From 581ba8b58144cb466e9b5f0215ab4ae8a7287bcd Mon Sep 17 00:00:00 2001 From: Grazvydas Ignotas Date: Sun, 19 Jul 2015 17:06:38 +0300 Subject: [PATCH] ca-certificates: use 20141019 --- ...icates-don-t-use-Debianisms-in-run-p.patch | 33 ++++++++ ...date-ca-certificates-remove-c-rehash.patch | 9 +- ...2-update-ca-certificates-use-SYSROOT.patch | 11 ++- .../ca-certificates/default-sysroot.patch | 50 +++++++++++ .../ca-certificates/sbindir.patch | 20 +++++ .../ca-certificates_20141019.bb | 82 +++++++++++++++++++ 6 files changed, 195 insertions(+), 10 deletions(-) create mode 100644 recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch create mode 100644 recipes/ca-certificates/ca-certificates/default-sysroot.patch create mode 100644 recipes/ca-certificates/ca-certificates/sbindir.patch create mode 100644 recipes/ca-certificates/ca-certificates_20141019.bb diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch new file mode 100644 index 0000000000..d7d487e676 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch @@ -0,0 +1,33 @@ +ca-certificates is a package from Debian, but some host distros such as Fedora +have a leaner run-parts provided by cron which doesn't support --verbose or the + -- separator between arguments and paths. + +This solves errors such as + +| Running hooks in [...]/rootfs/etc/ca-certificates/update.d... +| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton +--- + sbin/update-ca-certificates | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates +index fed9c25..29ecc69 100755 +--- a/sbin/update-ca-certificates ++++ b/sbin/update-ca-certificates +@@ -186,9 +186,7 @@ echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + + HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d + echo -n "Running hooks in $HOOKSDIR...." +-VERBOSE_ARG= +-[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook ++eval run-parts --test $HOOKSDIR | while read hook + do + ( cat $ADDED + cat $REMOVED ) | $hook || echo E: $hook exited with code $?. +-- +2.1.4 + diff --git a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch index ccb0efcc6c..bf027233d1 100644 --- a/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch +++ b/recipes/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch @@ -1,3 +1,5 @@ +Upstream-Status: Pending + From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001 From: Ulf Samuelsson Date: Tue, 28 Feb 2012 06:42:58 +0100 @@ -16,7 +18,7 @@ index 5375950..c567e3d 100755 @@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE" ADDED_CNT=$(wc -l < "$ADDED") REMOVED_CNT=$(wc -l < "$REMOVED") - + -if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ] -then - # only run if set of files has changed @@ -37,9 +39,8 @@ index 5375950..c567e3d 100755 +# c_rehash . +# fi +#fi - + chmod 0644 "$TEMPBUNDLE" mv -f "$TEMPBUNDLE" "$CERTBUNDLE" --- +-- 1.7.4.1 - diff --git a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch index 689fdd90b7..f4c84fea44 100644 --- a/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch +++ b/recipes/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch @@ -17,7 +17,7 @@ index c567e3d..923b68a 100755 @@ -37,11 +37,11 @@ do shift done - + -CERTSCONF=/etc/ca-certificates.conf -CERTSDIR=/usr/share/ca-certificates -LOCALCERTSDIR=/usr/local/share/ca-certificates @@ -27,7 +27,7 @@ index c567e3d..923b68a 100755 CERTBUNDLE=ca-certificates.crt -ETCCERTSDIR=/etc/ssl/certs +ETCCERTSDIR=$SYSROOT/etc/ssl/certs - + cleanup() { rm -f "$TEMPBUNDLE" @@ -64,9 +64,9 @@ add() { @@ -43,14 +43,13 @@ index c567e3d..923b68a 100755 fi cat "$CERT" >> "$TEMPBUNDLE" @@ -148,7 +148,7 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE" - + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." - + -HOOKSDIR=/etc/ca-certificates/update.d +HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d echo -n "Running hooks in $HOOKSDIR...." VERBOSE_ARG= [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose --- +-- 1.7.10.4 - diff --git a/recipes/ca-certificates/ca-certificates/default-sysroot.patch b/recipes/ca-certificates/ca-certificates/default-sysroot.patch new file mode 100644 index 0000000000..6a5d6da676 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/default-sysroot.patch @@ -0,0 +1,50 @@ +Upstream-Status: Pending + +update-ca-certificates: find SYSROOT relative to its own location + +This makes the script relocatable. + +Index: git/sbin/update-ca-certificates +=================================================================== +--- git.orig/sbin/update-ca-certificates ++++ git/sbin/update-ca-certificates +@@ -37,6 +37,39 @@ do + shift + done + ++ ++if [ -z "$SYSROOT" ]; then ++ local_which () { ++ if [ $# -lt 1 ]; then ++ return 1 ++ fi ++ ++ ( ++ IFS=: ++ for entry in $PATH; do ++ if [ -x "$entry/$1" ]; then ++ echo "$entry/$1" ++ exit 0 ++ fi ++ done ++ exit 1 ++ ) ++ } ++ ++ case "$0" in ++ */*) ++ sbindir=$(cd ${0%/*} && pwd) ++ ;; ++ *) ++ sbindir=$(cd $(dirname $(local_which $0)) && pwd) ++ ;; ++ esac ++ prefix=${sbindir%/*} ++ SYSROOT=${prefix%/*} ++ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then ++ SYSROOT= ++ fi ++fi + CERTSCONF=$SYSROOT/etc/ca-certificates.conf + CERTSDIR=$SYSROOT/usr/share/ca-certificates + LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates diff --git a/recipes/ca-certificates/ca-certificates/sbindir.patch b/recipes/ca-certificates/ca-certificates/sbindir.patch new file mode 100644 index 0000000000..a113fa8b15 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates/sbindir.patch @@ -0,0 +1,20 @@ +Upstream-Status: Pending + +Let us alter the install destination of the script via SBINDIR + +--- ca-certificates-20130119.orig/sbin/Makefile ++++ ca-certificates-20130119/sbin/Makefile +@@ -3,9 +3,12 @@ + # + # + ++SBINDIR = /usr/sbin ++ + all: + + clean: + + install: +- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/ ++ install -d $(DESTDIR)$(SBINDIR) ++ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/ diff --git a/recipes/ca-certificates/ca-certificates_20141019.bb b/recipes/ca-certificates/ca-certificates_20141019.bb new file mode 100644 index 0000000000..3652277812 --- /dev/null +++ b/recipes/ca-certificates/ca-certificates_20141019.bb @@ -0,0 +1,82 @@ +SUMMARY = "Common CA certificates" +DESCRIPTION = "This package includes PEM files of CA certificates to allow \ +SSL-based applications to check for the authenticity of SSL connections. \ +This derived from Debian's CA Certificates." +HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" +SECTION = "misc" +LICENSE = "GPL-2.0+ MPL-2.0" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=48d2baf97986999e776b43c8dd9e0c5a" + +# This is needed to ensure we can run the postinst at image creation time +DEPENDS = "ca-certificates-native" +DEPENDS_virtclass-native = "" + +# tag: debian/20140325 + 2 +SRCREV = "2b8a047c78aadbecd90bf8e49ccf68898a211610" + +SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git;protocol=git \ + file://0001-update-ca-certificates-remove-c-rehash.patch;patch=1 \ + file://0002-update-ca-certificates-use-SYSROOT.patch;patch=1 \ + file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch;patch=1 \ + file://default-sysroot.patch;patch=1 \ + file://sbindir.patch;patch=1" + +S = "${WORKDIR}/git" + +# inherit allarch +PACKAGE_ARCH = "all" + +EXTRA_OEMAKE = "\ + 'CERTSDIR=${datadir}/ca-certificates' \ + 'SBINDIR=${sbindir}' \ +" + +do_compile_prepend() { + oe_runmake clean +} + +do_install () { + install -d ${D}${datadir}/ca-certificates \ + ${D}${sysconfdir}/ssl/certs \ + ${D}${sysconfdir}/ca-certificates/update.d + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${mandir}/man8 + install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ + + install -d ${D}${sysconfdir} + { + echo "# Lines starting with # will be ignored" + echo "# Lines starting with ! will remove certificate on next update" + echo "#" + find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ + sed 's,^${D}${datadir}/ca-certificates/,,' + } >${D}${sysconfdir}/ca-certificates.conf +} + +do_install_append_virtclass-target () { + sed -i -e 's,/etc/,${sysconfdir}/,' \ + -e 's,/usr/share/,${datadir}/,' \ + -e 's,/usr/local,${prefix}/local,' \ + ${D}${sbindir}/update-ca-certificates \ + ${D}${mandir}/man8/update-ca-certificates.8 +} + +pkg_postinst_${PN} () { + SYSROOT="$D" update-ca-certificates +} + +CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" + +# Postinsts don't seem to be run for nativesdk packages when populating SDKs. +CONFFILES_${PN}_append_virtclass-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" +do_install_append_virtclass-nativesdk () { + SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates +} + +do_install_append_virtclass-native () { + SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates +} + +BBCLASSEXTEND += "native nativesdk" +NATIVE_INSTALL_WORKS = "1" -- 2.39.5