diff options
Diffstat (limited to 'meta')
3 files changed, 2 insertions, 236 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh deleted file mode 100644 index 6620fdcb53..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh +++ /dev/null | |||
@@ -1,222 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | # Ben Secrest <blsecres@gmail.com> | ||
4 | # | ||
5 | # sh c_rehash script, scan all files in a directory | ||
6 | # and add symbolic links to their hash values. | ||
7 | # | ||
8 | # based on the c_rehash perl script distributed with openssl | ||
9 | # | ||
10 | # LICENSE: See OpenSSL license | ||
11 | # ^^acceptable?^^ | ||
12 | # | ||
13 | |||
14 | # default certificate location | ||
15 | DIR=/etc/openssl | ||
16 | |||
17 | # for filetype bitfield | ||
18 | IS_CERT=$(( 1 << 0 )) | ||
19 | IS_CRL=$(( 1 << 1 )) | ||
20 | |||
21 | |||
22 | # check to see if a file is a certificate file or a CRL file | ||
23 | # arguments: | ||
24 | # 1. the filename to be scanned | ||
25 | # returns: | ||
26 | # bitfield of file type; uses ${IS_CERT} and ${IS_CRL} | ||
27 | # | ||
28 | check_file() | ||
29 | { | ||
30 | local IS_TYPE=0 | ||
31 | |||
32 | # make IFS a newline so we can process grep output line by line | ||
33 | local OLDIFS=${IFS} | ||
34 | IFS=$( printf "\n" ) | ||
35 | |||
36 | # XXX: could be more efficient to have two 'grep -m' but is -m portable? | ||
37 | for LINE in $( grep '^-----BEGIN .*-----' ${1} ) | ||
38 | do | ||
39 | if echo ${LINE} \ | ||
40 | | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----' | ||
41 | then | ||
42 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} )) | ||
43 | |||
44 | if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
45 | then | ||
46 | break | ||
47 | fi | ||
48 | elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----' | ||
49 | then | ||
50 | IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} )) | ||
51 | |||
52 | if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
53 | then | ||
54 | break | ||
55 | fi | ||
56 | fi | ||
57 | done | ||
58 | |||
59 | # restore IFS | ||
60 | IFS=${OLDIFS} | ||
61 | |||
62 | return ${IS_TYPE} | ||
63 | } | ||
64 | |||
65 | |||
66 | # | ||
67 | # use openssl to fingerprint a file | ||
68 | # arguments: | ||
69 | # 1. the filename to fingerprint | ||
70 | # 2. the method to use (x509, crl) | ||
71 | # returns: | ||
72 | # none | ||
73 | # assumptions: | ||
74 | # user will capture output from last stage of pipeline | ||
75 | # | ||
76 | fingerprint() | ||
77 | { | ||
78 | ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':' | ||
79 | } | ||
80 | |||
81 | |||
82 | # | ||
83 | # link_hash - create links to certificate files | ||
84 | # arguments: | ||
85 | # 1. the filename to create a link for | ||
86 | # 2. the type of certificate being linked (x509, crl) | ||
87 | # returns: | ||
88 | # 0 on success, 1 otherwise | ||
89 | # | ||
90 | link_hash() | ||
91 | { | ||
92 | local FINGERPRINT=$( fingerprint ${1} ${2} ) | ||
93 | local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} ) | ||
94 | local SUFFIX=0 | ||
95 | local LINKFILE='' | ||
96 | local TAG='' | ||
97 | |||
98 | if [ ${2} = "crl" ] | ||
99 | then | ||
100 | TAG='r' | ||
101 | fi | ||
102 | |||
103 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
104 | |||
105 | while [ -f ${LINKFILE} ] | ||
106 | do | ||
107 | if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ] | ||
108 | then | ||
109 | echo "NOTE: Skipping duplicate file ${1}" >&2 | ||
110 | return 1 | ||
111 | fi | ||
112 | |||
113 | SUFFIX=$(( ${SUFFIX} + 1 )) | ||
114 | LINKFILE=${HASH}.${TAG}${SUFFIX} | ||
115 | done | ||
116 | |||
117 | echo "${3} => ${LINKFILE}" | ||
118 | |||
119 | # assume any system with a POSIX shell will either support symlinks or | ||
120 | # do something to handle this gracefully | ||
121 | ln -s ${3} ${LINKFILE} | ||
122 | |||
123 | return 0 | ||
124 | } | ||
125 | |||
126 | |||
127 | # hash_dir create hash links in a given directory | ||
128 | hash_dir() | ||
129 | { | ||
130 | echo "Doing ${1}" | ||
131 | |||
132 | cd ${1} | ||
133 | |||
134 | ls -1 * 2>/dev/null | while read FILE | ||
135 | do | ||
136 | if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \ | ||
137 | && [ -h "${FILE}" ] | ||
138 | then | ||
139 | rm ${FILE} | ||
140 | fi | ||
141 | done | ||
142 | |||
143 | ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE | ||
144 | do | ||
145 | REAL_FILE=${FILE} | ||
146 | # if we run on build host then get to the real files in rootfs | ||
147 | if [ -n "${SYSROOT}" -a -h ${FILE} ] | ||
148 | then | ||
149 | FILE=$( readlink ${FILE} ) | ||
150 | # check the symlink is absolute (or dangling in other word) | ||
151 | if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ] | ||
152 | then | ||
153 | REAL_FILE=${SYSROOT}/${FILE} | ||
154 | fi | ||
155 | fi | ||
156 | |||
157 | check_file ${REAL_FILE} | ||
158 | local FILE_TYPE=${?} | ||
159 | local TYPE_STR='' | ||
160 | |||
161 | if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ] | ||
162 | then | ||
163 | TYPE_STR='x509' | ||
164 | elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ] | ||
165 | then | ||
166 | TYPE_STR='crl' | ||
167 | else | ||
168 | echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2 | ||
169 | continue | ||
170 | fi | ||
171 | |||
172 | link_hash ${REAL_FILE} ${TYPE_STR} ${FILE} | ||
173 | done | ||
174 | } | ||
175 | |||
176 | |||
177 | # choose the name of an ssl application | ||
178 | if [ -n "${OPENSSL}" ] | ||
179 | then | ||
180 | SSL_CMD=$(which ${OPENSSL} 2>/dev/null) | ||
181 | else | ||
182 | SSL_CMD=/usr/bin/openssl | ||
183 | OPENSSL=${SSL_CMD} | ||
184 | export OPENSSL | ||
185 | fi | ||
186 | |||
187 | # fix paths | ||
188 | PATH=${PATH}:${DIR}/bin | ||
189 | export PATH | ||
190 | |||
191 | # confirm existance/executability of ssl command | ||
192 | if ! [ -x ${SSL_CMD} ] | ||
193 | then | ||
194 | echo "${0}: rehashing skipped ('openssl' program not available)" >&2 | ||
195 | exit 0 | ||
196 | fi | ||
197 | |||
198 | # determine which directories to process | ||
199 | old_IFS=$IFS | ||
200 | if [ ${#} -gt 0 ] | ||
201 | then | ||
202 | IFS=':' | ||
203 | DIRLIST=${*} | ||
204 | elif [ -n "${SSL_CERT_DIR}" ] | ||
205 | then | ||
206 | DIRLIST=$SSL_CERT_DIR | ||
207 | else | ||
208 | DIRLIST=${DIR}/certs | ||
209 | fi | ||
210 | |||
211 | IFS=':' | ||
212 | |||
213 | # process directories | ||
214 | for CERT_DIR in ${DIRLIST} | ||
215 | do | ||
216 | if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ] | ||
217 | then | ||
218 | IFS=$old_IFS | ||
219 | hash_dir ${CERT_DIR} | ||
220 | IFS=':' | ||
221 | fi | ||
222 | done | ||
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb index 5c5e291c1b..2e536e5d2a 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb | |||
@@ -13,7 +13,6 @@ DEPENDS = "hostperl-runtime-native" | |||
13 | 13 | ||
14 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | 14 | SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ |
15 | file://run-ptest \ | 15 | file://run-ptest \ |
16 | file://openssl-c_rehash.sh \ | ||
17 | file://0001-skip-test_symbol_presence.patch \ | 16 | file://0001-skip-test_symbol_presence.patch \ |
18 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ | 17 | file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ |
19 | file://afalg.patch \ | 18 | file://afalg.patch \ |
@@ -150,12 +149,6 @@ do_install_append_class-native () { | |||
150 | SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ | 149 | SSL_CERT_DIR=${libdir}/ssl-1.1/certs \ |
151 | SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ | 150 | SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \ |
152 | OPENSSL_ENGINES=${libdir}/ssl-1.1/engines | 151 | OPENSSL_ENGINES=${libdir}/ssl-1.1/engines |
153 | |||
154 | # Install a custom version of c_rehash that can handle sysroots properly. | ||
155 | # This version is used for example when installing ca-certificates during | ||
156 | # image creation. | ||
157 | install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash | ||
158 | sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash | ||
159 | } | 152 | } |
160 | 153 | ||
161 | do_install_append_class-nativesdk () { | 154 | do_install_append_class-nativesdk () { |
@@ -197,14 +190,13 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}" | |||
197 | FILES_libssl = "${libdir}/libssl${SOLIBS}" | 190 | FILES_libssl = "${libdir}/libssl${SOLIBS}" |
198 | FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" | 191 | FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" |
199 | FILES_${PN}-engines = "${libdir}/engines-1.1" | 192 | FILES_${PN}-engines = "${libdir}/engines-1.1" |
200 | FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash" | 193 | FILES_${PN}-misc = "${libdir}/ssl-1.1/misc" |
201 | FILES_${PN} =+ "${libdir}/ssl-1.1/*" | 194 | FILES_${PN} =+ "${libdir}/ssl-1.1/*" |
202 | FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" | 195 | FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh" |
203 | 196 | ||
204 | CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" | 197 | CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" |
205 | 198 | ||
206 | RRECOMMENDS_libcrypto += "openssl-conf" | 199 | RRECOMMENDS_libcrypto += "openssl-conf" |
207 | RDEPENDS_${PN}-misc = "perl" | ||
208 | RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" | 200 | RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash" |
209 | 201 | ||
210 | RPROVIDES_openssl-conf = "openssl10-conf" | 202 | RPROVIDES_openssl-conf = "openssl10-conf" |
@@ -212,7 +204,3 @@ RREPLACES_openssl-conf = "openssl10-conf" | |||
212 | RCONFLICTS_openssl-conf = "openssl10-conf" | 204 | RCONFLICTS_openssl-conf = "openssl10-conf" |
213 | 205 | ||
214 | BBCLASSEXTEND = "native nativesdk" | 206 | BBCLASSEXTEND = "native nativesdk" |
215 | |||
216 | inherit multilib_script | ||
217 | |||
218 | MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash" | ||
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb index b9f57900c8..4c0425302f 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb | |||
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308 | |||
11 | DEPENDS = "" | 11 | DEPENDS = "" |
12 | DEPENDS_class-native = "openssl-native" | 12 | DEPENDS_class-native = "openssl-native" |
13 | DEPENDS_class-nativesdk = "openssl-native" | 13 | DEPENDS_class-nativesdk = "openssl-native" |
14 | # Need c_rehash from openssl and run-parts from debianutils | 14 | # Need rehash from openssl and run-parts from debianutils |
15 | PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" | 15 | PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" |
16 | 16 | ||
17 | SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" | 17 | SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" |