* [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs
@ 2015-04-02 23:09 Yann E. MORIN
2015-04-03 13:31 ` Gustavo Zacarias
2015-04-03 13:40 ` Thomas Petazzoni
0 siblings, 2 replies; 3+ messages in thread
From: Yann E. MORIN @ 2015-04-02 23:09 UTC (permalink / raw)
To: buildroot
glib-networking wants to use the certificates bundle, not the individual
certificates.
Generating the bundle is usually done with update-ca-certificates, but
that does not support running out-of-tree.
Fortiunately, and as Gustavo put it, update-ca-certificates is jsut a
glorified 'cat'. It is supposed to be fed a config file stating which
certificate to add/remove to/from the bundle, otherwise nothing fancy
(Oh, yes, running hooks after updating the bundle).
Since we do not need any of this in Buidlroot, we jsut generate a bundle
with all certificates unconditionally.
Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/ca-certificates/ca-certificates.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index 271985a..8fe26c9 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -25,9 +25,11 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS
rm -f $(TARGET_DIR)/etc/ssl/certs/*
# Create symlinks to certificates under /etc/ssl/certs
+ # and generate the bundle
cd $(TARGET_DIR) ;\
for i in `find usr/share/ca-certificates -name "*.crt"` ; do \
ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\
+ cat $$i >>etc/ssl/certs/ca-certificates.crt ;\
done
# Create symlinks to the certificates by their hash values
--
1.9.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs
2015-04-02 23:09 [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs Yann E. MORIN
@ 2015-04-03 13:31 ` Gustavo Zacarias
2015-04-03 13:40 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Gustavo Zacarias @ 2015-04-03 13:31 UTC (permalink / raw)
To: buildroot
On 04/02/2015 08:09 PM, Yann E. MORIN wrote:
> glib-networking wants to use the certificates bundle, not the individual
> certificates.
>
> Generating the bundle is usually done with update-ca-certificates, but
> that does not support running out-of-tree.
>
> Fortiunately, and as Gustavo put it, update-ca-certificates is jsut a
> glorified 'cat'. It is supposed to be fed a config file stating which
> certificate to add/remove to/from the bundle, otherwise nothing fancy
> (Oh, yes, running hooks after updating the bundle).
>
> Since we do not need any of this in Buidlroot, we jsut generate a bundle
> with all certificates unconditionally.
>
> Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
(midori qemu-arm-vexpress with good certificate site + bad site)
(when this was missing it would report every site as bad CA when
clicking on the lock icon "the signing certificate authority is not
know" - besides the console warning).
Regards.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs
2015-04-02 23:09 [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs Yann E. MORIN
2015-04-03 13:31 ` Gustavo Zacarias
@ 2015-04-03 13:40 ` Thomas Petazzoni
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2015-04-03 13:40 UTC (permalink / raw)
To: buildroot
Dear Yann E. MORIN,
On Fri, 3 Apr 2015 01:09:06 +0200, Yann E. MORIN wrote:
> glib-networking wants to use the certificates bundle, not the individual
> certificates.
>
> Generating the bundle is usually done with update-ca-certificates, but
> that does not support running out-of-tree.
>
> Fortiunately, and as Gustavo put it, update-ca-certificates is jsut a
> glorified 'cat'. It is supposed to be fed a config file stating which
> certificate to add/remove to/from the bundle, otherwise nothing fancy
> (Oh, yes, running hooks after updating the bundle).
>
> Since we do not need any of this in Buidlroot, we jsut generate a bundle
> with all certificates unconditionally.
>
> Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Applied, thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-04-03 13:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-04-02 23:09 [Buildroot] [PATCH] package/ca-certificates: generate the bundle of certs Yann E. MORIN
2015-04-03 13:31 ` Gustavo Zacarias
2015-04-03 13:40 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.