CA certificates. Changing the symlink to be relative solves all of these problems. At the same time, we have to make sure to add $CERTSDIR to SYSROOT_DIRS, so that the symlinks are still valid when somebody DEPENDS on ca-certificates-native. As a side-effect, this also fixes a problem in meta-java, where some recipes (e.g. openjdk-8-native) try to access certificates from $CERTSDIR to generate the java trustStore at build time. Do so. Upstream-Status: Inappropriate [OE-specific] (From OE-Core rev: 09bb7718d74573be9a5db4d0737fb14126f6489c) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/pinentry')
0 files changed, 0 insertions, 0 deletions