3 files changed, 2 insertions, 236 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
deleted file mode 100644
index 6620fdcb53..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh
+++ /dev/null
@@ -1,222 +0,0 @@
-#!/bin/sh
-#
-# Ben Secrest <blsecres@gmail.com>
-#
-# sh c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-#
-# based on the c_rehash perl script distributed with openssl
-#
-# LICENSE: See OpenSSL license
-# ^^acceptable?^^
-#
-# default certificate location
-DIR=/etc/openssl
-# for filetype bitfield
-IS_CERT=$(( 1 << 0 ))
-IS_CRL=$(( 1 << 1 ))
-# check to see if a file is a certificate file or a CRL file
-# arguments:
-#       1. the filename to be scanned
-# returns:
-#       bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
-#
-check_file()
-{
-    local IS_TYPE=0
-    # make IFS a newline so we can process grep output line by line
-    local OLDIFS=${IFS}
-    IFS=$( printf "\n" )
-    # XXX: could be more efficient to have two 'grep -m' but is -m portable?
-    for LINE in $( grep '^-----BEGIN .*-----' ${1} )
-    do
-        if echo ${LINE} \
-            | grep -q -E '^-----BEGIN (X509 |TRUSTED )?CERTIFICATE-----'
-        then
-            IS_TYPE=$(( ${IS_TYPE} | ${IS_CERT} ))
-            if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
-            then
-                break
-            fi
-        elif echo ${LINE} | grep -q '^-----BEGIN X509 CRL-----'
-        then
-            IS_TYPE=$(( ${IS_TYPE} | ${IS_CRL} ))
-            if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
-            then
-                break
-            fi
-        fi
-    done
-    # restore IFS
-    IFS=${OLDIFS}
-    return ${IS_TYPE}
-}
-#
-# use openssl to fingerprint a file
-#    arguments:
-#       1. the filename to fingerprint
-#       2. the method to use (x509, crl)
-#    returns:
-#       none
-#    assumptions:
-#       user will capture output from last stage of pipeline
-#
-fingerprint()
-{
-    ${SSL_CMD} ${2} -fingerprint -noout -in ${1} | sed 's/^.*=//' | tr -d ':'
-}
-#
-# link_hash - create links to certificate files
-#    arguments:
-#       1. the filename to create a link for
-#       2. the type of certificate being linked (x509, crl)
-#    returns:
-#       0 on success, 1 otherwise
-#
-link_hash()
-{
-    local FINGERPRINT=$( fingerprint ${1} ${2} )
-    local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
-    local SUFFIX=0
-    local LINKFILE=''
-    local TAG=''
-    if [ ${2} = "crl" ]
-    then
-        TAG='r'
-    fi
-    LINKFILE=${HASH}.${TAG}${SUFFIX}
-    while [ -f ${LINKFILE} ]
-    do
-        if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
-        then
-            echo "NOTE: Skipping duplicate file ${1}" >&2
-            return 1
-        fi      
-        SUFFIX=$(( ${SUFFIX} + 1 ))
-        LINKFILE=${HASH}.${TAG}${SUFFIX}
-    done
-    echo "${3} => ${LINKFILE}"
-    # assume any system with a POSIX shell will either support symlinks or
-    # do something to handle this gracefully
-    ln -s ${3} ${LINKFILE}
-    return 0
-}
-# hash_dir create hash links in a given directory
-hash_dir()
-{
-    echo "Doing ${1}"
-    cd ${1}
-    ls -1 * 2>/dev/null | while read FILE
-    do
-        if echo ${FILE} | grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
-                && [ -h "${FILE}" ]
-        then
-            rm ${FILE}
-        fi
-    done
-    ls -1 *.pem *.cer *.crt *.crl 2>/dev/null | while read FILE
-    do
-        REAL_FILE=${FILE}
-        # if we run on build host then get to the real files in rootfs
-        if [ -n "${SYSROOT}" -a -h ${FILE} ]
-        then
-            FILE=$( readlink ${FILE} )
-            # check the symlink is absolute (or dangling in other word)
-            if [ "x/" = "x$( echo ${FILE} | cut -c1 -)" ]
-            then
-                REAL_FILE=${SYSROOT}/${FILE}
-            fi
-        fi
-        check_file ${REAL_FILE}
-        local FILE_TYPE=${?}
-        local TYPE_STR=''
-        if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
-        then
-            TYPE_STR='x509'
-        elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
-        then
-            TYPE_STR='crl'
-        else
-            echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
-            continue
-        fi
-        link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
-    done
-}
-# choose the name of an ssl application
-if [ -n "${OPENSSL}" ]
-then
-    SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
-else
-    SSL_CMD=/usr/bin/openssl
-    OPENSSL=${SSL_CMD}
-    export OPENSSL
-fi
-# fix paths
-PATH=${PATH}:${DIR}/bin
-export PATH
-# confirm existance/executability of ssl command
-if ! [ -x ${SSL_CMD} ]
-then
-    echo "${0}: rehashing skipped ('openssl' program not available)" >&2
-    exit 0
-fi
-# determine which directories to process
-old_IFS=$IFS
-if [ ${#} -gt 0 ]
-then
-    IFS=':'
-    DIRLIST=${*}
-elif [ -n "${SSL_CERT_DIR}" ]
-then
-    DIRLIST=$SSL_CERT_DIR
-else
-    DIRLIST=${DIR}/certs
-fi
-IFS=':'
-# process directories
-for CERT_DIR in ${DIRLIST}
-do
-    if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
-    then
-        IFS=$old_IFS
-        hash_dir ${CERT_DIR}
-        IFS=':'
-    fi
-done
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
index 5c5e291c1b..2e536e5d2a 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
@@ -13,7 +13,6 @@ DEPENDS = "hostperl-runtime-native"
 SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
           file://run-ptest \
-           file://openssl-c_rehash.sh \
           file://0001-skip-test_symbol_presence.patch \
           file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
           file://afalg.patch \
@@ -150,12 +149,6 @@ do_install_append_class-native () {
            SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
            SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
            OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
-        # Install a custom version of c_rehash that can handle sysroots properly.
-        # This version is used for example when installing ca-certificates during
-        # image creation.
-        install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
-        sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
 }
 do_install_append_class-nativesdk () {
@@ -197,14 +190,13 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
 FILES_libssl = "${libdir}/libssl${SOLIBS}"
 FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 FILES_${PN}-engines = "${libdir}/engines-1.1"
-FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"
+FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
 FILES_${PN} =+ "${libdir}/ssl-1.1/*"
 FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
 CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
-RDEPENDS_${PN}-misc = "perl"
 RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
 RPROVIDES_openssl-conf = "openssl10-conf"
@@ -212,7 +204,3 @@ RREPLACES_openssl-conf = "openssl10-conf"
 RCONFLICTS_openssl-conf = "openssl10-conf"
 BBCLASSEXTEND = "native nativesdk"
-inherit multilib_script
-MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
index b9f57900c8..4c0425302f 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308
 DEPENDS = ""
 DEPENDS_class-native = "openssl-native"
 DEPENDS_class-nativesdk = "openssl-native"
-# Need c_rehash from openssl and run-parts from debianutils
+# Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"

diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh b/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh deleted file mode 100644 index 6620fdcb53..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh +++ /dev/null
@@ -1,222 +0,0 @@
1	#!/bin/sh
2	#
3	# Ben Secrest <blsecres@gmail.com>
4	#
5	# sh c_rehash script, scan all files in a directory
6	# and add symbolic links to their hash values.
7	#
8	# based on the c_rehash perl script distributed with openssl
9	#
10	# LICENSE: See OpenSSL license
11	# ^^acceptable?^^
12	#
13
14	# default certificate location
15	DIR=/etc/openssl
16
17	# for filetype bitfield
18	IS_CERT=$(( 1 << 0 ))
19	IS_CRL=$(( 1 << 1 ))
20
21
22	# check to see if a file is a certificate file or a CRL file
23	# arguments:
24	# 1. the filename to be scanned
25	# returns:
26	# bitfield of file type; uses ${IS_CERT} and ${IS_CRL}
27	#
28	check_file()
29	{
30	local IS_TYPE=0
31
32	# make IFS a newline so we can process grep output line by line
33	local OLDIFS=${IFS}
34	IFS=$( printf "\n" )
35
36	# XXX: could be more efficient to have two 'grep -m' but is -m portable?
37	for LINE in $( grep '^-----BEGIN .*-----' ${1} )
38	do
39	if echo ${LINE} \
40	\| grep -q -E '^-----BEGIN (X509 \|TRUSTED )?CERTIFICATE-----'
41	then
42	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CERT} ))
43
44	if [ $(( ${IS_TYPE} & ${IS_CRL} )) -ne 0 ]
45	then
46	break
47	fi
48	elif echo ${LINE} \| grep -q '^-----BEGIN X509 CRL-----'
49	then
50	IS_TYPE=$(( ${IS_TYPE} \| ${IS_CRL} ))
51
52	if [ $(( ${IS_TYPE} & ${IS_CERT} )) -ne 0 ]
53	then
54	break
55	fi
56	fi
57	done
58
59	# restore IFS
60	IFS=${OLDIFS}
61
62	return ${IS_TYPE}
63	}
64
65
66	#
67	# use openssl to fingerprint a file
68	# arguments:
69	# 1. the filename to fingerprint
70	# 2. the method to use (x509, crl)
71	# returns:
72	# none
73	# assumptions:
74	# user will capture output from last stage of pipeline
75	#
76	fingerprint()
77	{
78	${SSL_CMD} ${2} -fingerprint -noout -in ${1} \| sed 's/^.*=//' \| tr -d ':'
79	}
80
81
82	#
83	# link_hash - create links to certificate files
84	# arguments:
85	# 1. the filename to create a link for
86	# 2. the type of certificate being linked (x509, crl)
87	# returns:
88	# 0 on success, 1 otherwise
89	#
90	link_hash()
91	{
92	local FINGERPRINT=$( fingerprint ${1} ${2} )
93	local HASH=$( ${SSL_CMD} ${2} -hash -noout -in ${1} )
94	local SUFFIX=0
95	local LINKFILE=''
96	local TAG=''
97
98	if [ ${2} = "crl" ]
99	then
100	TAG='r'
101	fi
102
103	LINKFILE=${HASH}.${TAG}${SUFFIX}
104
105	while [ -f ${LINKFILE} ]
106	do
107	if [ ${FINGERPRINT} = $( fingerprint ${LINKFILE} ${2} ) ]
108	then
109	echo "NOTE: Skipping duplicate file ${1}" >&2
110	return 1
111	fi
112
113	SUFFIX=$(( ${SUFFIX} + 1 ))
114	LINKFILE=${HASH}.${TAG}${SUFFIX}
115	done
116
117	echo "${3} => ${LINKFILE}"
118
119	# assume any system with a POSIX shell will either support symlinks or
120	# do something to handle this gracefully
121	ln -s ${3} ${LINKFILE}
122
123	return 0
124	}
125
126
127	# hash_dir create hash links in a given directory
128	hash_dir()
129	{
130	echo "Doing ${1}"
131
132	cd ${1}
133
134	ls -1 * 2>/dev/null \| while read FILE
135	do
136	if echo ${FILE} \| grep -q -E '^[[:xdigit:]]{8}\.r?[[:digit:]]+$' \
137	&& [ -h "${FILE}" ]
138	then
139	rm ${FILE}
140	fi
141	done
142
143	ls -1 .pem .cer .crt .crl 2>/dev/null \| while read FILE
144	do
145	REAL_FILE=${FILE}
146	# if we run on build host then get to the real files in rootfs
147	if [ -n "${SYSROOT}" -a -h ${FILE} ]
148	then
149	FILE=$( readlink ${FILE} )
150	# check the symlink is absolute (or dangling in other word)
151	if [ "x/" = "x$( echo ${FILE} \| cut -c1 -)" ]
152	then
153	REAL_FILE=${SYSROOT}/${FILE}
154	fi
155	fi
156
157	check_file ${REAL_FILE}
158	local FILE_TYPE=${?}
159	local TYPE_STR=''
160
161	if [ $(( ${FILE_TYPE} & ${IS_CERT} )) -ne 0 ]
162	then
163	TYPE_STR='x509'
164	elif [ $(( ${FILE_TYPE} & ${IS_CRL} )) -ne 0 ]
165	then
166	TYPE_STR='crl'
167	else
168	echo "NOTE: ${FILE} does not contain a certificate or CRL: skipping" >&2
169	continue
170	fi
171
172	link_hash ${REAL_FILE} ${TYPE_STR} ${FILE}
173	done
174	}
175
176
177	# choose the name of an ssl application
178	if [ -n "${OPENSSL}" ]
179	then
180	SSL_CMD=$(which ${OPENSSL} 2>/dev/null)
181	else
182	SSL_CMD=/usr/bin/openssl
183	OPENSSL=${SSL_CMD}
184	export OPENSSL
185	fi
186
187	# fix paths
188	PATH=${PATH}:${DIR}/bin
189	export PATH
190
191	# confirm existance/executability of ssl command
192	if ! [ -x ${SSL_CMD} ]
193	then
194	echo "${0}: rehashing skipped ('openssl' program not available)" >&2
195	exit 0
196	fi
197
198	# determine which directories to process
199	old_IFS=$IFS
200	if [ ${#} -gt 0 ]
201	then
202	IFS=':'
203	DIRLIST=${*}
204	elif [ -n "${SSL_CERT_DIR}" ]
205	then
206	DIRLIST=$SSL_CERT_DIR
207	else
208	DIRLIST=${DIR}/certs
209	fi
210
211	IFS=':'
212
213	# process directories
214	for CERT_DIR in ${DIRLIST}
215	do
216	if [ -d ${CERT_DIR} -a -w ${CERT_DIR} ]
217	then
218	IFS=$old_IFS
219	hash_dir ${CERT_DIR}
220	IFS=':'
221	fi
222	done


diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb index 5c5e291c1b..2e536e5d2a 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.1.1a.bb
@@ -13,7 +13,6 @@ DEPENDS = "hostperl-runtime-native"
13		13
14	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \	14	SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
15	file://run-ptest \	15	file://run-ptest \
16	file://openssl-c_rehash.sh \
17	file://0001-skip-test_symbol_presence.patch \	16	file://0001-skip-test_symbol_presence.patch \
18	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \	17	file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
19	file://afalg.patch \	18	file://afalg.patch \
@@ -150,12 +149,6 @@ do_install_append_class-native () {
150	SSL_CERT_DIR=${libdir}/ssl-1.1/certs \	149	SSL_CERT_DIR=${libdir}/ssl-1.1/certs \
151	SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \	150	SSL_CERT_FILE=${libdir}/ssl-1.1/cert.pem \
152	OPENSSL_ENGINES=${libdir}/ssl-1.1/engines	151	OPENSSL_ENGINES=${libdir}/ssl-1.1/engines
153
154	# Install a custom version of c_rehash that can handle sysroots properly.
155	# This version is used for example when installing ca-certificates during
156	# image creation.
157	install -Dm 0755 ${WORKDIR}/openssl-c_rehash.sh ${D}${bindir}/c_rehash
158	sed -i -e 's,/etc/openssl,${sysconfdir}/ssl,g' ${D}${bindir}/c_rehash
159	}	152	}
160		153
161	do_install_append_class-nativesdk () {	154	do_install_append_class-nativesdk () {
@@ -197,14 +190,13 @@ FILES_libcrypto = "${libdir}/libcrypto${SOLIBS}"
197	FILES_libssl = "${libdir}/libssl${SOLIBS}"	190	FILES_libssl = "${libdir}/libssl${SOLIBS}"
198	FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"	191	FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
199	FILES_${PN}-engines = "${libdir}/engines-1.1"	192	FILES_${PN}-engines = "${libdir}/engines-1.1"
200	FILES_${PN}-misc = "${libdir}/ssl-1.1/misc ${bindir}/c_rehash"	193	FILES_${PN}-misc = "${libdir}/ssl-1.1/misc"
201	FILES_${PN} =+ "${libdir}/ssl-1.1/*"	194	FILES_${PN} =+ "${libdir}/ssl-1.1/*"
202	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"	195	FILES_${PN}_append_class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/openssl.sh"
203		196
204	CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"	197	CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
205		198
206	RRECOMMENDS_libcrypto += "openssl-conf"	199	RRECOMMENDS_libcrypto += "openssl-conf"
207	RDEPENDS_${PN}-misc = "perl"
208	RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"	200	RDEPENDS_${PN}-ptest += "openssl-bin perl perl-modules bash"
209		201
210	RPROVIDES_openssl-conf = "openssl10-conf"	202	RPROVIDES_openssl-conf = "openssl10-conf"
@@ -212,7 +204,3 @@ RREPLACES_openssl-conf = "openssl10-conf"
212	RCONFLICTS_openssl-conf = "openssl10-conf"	204	RCONFLICTS_openssl-conf = "openssl10-conf"
213		205
214	BBCLASSEXTEND = "native nativesdk"	206	BBCLASSEXTEND = "native nativesdk"
215
216	inherit multilib_script
217
218	MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"


diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb index b9f57900c8..4c0425302f 100644 --- a/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb +++ b/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb
@@ -11,7 +11,7 @@ LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308
11	DEPENDS = ""	11	DEPENDS = ""
12	DEPENDS_class-native = "openssl-native"	12	DEPENDS_class-native = "openssl-native"
13	DEPENDS_class-nativesdk = "openssl-native"	13	DEPENDS_class-nativesdk = "openssl-native"
14	# Need c_rehash from openssl and run-parts from debianutils	14	# Need rehash from openssl and run-parts from debianutils
15	PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"	15	PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16		16
17	SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"	17	SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be"