[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date:	Thu, 04 Nov 2021 17:53:21
Message-Id:	`1636048385.40cb637fa202247ede1367c368f558e7a9d00211.polynomial-c@gentoo`

1

commit:     40cb637fa202247ede1367c368f558e7a9d00211

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Thu Nov  4 17:49:24 2021 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Thu Nov  4 17:53:05 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cb637f

7

8

app-misc/ca-certificates: Bump to version 20211016.3.72

9

10

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

11

12

 app-misc/ca-certificates/Manifest                  |   2 +

13

 .../ca-certificates-20211016.3.72.ebuild           | 189 +++++++++++++++++++++

14

 2 files changed, 191 insertions(+)

15

16

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest

17

index fbafdb1b077..61dca50578d 100644

18

--- a/app-misc/ca-certificates/Manifest

19

+++ b/app-misc/ca-certificates/Manifest

20

@@ -1,5 +1,7 @@

21

 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373

22

+DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1

23

 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467

24

 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82

25

 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2

26

+DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb

27

 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

28

29

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild

30

new file mode 100644

31

index 00000000000..589797be280

32

--- /dev/null

33

+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild

34

@@ -0,0 +1,189 @@

35

+# Copyright 1999-2021 Gentoo Authors

36

+# Distributed under the terms of the GNU General Public License v2

37

+

38

+# The Debian ca-certificates package merely takes the CA database as it exists

39

+# in the nss package and repackages it for use by openssl.

40

+#

41

+# The issue with using the compiled debs directly is two fold:

42

+# - they do not update frequently enough for us to rely on them

43

+# - they pull the CA database from nss tip of tree rather than the release

44

+#

45

+# So we take the Debian source tools and combine them with the latest nss

46

+# release to produce (largely) the same end result.  The difference is that

47

+# now we know our cert database is kept in sync with nss and, if need be,

48

+# can be sync with nss tip of tree more frequently to respond to bugs.

49

+

50

+# When triaging user reports, refer to our wiki for tips:

51

+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues

52

+

53

+EAPI=7

54

+

55

+PYTHON_COMPAT=( python3_{7..10} )

56

+

57

+inherit python-any-r1

58

+

59

+if [[ ${PV} == *.* ]] ; then

60

+	# Compile from source ourselves.

61

+	PRECOMPILED=false

62

+

63

+	DEB_VER=$(ver_cut 1)

64

+	NSS_VER=$(ver_cut 2-)

65

+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"

66

+else

67

+	# Debian precompiled version.

68

+	PRECOMPILED=true

69

+	inherit unpacker

70

+fi

71

+

72

+DESCRIPTION="Common CA Certificates PEM files"

73

+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"

74

+NMU_PR=""

75

+if ${PRECOMPILED} ; then

76

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"

77

+else

78

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz

79

+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz

80

+		cacert? (

81

+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch

82

+		)"

83

+fi

84

+

85

+LICENSE="MPL-1.1"

86

+SLOT="0"

87

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

88

+IUSE=""

89

+${PRECOMPILED} || IUSE+=" cacert"

90

+

91

+# c_rehash: we run `c_rehash`

92

+# debianutils: we run `run-parts`

93

+CDEPEND="app-misc/c_rehash

94

+	sys-apps/debianutils"

95

+

96

+BDEPEND="${CDEPEND}"

97

+if ! ${PRECOMPILED} ; then

98

+	BDEPEND+=" ${PYTHON_DEPS}"

99

+fi

100

+

101

+DEPEND=""

102

+if ${PRECOMPILED} ; then

103

+	DEPEND+=" !<sys-apps/portage-2.1.10.41"

104

+fi

105

+

106

+RDEPEND="${CDEPEND}

107

+	${DEPEND}"

108

+

109

+S=${WORKDIR}

110

+

111

+pkg_setup() {

112

+	# For the conversion to having it in CONFIG_PROTECT_MASK,

113

+	# we need to tell users about it once manually first.

114

+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \

115

+		|| ewarn "You should run update-ca-certificates manually after etc-update"

116

+}

117

+

118

+src_unpack() {

119

+	if ! ${PRECOMPILED} ; then

120

+		default

121

+		# Initial 20200601 deb release had bad naming inside the debian source tarball.

122

+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"

123

+		DEB_BAD_S="${WORKDIR}/work"

124

+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then

125

+			mv "${DEB_BAD_S}" "${DEB_S}"

126

+		fi

127

+	fi

128

+

129

+	# Do all the work in the image subdir to avoid conflicting with source

130

+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937

131

+	mkdir -p "image/${EPREFIX}" || die

132

+	cd "image/${EPREFIX}" || die

133

+

134

+	${PRECOMPILED} && unpacker_src_unpack

135

+}

136

+

137

+src_prepare() {

138

+	cd "image/${EPREFIX}" || die

139

+	if ! ${PRECOMPILED} ; then

140

+		mkdir -p usr/sbin || die

141

+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \

142

+			usr/sbin/ || die

143

+

144

+		if use cacert ; then

145

+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die

146

+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch

147

+			popd >/dev/null || die

148

+		fi

149

+	fi

150

+

151

+	default

152

+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch

153

+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')

154

+	sed -i \

155

+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \

156

+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \

157

+		-e 's/openssl rehash/c_rehash/' \

158

+		usr/sbin/update-ca-certificates || die

159

+}

160

+

161

+src_compile() {

162

+	cd "image/${EPREFIX}" || die

163

+	if ! ${PRECOMPILED} ; then

164

+		python_setup

165

+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"

166

+		# Grab the database from the nss sources.

167

+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die

168

+		emake -C "${d}"

169

+

170

+		# Now move the files to the same places that the precompiled would.

171

+		mkdir -p etc/ssl/certs \

172

+			etc/ca-certificates/update.d \

173

+			"${c}"/mozilla \

174

+			|| die

175

+		if use cacert ; then

176

+			mkdir -p "${c}"/cacert.org || die

177

+			mv "${d}"/CA_Cert_Signing_Authority.crt \

178

+				"${c}"/cacert.org/cacert.org_class1.crt || die

179

+			mv "${d}"/CAcert_Class_3_Root.crt \

180

+				"${c}"/cacert.org/cacert.org_class3.crt || die

181

+		fi

182

+		mv "${d}"/*.crt "${c}"/mozilla/ || die

183

+	else

184

+		mv usr/share/doc/{ca-certificates,${PF}} || die

185

+	fi

186

+

187

+	(

188

+		echo "# Automatically generated by ${CATEGORY}/${PF}"

189

+		echo "# $(date -u)"

190

+		echo "# Do not edit."

191

+		cd "${c}" || die

192

+		find * -name '*.crt' | LC_ALL=C sort

193

+	) > etc/ca-certificates.conf

194

+

195

+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die

196

+}

197

+

198

+src_install() {

199

+	cp -pPR image/* "${D}"/ || die

200

+	if ! ${PRECOMPILED} ; then

201

+		cd ${PN}-${DEB_VER} || die

202

+		doman sbin/*.8

203

+		dodoc debian/README.* examples/ca-certificates-local/README

204

+	fi

205

+

206

+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates

207

+	doenvd 98ca-certificates

208

+}

209

+

210

+pkg_postinst() {

211

+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then

212

+		# if the user has local certs, we need to rebuild again

213

+		# to include their stuff in the db.

214

+		# However it's too overzealous when the user has custom certs in place.

215

+		# --fresh is to clean up dangling symlinks

216

+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"

217

+	fi

218

+

219

+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then

220

+		ewarn "Removing the following broken symlinks:"

221

+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"

222

+	fi

223

+}

1	commit: 40cb637fa202247ede1367c368f558e7a9d00211
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Thu Nov 4 17:49:24 2021 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Thu Nov 4 17:53:05 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cb637f
7
8	app-misc/ca-certificates: Bump to version 20211016.3.72
9
10	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
11
12	app-misc/ca-certificates/Manifest \| 2 +
13	.../ca-certificates-20211016.3.72.ebuild \| 189 +++++++++++++++++++++
14	2 files changed, 191 insertions(+)
15
16	diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
17	index fbafdb1b077..61dca50578d 100644
18	--- a/app-misc/ca-certificates/Manifest
19	+++ b/app-misc/ca-certificates/Manifest
20	@@ -1,5 +1,7 @@
21	DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
22	+DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
23	DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
24	DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
25	DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
26	+DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
27	DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
28
29	diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
30	new file mode 100644
31	index 00000000000..589797be280
32	--- /dev/null
33	+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
34	@@ -0,0 +1,189 @@
35	+# Copyright 1999-2021 Gentoo Authors
36	+# Distributed under the terms of the GNU General Public License v2
37	+
38	+# The Debian ca-certificates package merely takes the CA database as it exists
39	+# in the nss package and repackages it for use by openssl.
40	+#
41	+# The issue with using the compiled debs directly is two fold:
42	+# - they do not update frequently enough for us to rely on them
43	+# - they pull the CA database from nss tip of tree rather than the release
44	+#
45	+# So we take the Debian source tools and combine them with the latest nss
46	+# release to produce (largely) the same end result. The difference is that
47	+# now we know our cert database is kept in sync with nss and, if need be,
48	+# can be sync with nss tip of tree more frequently to respond to bugs.
49	+
50	+# When triaging user reports, refer to our wiki for tips:
51	+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
52	+
53	+EAPI=7
54	+
55	+PYTHON_COMPAT=( python3_{7..10} )
56	+
57	+inherit python-any-r1
58	+
59	+if [[ ${PV} == . ]] ; then
60	+ # Compile from source ourselves.
61	+ PRECOMPILED=false
62	+
63	+ DEB_VER=$(ver_cut 1)
64	+ NSS_VER=$(ver_cut 2-)
65	+ RTM_NAME="NSS_${NSS_VER//./_}_RTM"
66	+else
67	+ # Debian precompiled version.
68	+ PRECOMPILED=true
69	+ inherit unpacker
70	+fi
71	+
72	+DESCRIPTION="Common CA Certificates PEM files"
73	+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
74	+NMU_PR=""
75	+if ${PRECOMPILED} ; then
76	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
77	+else
78	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
79	+ https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
80	+ cacert? (
81	+ https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
82	+ )"
83	+fi
84	+
85	+LICENSE="MPL-1.1"
86	+SLOT="0"
87	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
88	+IUSE=""
89	+${PRECOMPILED} \|\| IUSE+=" cacert"
90	+
91	+# c_rehash: we run `c_rehash`
92	+# debianutils: we run `run-parts`
93	+CDEPEND="app-misc/c_rehash
94	+ sys-apps/debianutils"
95	+
96	+BDEPEND="${CDEPEND}"
97	+if ! ${PRECOMPILED} ; then
98	+ BDEPEND+=" ${PYTHON_DEPS}"
99	+fi
100	+
101	+DEPEND=""
102	+if ${PRECOMPILED} ; then
103	+ DEPEND+=" !<sys-apps/portage-2.1.10.41"
104	+fi
105	+
106	+RDEPEND="${CDEPEND}
107	+ ${DEPEND}"
108	+
109	+S=${WORKDIR}
110	+
111	+pkg_setup() {
112	+ # For the conversion to having it in CONFIG_PROTECT_MASK,
113	+ # we need to tell users about it once manually first.
114	+ [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
115	+ \|\| ewarn "You should run update-ca-certificates manually after etc-update"
116	+}
117	+
118	+src_unpack() {
119	+ if ! ${PRECOMPILED} ; then
120	+ default
121	+ # Initial 20200601 deb release had bad naming inside the debian source tarball.
122	+ DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
123	+ DEB_BAD_S="${WORKDIR}/work"
124	+ if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
125	+ mv "${DEB_BAD_S}" "${DEB_S}"
126	+ fi
127	+ fi
128	+
129	+ # Do all the work in the image subdir to avoid conflicting with source
130	+ # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
131	+ mkdir -p "image/${EPREFIX}" \|\| die
132	+ cd "image/${EPREFIX}" \|\| die
133	+
134	+ ${PRECOMPILED} && unpacker_src_unpack
135	+}
136	+
137	+src_prepare() {
138	+ cd "image/${EPREFIX}" \|\| die
139	+ if ! ${PRECOMPILED} ; then
140	+ mkdir -p usr/sbin \|\| die
141	+ cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
142	+ usr/sbin/ \|\| die
143	+
144	+ if use cacert ; then
145	+ pushd "${S}"/nss-${NSS_VER} >/dev/null \|\| die
146	+ eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
147	+ popd >/dev/null \|\| die
148	+ fi
149	+ fi
150	+
151	+ default
152	+ eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
153	+ local relp=$(echo "${EPREFIX}" \| sed -e 's:[^/]\+:..:g')
154	+ sed -i \
155	+ -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
156	+ -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
157	+ -e 's/openssl rehash/c_rehash/' \
158	+ usr/sbin/update-ca-certificates \|\| die
159	+}
160	+
161	+src_compile() {
162	+ cd "image/${EPREFIX}" \|\| die
163	+ if ! ${PRECOMPILED} ; then
164	+ python_setup
165	+ local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
166	+ # Grab the database from the nss sources.
167	+ cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" \|\| die
168	+ emake -C "${d}"
169	+
170	+ # Now move the files to the same places that the precompiled would.
171	+ mkdir -p etc/ssl/certs \
172	+ etc/ca-certificates/update.d \
173	+ "${c}"/mozilla \
174	+ \|\| die
175	+ if use cacert ; then
176	+ mkdir -p "${c}"/cacert.org \|\| die
177	+ mv "${d}"/CA_Cert_Signing_Authority.crt \
178	+ "${c}"/cacert.org/cacert.org_class1.crt \|\| die
179	+ mv "${d}"/CAcert_Class_3_Root.crt \
180	+ "${c}"/cacert.org/cacert.org_class3.crt \|\| die
181	+ fi
182	+ mv "${d}"/*.crt "${c}"/mozilla/ \|\| die
183	+ else
184	+ mv usr/share/doc/{ca-certificates,${PF}} \|\| die
185	+ fi
186	+
187	+ (
188	+ echo "# Automatically generated by ${CATEGORY}/${PF}"
189	+ echo "# $(date -u)"
190	+ echo "# Do not edit."
191	+ cd "${c}" \|\| die
192	+ find * -name '*.crt' \| LC_ALL=C sort
193	+ ) > etc/ca-certificates.conf
194	+
195	+ sh usr/sbin/update-ca-certificates --root "${S}/image" \|\| die
196	+}
197	+
198	+src_install() {
199	+ cp -pPR image/* "${D}"/ \|\| die
200	+ if ! ${PRECOMPILED} ; then
201	+ cd ${PN}-${DEB_VER} \|\| die
202	+ doman sbin/*.8
203	+ dodoc debian/README.* examples/ca-certificates-local/README
204	+ fi
205	+
206	+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
207	+ doenvd 98ca-certificates
208	+}
209	+
210	+pkg_postinst() {
211	+ if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
212	+ # if the user has local certs, we need to rebuild again
213	+ # to include their stuff in the db.
214	+ # However it's too overzealous when the user has custom certs in place.
215	+ # --fresh is to clean up dangling symlinks
216	+ "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
217	+ fi
218	+
219	+ if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
220	+ ewarn "Removing the following broken symlinks:"
221	+ ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
222	+ fi
223	+}

Gentoo Archives: gentoo-commits