* [PATCH 0/2] Add ca-certificates recipe
@ 2013-08-23 17:20 Christopher Larson
2013-08-23 17:20 ` [PATCH 1/2] ca-certificates: add recipe (version 20130610) Christopher Larson
2013-08-23 17:20 ` [PATCH 2/2] nativesdk-ca-certificates: prepopulate ca-certificates.crt Christopher Larson
0 siblings, 2 replies; 4+ messages in thread
From: Christopher Larson @ 2013-08-23 17:20 UTC (permalink / raw)
To: openembedded-core; +Cc: Christopher Larson
From: Christopher Larson <chris_larson@mentor.com>
This is based on the meta-oe recipe, with enhancements, and prepopulates the
certificates for the nativesdk version, for later use in the
buildtools-tarball.
The following changes since commit d98f08a7ad95d0b17846276b028a6614f16b6846:
genext2fs: fix memory corruption on powerpc (2013-08-20 07:11:44 -0700)
are available in the git repository at:
https://github.com/kergoth/oe-core.git ca-certificates
Christopher Larson (2):
ca-certificates: add recipe (version 20130610)
nativesdk-ca-certificates: prepopulate ca-certificates.crt
...01-update-ca-certificates-remove-c-rehash.patch | 44 ++++++++++++++
.../0002-update-ca-certificates-use-SYSROOT.patch | 55 +++++++++++++++++
.../ca-certificates/default-sysroot.patch | 53 +++++++++++++++++
.../ca-certificates/ca-certificates/sbindir.patch | 20 +++++++
.../ca-certificates/ca-certificates_20130610.bb | 69 ++++++++++++++++++++++
5 files changed, 241 insertions(+)
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
--
1.8.3.4
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/2] ca-certificates: add recipe (version 20130610)
2013-08-23 17:20 [PATCH 0/2] Add ca-certificates recipe Christopher Larson
@ 2013-08-23 17:20 ` Christopher Larson
2013-08-23 17:27 ` Christopher Larson
2013-08-23 17:20 ` [PATCH 2/2] nativesdk-ca-certificates: prepopulate ca-certificates.crt Christopher Larson
1 sibling, 1 reply; 4+ messages in thread
From: Christopher Larson @ 2013-08-23 17:20 UTC (permalink / raw)
To: openembedded-core; +Cc: Christopher Larson
From: Christopher Larson <chris_larson@mentor.com>
We need this for certain nativesdk recipes, as we can't rely on the
certificate path or bundle path being the same across distros, and it's useful
in many cases on the target as well.
This is based on the 20130119 recipe from meta-oe, with the following changes:
- use the debian git repository to avoid vanishing sources
- obey our target paths
- default to a sysroot relative to the script location (make relocatable)
- define SUMMARY
- don't inherit autotools, this isn't an autotools package
- add MPL-2.0 to LICENSE, as that's the license of the certdata
- install the script man page
- use a native rather than cross recipe, as it's not bound in any way to the
target system
- add nativesdk to bbclassextend, for use in SDKs
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
---
...01-update-ca-certificates-remove-c-rehash.patch | 44 +++++++++++++++
.../0002-update-ca-certificates-use-SYSROOT.patch | 55 +++++++++++++++++++
.../ca-certificates/default-sysroot.patch | 53 ++++++++++++++++++
.../ca-certificates/ca-certificates/sbindir.patch | 20 +++++++
.../ca-certificates/ca-certificates_20130610.bb | 63 ++++++++++++++++++++++
5 files changed, 235 insertions(+)
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
create mode 100644 meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
new file mode 100644
index 0000000..7f30cff
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-remove-c-rehash.patch
@@ -0,0 +1,44 @@
+From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001
+From: Ulf Samuelsson <ulf@emagii.com>
+Date: Tue, 28 Feb 2012 06:42:58 +0100
+Subject: [PATCH] update-ca-certificates: remove c rehash
+
+Updated earlier patch to apply clean on 2012-02-12
+Signed-off-by: Ulf Samuelsson <ulf@emagii.com>
+---
+ sbin/update-ca-certificates | 20 ++++++++++----------
+ 1 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 5375950..c567e3d 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
+@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE"
+ ADDED_CNT=$(wc -l < "$ADDED")
+ REMOVED_CNT=$(wc -l < "$REMOVED")
+
+-if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
+-then
+- # only run if set of files has changed
+- if [ "$verbose" = 0 ]
+- then
+- c_rehash . > /dev/null
+- else
+- c_rehash .
+- fi
+-fi
++#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
++#then
++# # only run if set of files has changed
++# if [ "$verbose" = 0 ]
++# then
++# c_rehash . > /dev/null
++# else
++# c_rehash .
++# fi
++#fi
+
+ chmod 0644 "$TEMPBUNDLE"
+ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+--
+1.7.4.1
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
new file mode 100644
index 0000000..f4c84fe
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -0,0 +1,55 @@
+Upstream-Status: Pending
+
+From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
+From: Andreas Oberritter <obi@opendreambox.org>
+Date: Tue, 19 Mar 2013 17:14:33 +0100
+Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
+
+Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
+---
+ sbin/update-ca-certificates | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index c567e3d..923b68a 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
+@@ -37,11 +37,11 @@ do
+ shift
+ done
+
+-CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
++CERTSCONF=$SYSROOT/etc/ca-certificates.conf
++CERTSDIR=$SYSROOT/usr/share/ca-certificates
++LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=/etc/ssl/certs
++ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+
+ cleanup() {
+ rm -f "$TEMPBUNDLE"
+@@ -64,9 +64,9 @@ add() {
+ PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
+ -e 's/[()]/=/g' \
+ -e 's/,/_/g').pem"
+- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
++ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
+ then
+- ln -sf "$CERT" "$PEM"
++ ln -sf "${CERT##$SYSROOT}" "$PEM"
+ echo +$PEM >> "$ADDED"
+ fi
+ cat "$CERT" >> "$TEMPBUNDLE"
+@@ -148,7 +148,7 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
+ echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
+
+-HOOKSDIR=/etc/ca-certificates/update.d
++HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
+ echo -n "Running hooks in $HOOKSDIR...."
+ VERBOSE_ARG=
+ [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+--
+1.7.10.4
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
new file mode 100644
index 0000000..8ce5be6
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
@@ -0,0 +1,53 @@
+---
+ sbin/update-ca-certificates | 37 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 35 insertions(+), 2 deletions(-)
+
+--- ca-certificates-20130119.orig/sbin/update-ca-certificates
++++ ca-certificates-20130119/sbin/update-ca-certificates
+@@ -37,11 +37,44 @@ do
+ shift
+ done
+
+-CERTSCONF=$SYSROOT/etc/ca-certificates.conf
++if [ -z "$SYSROOT" ]; then
++ local_which () {
++ if [ $# -lt 1 ]; then
++ return 1
++ fi
++
++ (
++ IFS=:
++ for entry in $PATH; do
++ if [ -x "$entry/$1" ]; then
++ echo "$entry/$1"
++ exit 0
++ fi
++ done
++ exit 1
++ )
++ }
++
++ case "$0" in
++ */*)
++ sbindir=$(cd ${0%/*} && pwd)
++ ;;
++ *)
++ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
++ ;;
++ esac
++ prefix=${sbindir%/*}
++ SYSROOT=${prefix%/*}
++ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
++ SYSROOT=
++ fi
++fi
++
+ CERTSDIR=$SYSROOT/usr/share/ca-certificates
++CERTSCONF=$SYSROOT/etc/ca-certificates.conf
++ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+ LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+
+ cleanup() {
+ rm -f "$TEMPBUNDLE"
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
new file mode 100644
index 0000000..4eb9287
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/sbindir.patch
@@ -0,0 +1,20 @@
+---
+ sbin/Makefile | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- ca-certificates-20130119.orig/sbin/Makefile
++++ ca-certificates-20130119/sbin/Makefile
+@@ -3,9 +3,12 @@
+ #
+ #
+
++SBINDIR = /usr/sbin
++
+ all:
+
+ clean:
+
+ install:
+- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
++ install -d $(DESTDIR)$(SBINDIR)
++ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
new file mode 100644
index 0000000..053fbbe
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
@@ -0,0 +1,63 @@
+SUMMARY = "Common CA certificates"
+DESCRIPTION = "This package includes PEM files of CA certificates to allow \
+SSL-based applications to check for the authenticity of SSL connections."
+HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
+SECTION = "misc"
+LICENSE = "GPL-2.0+ & MPL-2.0"
+LIC_FILES_CHKSUM = "file://debian/copyright;md5=d8fc4ed45f01c31c87c9b496d4babcae"
+
+# This is needed to ensure we can run the postinst at image creation time
+DEPENDS = "ca-certificates-native"
+DEPENDS_class-native = ""
+
+# tag: debian/20130610
+SRCREV = "9f3c12784eaee1e2b005a23ce8b5c38e1e851404"
+
+SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
+ file://0001-update-ca-certificates-remove-c-rehash.patch \
+ file://0002-update-ca-certificates-use-SYSROOT.patch \
+ file://default-sysroot.patch \
+ file://sbindir.patch"
+S = "${WORKDIR}/git"
+
+inherit allarch
+
+EXTRA_OEMAKE = "\
+ 'CERTSDIR=${datadir}/ca-certificates' \
+ 'SBINDIR=${sbindir}' \
+"
+
+do_install () {
+ install -d ${D}${datadir}/ca-certificates \
+ ${D}${sysconfdir}/ssl/certs \
+ ${D}${sysconfdir}/ca-certificates/update.d
+ oe_runmake 'DESTDIR=${D}' install
+
+ install -d ${D}${mandir}/man8
+ install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
+
+ install -d ${D}${sysconfdir}
+ {
+ echo "# Lines starting with # will be ignored"
+ echo "# Lines starting with ! will remove certificate on next update"
+ echo "#"
+ find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
+ sed 's,^${D}${datadir}/ca-certificates/,,'
+ } >${D}${sysconfdir}/ca-certificates.conf
+}
+
+do_install_class-target () {
+ sed -i -e 's,/etc/,${sysconfdir}/,' \
+ -e 's,/usr/share/,${datadir}/,' \
+ -e 's,/usr/local,${prefix}/local,' \
+ ${D}${sbindir}/update-ca-certificates \
+ ${D}${mandir}/man8/update-ca-certificates.8
+}
+
+pkg_postinst_${PN} () {
+ SYSROOT="$D" update-ca-certificates
+}
+
+CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+
+BBCLASSEXTEND += "native nativesdk"
--
1.8.3.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] nativesdk-ca-certificates: prepopulate ca-certificates.crt
2013-08-23 17:20 [PATCH 0/2] Add ca-certificates recipe Christopher Larson
2013-08-23 17:20 ` [PATCH 1/2] ca-certificates: add recipe (version 20130610) Christopher Larson
@ 2013-08-23 17:20 ` Christopher Larson
1 sibling, 0 replies; 4+ messages in thread
From: Christopher Larson @ 2013-08-23 17:20 UTC (permalink / raw)
To: openembedded-core; +Cc: Christopher Larson
From: Christopher Larson <chris_larson@mentor.com>
As postinsts aren't run for nativesdk packages when populating an SDK, we need
to prepopulate up-front.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
---
meta/recipes-support/ca-certificates/ca-certificates_20130610.bb | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
index 053fbbe..0ed238b 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20130610.bb
@@ -60,4 +60,10 @@ pkg_postinst_${PN} () {
CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
+# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
+CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
+do_install_append_class-nativesdk () {
+ SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
+}
+
BBCLASSEXTEND += "native nativesdk"
--
1.8.3.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] ca-certificates: add recipe (version 20130610)
2013-08-23 17:20 ` [PATCH 1/2] ca-certificates: add recipe (version 20130610) Christopher Larson
@ 2013-08-23 17:27 ` Christopher Larson
0 siblings, 0 replies; 4+ messages in thread
From: Christopher Larson @ 2013-08-23 17:27 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Christopher Larson
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
On Fri, Aug 23, 2013 at 10:20 AM, Christopher Larson <kergoth@gmail.com>wrote:
> We need this for certain nativesdk recipes, as we can't rely on the
> certificate path or bundle path being the same across distros, and it's
> useful
> in many cases on the target as well.
>
> This is based on the 20130119 recipe from meta-oe, with the following
> changes:
>
> - use the debian git repository to avoid vanishing sources
> - obey our target paths
> - default to a sysroot relative to the script location (make relocatable)
> - define SUMMARY
> - don't inherit autotools, this isn't an autotools package
> - add MPL-2.0 to LICENSE, as that's the license of the certdata
> - install the script man page
> - use a native rather than cross recipe, as it's not bound in any way to
> the
> target system
> - add nativesdk to bbclassextend, for use in SDKs
>
> Signed-off-by: Christopher Larson <chris_larson@mentor.com>
>
Await v2, forgot the patch upstream status :)
[-- Attachment #2: Type: text/html, Size: 1424 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-08-23 17:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-08-23 17:20 [PATCH 0/2] Add ca-certificates recipe Christopher Larson
2013-08-23 17:20 ` [PATCH 1/2] ca-certificates: add recipe (version 20130610) Christopher Larson
2013-08-23 17:27 ` Christopher Larson
2013-08-23 17:20 ` [PATCH 2/2] nativesdk-ca-certificates: prepopulate ca-certificates.crt Christopher Larson
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.