* [Buildroot] [git commit branch/2018.02.x] package/ca-certificates: don't hash certificates.crt
@ 2018-10-24 12:31 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2018-10-24 12:31 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=8ca7134eca46ccf09910465922934f6c8da4a4c7
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.02.x
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.
However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:
WARNING: Skipping duplicate certificate ca-certificates.crt
and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.
To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.
Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit d07ddd8e4ed576dbce4c33ab006f342e24d3bd6b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ca-certificates/ca-certificates.mk | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index cb0e961465..2d685c74af 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -33,11 +33,15 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS
cd $(TARGET_DIR) ;\
for i in `find usr/share/ca-certificates -name "*.crt"` ; do \
ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\
- cat $$i >>etc/ssl/certs/ca-certificates.crt ;\
- done
+ cat $$i ;\
+ done >$(@D)/ca-certificates.crt
# Create symlinks to the certificates by their hash values
$(HOST_DIR)/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs
+
+ # Install the certificates bundle
+ $(INSTALL) -D -m 644 $(@D)/ca-certificates.crt \
+ $(TARGET_DIR)/etc/ssl/certs/ca-certificates.crt
endef
$(eval $(generic-package))
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2018-10-24 12:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-24 12:31 [Buildroot] [git commit branch/2018.02.x] package/ca-certificates: don't hash certificates.crt Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.