mirror of
git://git.yoctoproject.org/poky.git
synced 2025-07-19 21:09:03 +02:00
ca-certificates: submit sysroot patch upstream, drop default-sysroot.patch
ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch was using a non-standard environment variable, and was replaced with a patch that adds a command line option (and then this was submitted upstream). ca-certificates recipe was tweaked accordingly, and nothing else in core or meta-oe is using update-ca-certificates. Drop default-sysroot.patch as the use case is unclear: sysroot is explicitly specified in all known invocations of update-ca-certificate, and if there's a place where it isn't, then update-ca-certificates will error out trying to write to /etc, and should be fixed to explicitly specify the sysroot. (From OE-Core rev: 90d9f0ba674d4fe8e9291f0513c13dff3775c545) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Alexander Kanavin
Richard Purdie
parent
19366bd144
commit
183e7414d1
|
|
@ -0,0 +1,36 @@
|
|||
From d6bb773745c2e95fd1a414e916fbed64e0d8df66 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Kanavin <alex@linutronix.de>
|
||||
Date: Mon, 31 Mar 2025 17:42:25 +0200
|
||||
Subject: [PATCH] sbin/update-ca-certificates: add a --sysroot option
|
||||
|
||||
This allows using the script in cross-compilation environments
|
||||
where the script needs to prefix the sysroot to every other
|
||||
directory it operates on. There are individual options
|
||||
to set those directories, but using a common prefix option
|
||||
instead is a lot less clutter and more robust.
|
||||
|
||||
Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/13]
|
||||
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
||||
---
|
||||
sbin/update-ca-certificates | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index 4bb77a0..1e737b9 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -59,6 +59,14 @@ do
|
||||
--hooksdir)
|
||||
shift
|
||||
HOOKSDIR="$1";;
|
||||
+ --sysroot)
|
||||
+ shift
|
||||
+ SYSROOT="$1"
|
||||
+ CERTSCONF="$1/${CERTSCONF}"
|
||||
+ CERTSDIR="$1/${CERTSDIR}"
|
||||
+ LOCALCERTSDIR="$1/${LOCALCERTSDIR}"
|
||||
+ ETCCERTSDIR="$1/${ETCCERTSDIR}"
|
||||
+ HOOKSDIR="$1/${HOOKSDIR}";;
|
||||
--help|-h|*)
|
||||
echo "$0: [--verbose] [--fresh]"
|
||||
exit;;
|
||||
|
|
@ -1,46 +0,0 @@
|
|||
From cdb53438bae194c1281c31374a901ad7ee460408 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Oberritter <obi@opendreambox.org>
|
||||
Date: Tue, 19 Mar 2013 17:14:33 +0100
|
||||
Subject: [PATCH] update-ca-certificates: use $SYSROOT
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
||||
---
|
||||
sbin/update-ca-certificates | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index 5a0a1da..36cdd9a 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -24,12 +24,12 @@
|
||||
verbose=0
|
||||
fresh=0
|
||||
default=0
|
||||
-CERTSCONF=/etc/ca-certificates.conf
|
||||
-CERTSDIR=/usr/share/ca-certificates
|
||||
-LOCALCERTSDIR=/usr/local/share/ca-certificates
|
||||
+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
|
||||
+CERTSDIR=$SYSROOT/usr/share/ca-certificates
|
||||
+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
|
||||
CERTBUNDLE=ca-certificates.crt
|
||||
-ETCCERTSDIR=/etc/ssl/certs
|
||||
-HOOKSDIR=/etc/ca-certificates/update.d
|
||||
+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
|
||||
+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
|
||||
|
||||
while [ $# -gt 0 ];
|
||||
do
|
||||
@@ -92,9 +92,9 @@ add() {
|
||||
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
|
||||
-e 's/[()]/=/g' \
|
||||
-e 's/,/_/g').pem"
|
||||
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
|
||||
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
||||
then
|
||||
- ln -sf "$CERT" "$PEM"
|
||||
+ ln -sf "${CERT##$SYSROOT}" "$PEM"
|
||||
echo "+$PEM" >> "$ADDED"
|
||||
fi
|
||||
# Add trailing newline to certificate, if it is missing (#635570)
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 38d47c53749c6f16d5d7993410b256116e0ee0b8 Mon Sep 17 00:00:00 2001
|
||||
From a69933f96a8675369de702bdb55e57dc21f65e7f Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
|
||||
Date: Wed, 28 Mar 2018 16:45:05 +0100
|
||||
Subject: [PATCH] update-ca-certificates: use relative symlinks from
|
||||
|
|
@ -45,26 +45,26 @@ Signed-off-by: André Draszik <andre.draszik@jci.com>
|
|||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index f7d0dbf..97a589c 100755
|
||||
index 1e737b9..8510082 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates
|
||||
LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
|
||||
@@ -30,6 +30,7 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
|
||||
CERTBUNDLE=ca-certificates.crt
|
||||
ETCCERTSDIR=$SYSROOT/etc/ssl/certs
|
||||
ETCCERTSDIR=/etc/ssl/certs
|
||||
HOOKSDIR=/etc/ca-certificates/update.d
|
||||
+FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system
|
||||
HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
|
||||
|
||||
while [ $# -gt 0 ];
|
||||
@@ -125,9 +126,10 @@ add() {
|
||||
do
|
||||
@@ -100,9 +101,10 @@ add() {
|
||||
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
|
||||
-e 's/[()]/=/g' \
|
||||
-e 's/,/_/g').pem"
|
||||
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
||||
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
|
||||
+ DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )"
|
||||
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
|
||||
then
|
||||
- ln -sf "${CERT##$SYSROOT}" "$PEM"
|
||||
- ln -sf "$CERT" "$PEM"
|
||||
+ ln -sf "${DST}" "$PEM"
|
||||
echo "+$PEM" >> "$ADDED"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,58 +0,0 @@
|
|||
From 50aadd3eb1c4be43d3decdeb60cede2de5a687be Mon Sep 17 00:00:00 2001
|
||||
From: Christopher Larson <chris_larson@mentor.com>
|
||||
Date: Fri, 23 Aug 2013 12:26:14 -0700
|
||||
Subject: [PATCH] ca-certificates: add recipe (version 20130610)
|
||||
|
||||
Upstream-Status: Pending
|
||||
|
||||
update-ca-certificates: find SYSROOT relative to its own location
|
||||
|
||||
This makes the script relocatable.
|
||||
---
|
||||
sbin/update-ca-certificates | 33 +++++++++++++++++++++++++++++++++
|
||||
1 file changed, 33 insertions(+)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index 2d3e1fe..f7d0dbf 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -66,6 +66,39 @@ do
|
||||
shift
|
||||
done
|
||||
|
||||
+if [ -z "$SYSROOT" ]; then
|
||||
+ local_which () {
|
||||
+ if [ $# -lt 1 ]; then
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
+ (
|
||||
+ IFS=:
|
||||
+ for entry in $PATH; do
|
||||
+ if [ -x "$entry/$1" ]; then
|
||||
+ echo "$entry/$1"
|
||||
+ exit 0
|
||||
+ fi
|
||||
+ done
|
||||
+ exit 1
|
||||
+ )
|
||||
+ }
|
||||
+
|
||||
+ case "$0" in
|
||||
+ */*)
|
||||
+ sbindir=$(cd ${0%/*} && pwd)
|
||||
+ ;;
|
||||
+ *)
|
||||
+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
|
||||
+ ;;
|
||||
+ esac
|
||||
+ prefix=${sbindir%/*}
|
||||
+ SYSROOT=${prefix%/*}
|
||||
+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
|
||||
+ SYSROOT=
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
if [ ! -s "$CERTSCONF" ]
|
||||
then
|
||||
fresh=1
|
||||
|
|
@ -16,9 +16,8 @@ PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
|
|||
|
||||
SRC_URI[sha256sum] = "dd8286d0a9dd35c756fea5f1df3fed1510fb891f376903891b003cd9b1ad7e03"
|
||||
SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
|
||||
file://0002-update-ca-certificates-use-SYSROOT.patch \
|
||||
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
|
||||
file://default-sysroot.patch \
|
||||
file://0002-sbin-update-ca-certificates-add-a-sysroot-option.patch \
|
||||
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
|
||||
file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
|
||||
"
|
||||
|
|
@ -62,7 +61,7 @@ do_install:append:class-target () {
|
|||
}
|
||||
|
||||
pkg_postinst:${PN}:class-target () {
|
||||
SYSROOT="$D" $D${sbindir}/update-ca-certificates
|
||||
$D${sbindir}/update-ca-certificates --sysroot $D
|
||||
}
|
||||
|
||||
CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
|
||||
|
|
@ -71,11 +70,11 @@ CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
|
|||
# we just run update-ca-certificate from do_install() for nativesdk.
|
||||
CONFFILES:${PN}:append:class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
|
||||
do_install:append:class-nativesdk () {
|
||||
SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
|
||||
${D}${sbindir}/update-ca-certificates --sysroot ${D}${SDKPATHNATIVE}
|
||||
}
|
||||
|
||||
do_install:append:class-native () {
|
||||
SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
|
||||
${D}${sbindir}/update-ca-certificates --sysroot ${D}${base_prefix}
|
||||
}
|
||||
|
||||
RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user