summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/ca-certificates/ca-certificates
Commit message (Collapse)AuthorAgeFilesLines
* ca-certificates: update 20210119 -> 20211016Alexander Kanavin2021-11-033-59/+80
| | | | | | | | | | | (From OE-Core rev: 43aa25b523b2c11ce483ea22435196dfca259b30) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c479b8a810d966d7267af1b4dac38a46f55fc547) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Clean up two patches and submit upstreamRichard Purdie2021-03-102-13/+18
| | | | | | | | | (From OE-Core rev: 52a912ae4951a9040257b9ce5dd600390a7d8133) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f3eabbb5c15fb55ae3d46b2377c09bb58226d965) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: upgrade 20200601 -> 20210119zhengruoqin2021-02-101-37/+0
| | | | | | | | | | | | | 0001-certdata2pem.py-use-python3.patch removed since it is included in 20210119 (From OE-Core rev: 2a558ee61a2452a209d39cd1528a309c549c0f4e) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit afd86357e07f69090eaff4c5db2c517867dd4ccf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: use python 3 for buildsAlexander Kanavin2019-09-011-0/+37
| | | | | | | (From OE-Core rev: 8157c6d32e2af67211eb8fcd048a0771f10f7b26) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: use relative symlinks from $ETCCERTSDIRAndré Draszik2018-03-311-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | update-ca-certificates symlinks (trusted) certificates from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR. update-ca-certificates can call hook scripts installed into /etc/ca-certificates/update.d. Those scripts are passed the pem file in /etc/ssl/certs/ that was added or removed in this run and those pem files are absolute symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment. When running update-ca-certificates during image build time, they thusly all point into the host's file system, not into the $SYSROOT. This means: * the host's file system layout must match the one produced by OE, and * it also means that the host must have installed the same (or more) certificates as the target in $CERTSDIR and $LOCALCERTSDIR This is a problem when wanting to execute hook scripts, because they all need to be taught about $SYSROOT, and behave differently depending on whether they're called at image build time, or on the target, as otherwise they will be trying to actually read the host's certificates from $CERTSDIR or $LOCALCERTSDIR. This also is a problem when running anything else during image build time that depends on the trusted CA certificates. Changing the symlink to be relative solves all of these problems. At the same time, we have to make sure to add $CERTSDIR to SYSROOT_DIRS, so that the symlinks are still valid when somebody DEPENDS on ca-certificates-native. As a side-effect, this also fixes a problem in meta-java, where some recipes (e.g. openjdk-8-native) try to access certificates from $CERTSDIR to generate the java trustStore at build time. Do so. Upstream-Status: Inappropriate [OE-specific] (From OE-Core rev: 09bb7718d74573be9a5db4d0737fb14126f6489c) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: remove -- separatorMaciej Borzecki2016-08-101-1/+5
| | | | | | | | | | | Options and directory separator -- slipped past the patch removing Debianims, thus resulting in failures on hosts running Fedora. (From OE-Core rev: a8431689983f5860173548acd899e6806906e4d1) Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Use c_rehash utilityOtavio Salvador2016-05-251-46/+0
| | | | | | | | | | As now the c_rehash utility is available, we can use it. This removes the patch to disable its usage allowing for a standard SSL behaviour. (From OE-Core rev: cea46e7b8d9463306779301fa97f651d750f380f) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: support ToyboxPatrick Ohly2016-04-181-0/+34
| | | | | | | | | | | "mktemp -t" is deprecated and does not work when using Toybox. Replace with something that works also with Toybox. (From OE-Core rev: 8d47d075ca02612fe16e403be1aa2079edc3ef5f) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Update 20141019 -> 20150426Khem Raj2015-08-103-47/+35
| | | | | | | | | | Older SRCREV was not fetchable which triggered this upgrade Change-Id: I85d028294ff0018f4c81c6bb81ae262b18af7a87 (From OE-Core rev: 39c759cd43f4e4371ef9654bf4d821436a5eaebf) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: remove Debianism in run-parts invocationRoss Burton2015-07-081-0/+33
| | | | | | | | | | | | | | ca-certificates comes from Debian but not all distros (i.e. Fedora) have a leaner run-parts that doesn't support the -- separator between options and paths, which causes this error: | Running hooks in [...]/rootfs/etc/ca-certificates/update.d... | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found (From OE-Core rev: db2116e7a06c6a35d1d24d9f28ec60926d59b9d7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Upgrade to 20141019 (git based)Saul Wold2015-02-082-240/+8
| | | | | | | | | | | Rebase default-sysroot patch Remove backported Mozilla certdata patch License has not changed, just wording. (From OE-Core rev: 33222af134c465791ed84eccd61bbc2b69ad81f1) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Update to 20140325Saul Wold2014-06-251-0/+227
| | | | | | | | | | | | | | Changes to debian/copyright: Update to "Copyright: Mozilla Contributors" for mozilla/{certdata.txt,nssckbi.h} Backported on additional patch from ca-certificates tree [YOCTO #6454] (From OE-Core rev: 3af33d60f03afb19543247b5350137ff3a7ee7e0) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: add recipe (version 20130610)Christopher Larson2013-08-264-0/+176
We need this for certain nativesdk recipes, as we can't rely on the certificate path or bundle path being the same across distros, and it's useful in many cases on the target as well. This is based on the 20130119 recipe from meta-oe, with the following changes: - use the debian git repository to avoid vanishing sources - obey our target paths - default to a sysroot relative to the script location (make relocatable) - define SUMMARY - don't inherit autotools, this isn't an autotools package - add MPL-2.0 to LICENSE, as that's the license of the certdata - install the script man page - use a native rather than cross recipe, as it's not bound in any way to the target system - add nativesdk to bbclassextend, for use in SDKs (From OE-Core rev: ad2851cf0abc2ab35e0f60c96d3142c29a07c8fc) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-12 13:18:55 +0000