ca-certificates: use 20141019

diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
new file mode 100644 (file)
index 0000000..d7d487e
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -0,0 +1,33 @@
+ca-certificates is a package from Debian, but some host distros such as Fedora
+have a leaner run-parts provided by cron which doesn't support --verbose or the
+ -- separator between arguments and paths.
+
+This solves errors such as
+
+| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
+| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+---
+ sbin/update-ca-certificates | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index fed9c25..29ecc69 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
+@@ -186,9 +186,7 @@ echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
+ 
+ HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
+ echo -n "Running hooks in $HOOKSDIR...."
+-VERBOSE_ARG=
+-[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook
++eval run-parts --test $HOOKSDIR | while read hook
+ do
+   ( cat $ADDED
+     cat $REMOVED ) | $hook || echo E: $hook exited with code $?.
+-- 
+2.1.4
+

diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
index ccb0efc..bf02723 100644 (file)
--- a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
+++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
@@ -1,3 +1,5 @@
+Upstream-Status: Pending
+
 From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001
 From: Ulf Samuelsson <ulf@emagii.com>
 Date: Tue, 28 Feb 2012 06:42:58 +0100
@@ -16,7 +18,7 @@ index 5375950..c567e3d 100755
 @@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE"
  ADDED_CNT=$(wc -l < "$ADDED")
  REMOVED_CNT=$(wc -l < "$REMOVED")
- 
+
 -if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
 -then
 -  # only run if set of files has changed
@@ -37,9 +39,8 @@ index 5375950..c567e3d 100755
 +#    c_rehash .
 +#  fi
 +#fi
- 
+
  chmod 0644 "$TEMPBUNDLE"
  mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
--- 
+--
 1.7.4.1
-

diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
index 689fdd9..f4c84fe 100644 (file)
--- a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
+++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -17,7 +17,7 @@ index c567e3d..923b68a 100755
 @@ -37,11 +37,11 @@ do
    shift
  done
- 
+
 -CERTSCONF=/etc/ca-certificates.conf
 -CERTSDIR=/usr/share/ca-certificates
 -LOCALCERTSDIR=/usr/local/share/ca-certificates
@@ -27,7 +27,7 @@ index c567e3d..923b68a 100755
  CERTBUNDLE=ca-certificates.crt
 -ETCCERTSDIR=/etc/ssl/certs
 +ETCCERTSDIR=$SYSROOT/etc/ssl/certs
- 
+
  cleanup() {
    rm -f "$TEMPBUNDLE"
 @@ -64,9 +64,9 @@ add() {
@@ -43,14 +43,13 @@ index c567e3d..923b68a 100755
    fi
    cat "$CERT" >> "$TEMPBUNDLE"
 @@ -148,7 +148,7 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
- 
+
  echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
- 
+
 -HOOKSDIR=/etc/ca-certificates/update.d
 +HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
  echo -n "Running hooks in $HOOKSDIR...."
  VERBOSE_ARG=
  [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
--- 
+--
 1.7.10.4
-

diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
new file mode 100644 (file)
index 0000000..6a5d6da
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Pending
+
+update-ca-certificates: find SYSROOT relative to its own location
+
+This makes the script relocatable.
+
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
++++ git/sbin/update-ca-certificates
+@@ -37,6 +37,39 @@ do
+   shift
+ done
+ 
++ 
++if [ -z "$SYSROOT" ]; then
++  local_which () {
++    if [ $# -lt 1 ]; then
++      return 1
++    fi
++
++    (
++      IFS=:
++      for entry in $PATH; do
++        if [ -x "$entry/$1" ]; then
++          echo "$entry/$1"
++          exit 0
++        fi
++      done
++      exit 1
++    )
++  }
++
++  case "$0" in
++    */*)
++      sbindir=$(cd ${0%/*} && pwd)
++      ;;
++    *)
++      sbindir=$(cd $(dirname $(local_which $0)) && pwd)
++      ;;
++  esac
++  prefix=${sbindir%/*}
++  SYSROOT=${prefix%/*}
++  if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
++    SYSROOT=
++  fi
++fi
+ CERTSCONF=$SYSROOT/etc/ca-certificates.conf
+ CERTSDIR=$SYSROOT/usr/share/ca-certificates
+ LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates

diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch
new file mode 100644 (file)
index 0000000..a113fa8
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
+Upstream-Status: Pending
+
+Let us alter the install destination of the script via SBINDIR
+
+--- ca-certificates-20130119.orig/sbin/Makefile
++++ ca-certificates-20130119/sbin/Makefile
+@@ -3,9 +3,12 @@
+ #
+ #
+
++SBINDIR = /usr/sbin
++
+ all:
+
+ clean:
+
+ install:
+-      install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
++      install -d $(DESTDIR)$(SBINDIR)
++      install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/

diff --git a/recipes/ca-certificates/ca-certificates_20141019.bb b/recipes/ca-certificates/ca-certificates_20141019.bb
new file mode 100644 (file)
index 0000000..3652277
--- /dev/null
+++ b/recipes/ca-certificates/ca-certificates_20141019.bb
@@ -0,0 +1,82 @@
+SUMMARY = "Common CA certificates"
+DESCRIPTION = "This package includes PEM files of CA certificates to allow \
+SSL-based applications to check for the authenticity of SSL connections. \
+This derived from Debian's CA Certificates."
+HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
+SECTION = "misc"
+LICENSE = "GPL-2.0+ MPL-2.0"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a"
+
+# This is needed to ensure we can run the postinst at image creation time
+DEPENDS = "ca-certificates-native"
+DEPENDS_virtclass-native = ""
+
+# tag: debian/20140325 + 2
+SRCREV = "2b8a047c78aadbecd90bf8e49ccf68898a211610"
+
+SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git;protocol=git \
+           file://0001-update-ca-certificates-remove-c-rehash.patch;patch=1 \
+           file://0002-update-ca-certificates-use-SYSROOT.patch;patch=1 \
+           file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch;patch=1 \
+           file://default-sysroot.patch;patch=1 \
+           file://sbindir.patch;patch=1"
+
+S = "${WORKDIR}/git"
+
+# inherit allarch
+PACKAGE_ARCH = "all"
+
+EXTRA_OEMAKE = "\
+    'CERTSDIR=${datadir}/ca-certificates' \
+    'SBINDIR=${sbindir}' \
+"
+
+do_compile_prepend() {
+    oe_runmake clean
+}
+
+do_install () {
+    install -d ${D}${datadir}/ca-certificates \
+               ${D}${sysconfdir}/ssl/certs \
+               ${D}${sysconfdir}/ca-certificates/update.d
+    oe_runmake 'DESTDIR=${D}' install
+
+    install -d ${D}${mandir}/man8
+    install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
+
+    install -d ${D}${sysconfdir}
+    {
+        echo "# Lines starting with # will be ignored"
+        echo "# Lines starting with ! will remove certificate on next update"
+        echo "#"
+        find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
+            sed 's,^${D}${datadir}/ca-certificates/,,'
+    } >${D}${sysconfdir}/ca-certificates.conf
+}
+
+do_install_append_virtclass-target () {
+    sed -i -e 's,/etc/,${sysconfdir}/,' \
+           -e 's,/usr/share/,${datadir}/,' \
+           -e 's,/usr/local,${prefix}/local,' \
+        ${D}${sbindir}/update-ca-certificates \
+        ${D}${mandir}/man8/update-ca-certificates.8
+}
+
+pkg_postinst_${PN} () {
+    SYSROOT="$D" update-ca-certificates
+}
+
+CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+
+# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
+CONFFILES_${PN}_append_virtclass-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
+do_install_append_virtclass-nativesdk () {
+    SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
+}
+
+do_install_append_virtclass-native () {
+    SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
+}
+
+BBCLASSEXTEND += "native nativesdk"
+NATIVE_INSTALL_WORKS = "1"