--- /dev/null
+ca-certificates is a package from Debian, but some host distros such as Fedora
+have a leaner run-parts provided by cron which doesn't support --verbose or the
+ -- separator between arguments and paths.
+
+This solves errors such as
+
+| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
+| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
+| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
+| E: Not a directory: -- exited with code 127.
+
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
+---
+ sbin/update-ca-certificates | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
++++ git/sbin/update-ca-certificates
+@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
+ then
+
+ echo "Running hooks in $HOOKSDIR..."
+- VERBOSE_ARG=
+- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
+- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
++ eval run-parts --test "$HOOKSDIR" | while read hook
+ do
+ ( cat "$ADDED"
+ cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
--- /dev/null
+Upstream-Status: Pending
+
+From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
+From: Andreas Oberritter <obi@opendreambox.org>
+Date: Tue, 19 Mar 2013 17:14:33 +0100
+Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
+
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+---
+ sbin/update-ca-certificates | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
++++ git/sbin/update-ca-certificates
+@@ -24,12 +24,12 @@
+ verbose=0
+ fresh=0
+ default=0
+-CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
++CERTSCONF=$SYSROOT/etc/ca-certificates.conf
++CERTSDIR=$SYSROOT/usr/share/ca-certificates
++LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=/etc/ssl/certs
+-HOOKSDIR=/etc/ca-certificates/update.d
++ETCCERTSDIR=$SYSROOT/etc/ssl/certs
++HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
+
+ while [ $# -gt 0 ];
+ do
+@@ -92,9 +92,9 @@ add() {
+ PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
+ -e 's/[()]/=/g' \
+ -e 's/,/_/g').pem"
+- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
++ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
+ then
+- ln -sf "$CERT" "$PEM"
++ ln -sf "${CERT##$SYSROOT}" "$PEM"
+ echo "+$PEM" >> "$ADDED"
+ fi
+ # Add trailing newline to certificate, if it is missing (#635570)
--- /dev/null
+Upstream-Status: Pending
+
+update-ca-certificates: find SYSROOT relative to its own location
+
+This makes the script relocatable.
+
+Index: git/sbin/update-ca-certificates
+===================================================================
+--- git.orig/sbin/update-ca-certificates
++++ git/sbin/update-ca-certificates
+@@ -66,6 +66,39 @@ do
+ shift
+ done
+
++if [ -z "$SYSROOT" ]; then
++ local_which () {
++ if [ $# -lt 1 ]; then
++ return 1
++ fi
++
++ (
++ IFS=:
++ for entry in $PATH; do
++ if [ -x "$entry/$1" ]; then
++ echo "$entry/$1"
++ exit 0
++ fi
++ done
++ exit 1
++ )
++ }
++
++ case "$0" in
++ */*)
++ sbindir=$(cd ${0%/*} && pwd)
++ ;;
++ *)
++ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
++ ;;
++ esac
++ prefix=${sbindir%/*}
++ SYSROOT=${prefix%/*}
++ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
++ SYSROOT=
++ fi
++fi
++
+ if [ ! -s "$CERTSCONF" ]
+ then
+ fresh=1
--- /dev/null
+From 30378026d136efa779732e3f6664e2ecf461e458 Mon Sep 17 00:00:00 2001
+From: Patrick Ohly <patrick.ohly@intel.com>
+Date: Thu, 17 Mar 2016 12:38:09 +0100
+Subject: [PATCH] update-ca-certificates: support Toybox
+
+"mktemp -t" is deprecated and does not work when using Toybox. Replace
+with something that works also with Toybox.
+
+Upstream-Status: Pending
+
+Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
+---
+ sbin/update-ca-certificates | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 79c41bb..ae9e3f1 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
+@@ -113,9 +113,9 @@ trap cleanup 0
+
+ # Helper files. (Some of them are not simple arrays because we spawn
+ # subshells later on.)
+-TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
+-ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
+-REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
++TEMPBUNDLE="$(mktemp -p${TMPDIR:-/tmp} "${CERTBUNDLE}.tmp.XXXXXX")"
++ADDED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")"
++REMOVED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")"
+
+ # Adds a certificate to the list of trusted ones. This includes a symlink
+ # in /etc/ssl/certs to the certificate file and its inclusion into the
+--
+2.1.4
--- /dev/null
+SUMMARY = "Common CA certificates"
+DESCRIPTION = "This package includes PEM files of CA certificates to allow \
+SSL-based applications to check for the authenticity of SSL connections. \
+This derived from Debian's CA Certificates."
+HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
+SECTION = "misc"
+LICENSE = "GPL-2.0+ & MPL-2.0"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968"
+
+# This is needed to ensure we can run the postinst at image creation time
+DEPENDS = ""
+DEPENDS_class-native = "openssl-native"
+DEPENDS_class-nativesdk = "openssl-native"
+# Need c_rehash from openssl and run-parts from debianutils
+PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
+
+SRCREV = "34b8e19e541b8af4076616b2e170c7a70cdaded0"
+
+SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
+ file://0002-update-ca-certificates-use-SYSROOT.patch \
+ file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
+ file://update-ca-certificates-support-Toybox.patch \
+ file://default-sysroot.patch \
+ file://sbindir.patch"
+
+S = "${WORKDIR}/git"
+
+inherit allarch
+
+EXTRA_OEMAKE = "\
+ 'CERTSDIR=${datadir}/ca-certificates' \
+ 'SBINDIR=${sbindir}' \
+"
+
+do_compile_prepend() {
+ oe_runmake clean
+}
+
+do_install () {
+ install -d ${D}${datadir}/ca-certificates \
+ ${D}${sysconfdir}/ssl/certs \
+ ${D}${sysconfdir}/ca-certificates/update.d
+ oe_runmake 'DESTDIR=${D}' install
+
+ install -d ${D}${mandir}/man8
+ install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
+
+ install -d ${D}${sysconfdir}
+ {
+ echo "# Lines starting with # will be ignored"
+ echo "# Lines starting with ! will remove certificate on next update"
+ echo "#"
+ find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
+ sed 's,^${D}${datadir}/ca-certificates/,,'
+ } >${D}${sysconfdir}/ca-certificates.conf
+}
+
+do_install_append_class-target () {
+ sed -i -e 's,/etc/,${sysconfdir}/,' \
+ -e 's,/usr/share/,${datadir}/,' \
+ -e 's,/usr/local,${prefix}/local,' \
+ ${D}${sbindir}/update-ca-certificates \
+ ${D}${mandir}/man8/update-ca-certificates.8
+}
+
+pkg_postinst_${PN} () {
+ SYSROOT="$D" $D${sbindir}/update-ca-certificates
+}
+
+CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+
+# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
+CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
+do_install_append_class-nativesdk () {
+ SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
+}
+
+do_install_append_class-native () {
+ SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
+}
+
+RDEPENDS_${PN} += "openssl"
+
+BBCLASSEXTEND = "native nativesdk"
git.openpandora.org / openembedded.git / commitdiff