diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2011-09-07 01:47:48 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2011-09-07 01:47:48 +0000 |
| commit | db126ba973b1d613815eb802c88997c76ddd8a78 (patch) | |
| tree | 3a8cee5ac54d309d50093df7db1e208d7415a7df /app-misc/ca-certificates | |
| parent | Version bump. Drop --oknodo in init.d #377771 by Michael Mair-Keimberger. A... (diff) | |
| download | historical-db126ba973b1d613815eb802c88997c76ddd8a78.tar.gz historical-db126ba973b1d613815eb802c88997c76ddd8a78.tar.bz2 historical-db126ba973b1d613815eb802c88997c76ddd8a78.zip | |
Generate relative symlinks to certs when using --root so c_rehash works properly.
Package-Manager: portage-2.2.0_alpha51/cvs/Linux x86_64
Diffstat (limited to 'app-misc/ca-certificates')
| -rw-r--r-- | app-misc/ca-certificates/ChangeLog | 10 | ||||
| -rw-r--r-- | app-misc/ca-certificates/Manifest | 10 | ||||
| -rw-r--r-- | app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild | 95 | ||||
| -rw-r--r-- | app-misc/ca-certificates/files/ca-certificates-20110502-root.patch | 110 |
4 files changed, 220 insertions, 5 deletions
diff --git a/app-misc/ca-certificates/ChangeLog b/app-misc/ca-certificates/ChangeLog index 41f605aba01d..b8e199c0fab1 100644 --- a/app-misc/ca-certificates/ChangeLog +++ b/app-misc/ca-certificates/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-misc/ca-certificates # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.54 2011/09/07 00:39:11 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.55 2011/09/07 01:47:48 vapier Exp $ + +*ca-certificates-20110502-r4 (07 Sep 2011) + + 07 Sep 2011; Mike Frysinger <vapier@gentoo.org> + +ca-certificates-20110502-r4.ebuild, + +files/ca-certificates-20110502-root.patch: + Generate relative symlinks to certs when using --root so c_rehash works + properly. 07 Sep 2011; Mike Frysinger <vapier@gentoo.org> ca-certificates-20110502-r3.ebuild: diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest index 0a473e5af64b..9a5eeb7c465e 100644 --- a/app-misc/ca-certificates/Manifest +++ b/app-misc/ca-certificates/Manifest @@ -2,6 +2,7 @@ Hash: SHA256 AUX ca-certificates-20090709-root.patch 2842 RMD160 cee480400c29c113b9478250997a0d08f18428aa SHA1 fc3305985dcc784387daccd2368a123546738312 SHA256 701da246597154c37b5c9ff6999730fe8b76fe10811f71b2d1eded50a2f4f175 +AUX ca-certificates-20110502-root.patch 2942 RMD160 9b702ba1ca466134445375a71b0b44bf3bf904ae SHA1 e41f8ee727176c591621cef12c76ccee4a2b0a52 SHA256 7f2273b748140c5806c37e954bb27846cb0b8bdddda15ba0f23d3fcae6e77e28 DIST ca-certificates_20090709_all.deb 154620 RMD160 d2e1b846341b2d7201675418b76f56f7decc929b SHA1 19790e219ee2c775f50d7ddd486ec60dfd0c7106 SHA256 de1e35997eb39c7ba5713f206aba034ff8ce8aa3aebebfc7eb1823de9968d767 DIST ca-certificates_20110421_all.deb 176778 RMD160 504d592cc997c827da47699a3db5d4a25521a63a SHA1 863a3eabb7366e69942bfe10f6c2cd99c145d0b8 SHA256 a60a9c0faf1847df4553ce13ffe337412b88dd1b9d502741ac1760204c0bdda3 DIST ca-certificates_20110502+nmu1_all.deb 174242 RMD160 7fbfff59c2dc2fae6127389464c01c1af9a32dc5 SHA1 141c8bf62f46043c52442d9bb58cc9bf74ed1b4c SHA256 d44284ee9b733b9890a54516f66b68a382ac5fb2c0bdceafed4cf229aa3b05a1 @@ -11,13 +12,14 @@ EBUILD ca-certificates-20110421.ebuild 2119 RMD160 4d43af5a2d49eede27e6cd6b41568 EBUILD ca-certificates-20110502-r1.ebuild 2116 RMD160 58b09920e8e77b7fdbb88d694e905c8b1d23f821 SHA1 64f97fe7afe251eb984509bfefe0e31dd2d74c49 SHA256 39b705809344be81df5d717a63f7909127481f9ec052c2169d74ac2eda508e68 EBUILD ca-certificates-20110502-r2.ebuild 2858 RMD160 262b5a79440219a1a28f0fd18f153820ecb4fbd5 SHA1 a687a1f60539688d64911b2ede31f8981d128c26 SHA256 3c67bf66b6bf7d4f17fe3cf4eeb696331e62e201b51cdacd6bfc523ec3b2b0c6 EBUILD ca-certificates-20110502-r3.ebuild 3028 RMD160 e1e5462fb5d15d2ec731658d14662072681278fa SHA1 bbac7afbb44b1c46dad5ea96349e4afb92c890d2 SHA256 878b924558f6dcbf177a2ca5dbc4a4f8fa2410a43a89e003308b34d4eb629a75 +EBUILD ca-certificates-20110502-r4.ebuild 3035 RMD160 1d1467860c7c11b9193b1dd931aa024d4f79d592 SHA1 de5b5a482e635d1aa4ffdafa9707bba4aa44abc7 SHA256 b6a50b36a5c4b77a910d462a9efbd2682e1abf7a5d237c03c88180b812567c8f EBUILD ca-certificates-20110502.ebuild 2120 RMD160 eff412c030efac5272b3109326d483857cb62f67 SHA1 533aa547d6360b0cd5af7b696763cd22d5e33abe SHA256 11ba88945cc66cc74f3e2236f0be28ed5e55162b7f1133929f7c4d6c7081dc05 -MISC ChangeLog 8861 RMD160 8256865037cd9d2b0129bcba4d9e1b3ee2c22738 SHA1 5182feaccd61874a2e1187b166a3c55c63d6fe54 SHA256 b8f82f0aa119211bc37fc855906237572ceff26f13c079d47de11972c8c3333f +MISC ChangeLog 9127 RMD160 07b75ea330135a59cb735aabb6e8d2be58cf28ad SHA1 c374e4f4e94bd58bdf9828ec9a20104f86485745 SHA256 390b4db1c5998504d49b2051eb66bbe11c27293bab72013c666410195d350c64 MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) -iF4EAREIAAYFAk5mvTkACgkQaC/OocHi7JaiIgD/X7GjZqtDfSp4p+gYDOya+a2f -1SZt+QHY1JtjMakDf3QA/2GqxtUDGtk6dyRiyhe5+U6atn8aUcU3WKrLE3TJvTQY -=u09Q +iF4EAREIAAYFAk5mzU4ACgkQaC/OocHi7JaD4wD+NACKY16K+PqdgVZuOlEfNk+n +B7EYwOiT+LI0ZoqezacBAI1s3LSbAppT1P4wlqUiSn0IWlvSxri8jm4NGhwEqbse +=GGXR -----END PGP SIGNATURE----- diff --git a/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild b/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild new file mode 100644 index 000000000000..4dc9b7fd4c64 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild,v 1.1 2011/09/07 01:47:48 vapier Exp $ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz )" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + sed -i -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch b/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch new file mode 100644 index 000000000000..f3fcf5d593d4 --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch @@ -0,0 +1,110 @@ +--- a/usr/sbin/update-ca-certificates ++++ b/usr/sbin/update-ca-certificates +@@ -23,6 +23,8 @@ + + verbose=0 + fresh=0 ++ROOT="" ++RELPATH="" + while [ $# -gt 0 ]; + do + case $1 in +@@ -30,6 +31,11 @@ + verbose=1;; + --fresh|-f) + fresh=1;; ++ --root|-r) ++ ROOT=$(readlink -f "$2") ++ # needed as c_rehash wants to read the files directly ++ RELPATH="../../.." ++ shift;; + --help|-h|*) +- echo "$0: [--verbose] [--fresh]" ++ echo "$0: [--verbose] [--fresh] [--root <dir>]" + exit;; +@@ -37,11 +41,11 @@ + shift + done + +-CERTSCONF=/etc/ca-certificates.conf +-CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates ++CERTSCONF="$ROOT/etc/ca-certificates.conf" ++CERTSDIR="$ROOT/usr/share/ca-certificates" ++LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates" + CERTBUNDLE=ca-certificates.crt +-ETCCERTSDIR=/etc/ssl/certs ++ETCCERTSDIR="$ROOT/etc/ssl/certs" + + cleanup() { + rm -f "$TEMPBUNDLE" +@@ -66,7 +70,7 @@ + -e 's/,/_/g').pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] + then +- ln -sf "$CERT" "$PEM" ++ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM" + echo +$PEM >> "$ADDED" + fi + cat "$CERT" >> "$TEMPBUNDLE" +@@ -78,22 +82,22 @@ + if test -L "$PEM" + then + rm -f "$PEM" +- echo -$PEM >> "$REMOVED" ++ echo "-$PEM" >> "$REMOVED" + fi + } + +-cd $ETCCERTSDIR ++cd "$ETCCERTSDIR" + if [ "$fresh" = 1 ]; then + echo -n "Clearing symlinks in $ETCCERTSDIR..." + find . -type l -print | while read symlink + do +- case $(readlink $symlink) in +- $CERTSDIR*) rm -f $symlink;; ++ case $(readlink "$symlink") in ++ "$CERTSDIR"*) rm -f "$symlink";; + esac + done + find . -type l -print | while read symlink + do +- test -f $symlink || rm -f $symlink ++ test -f "$symlink" || rm -f "$symlink" + done + echo "done." + fi +@@ -102,12 +106,12 @@ + + # Handle certificates that should be removed. This is an explicit act + # by prefixing lines in the configuration files with exclamation marks (!). +-sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt ++sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt + do + remove "$CERTSDIR/$crt" + done + +-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt ++sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt + do + if ! test -f "$CERTSDIR/$crt" + then +@@ -146,14 +150,14 @@ + + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + +-HOOKSDIR=/etc/ca-certificates/update.d ++HOOKSDIR="$ROOT/etc/ca-certificates/update.d" + echo -n "Running hooks in $HOOKSDIR...." + VERBOSE_ARG= + [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook ++eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook + do + ( cat $ADDED +- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. ++ cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?. + done + echo "done." + |