[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date:	Wed, 08 Mar 2017 09:47:32
Message-Id:	`1488966444.2c3dcd55b95a866f095be639409c4575aeb7781d.polynomial-c@gentoo`

1

commit:     2c3dcd55b95a866f095be639409c4575aeb7781d

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Wed Mar  8 09:46:42 2017 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Wed Mar  8 09:47:24 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c3dcd55

7

8

app-misc/ca-certificates: Removed old.

9

10

Package-Manager: Portage-2.3.4, Repoman-2.3.2

11

12

 app-misc/ca-certificates/Manifest                  |   1 -

13

 .../ca-certificates-20161130.3.29.ebuild           | 182 ---------------------

14

 2 files changed, 183 deletions(-)

15

16

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest

17

index 92c9e5a67b2..7d45d55b3ec 100644

18

--- a/app-misc/ca-certificates/Manifest

19

+++ b/app-misc/ca-certificates/Manifest

20

@@ -4,5 +4,4 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672

21

 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b

22

 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151

23

 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22

24

-DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c

25

 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

26

27

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild

28

deleted file mode 100644

29

index a72077ebef8..00000000000

30

--- a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild

31

+++ /dev/null

32

@@ -1,182 +0,0 @@

33

-# Copyright 1999-2017 Gentoo Foundation

34

-# Distributed under the terms of the GNU General Public License v2

35

-

36

-# The Debian ca-certificates package merely takes the CA database as it exists

37

-# in the nss package and repackages it for use by openssl.

38

-#

39

-# The issue with using the compiled debs directly is two fold:

40

-# - they do not update frequently enough for us to rely on them

41

-# - they pull the CA database from nss tip of tree rather than the release

42

-#

43

-# So we take the Debian source tools and combine them with the latest nss

44

-# release to produce (largely) the same end result.  The difference is that

45

-# now we know our cert database is kept in sync with nss and, if need be,

46

-# can be sync with nss tip of tree more frequently to respond to bugs.

47

-

48

-# When triaging bugs from users, here's some handy tips:

49

-# - To see what cert is hitting errors, use openssl:

50

-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME

51

-#   Focus on the errors written to stderr.

52

-#

53

-# - Look at the upstream log as to why certs were added/removed:

54

-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt

55

-#

56

-# - If people want to add/remove certs, tell them to file w/mozilla:

57

-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk

58

-

59

-EAPI="5"

60

-PYTHON_COMPAT=( python{2_7,3_4,3_5} )

61

-

62

-inherit eutils python-any-r1

63

-

64

-if [[ ${PV} == *.* ]] ; then

65

-	# Compile from source ourselves.

66

-	PRECOMPILED=false

67

-	inherit versionator

68

-

69

-	DEB_VER=$(get_version_component_range 1)

70

-	NSS_VER=$(get_version_component_range 2-)

71

-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"

72

-else

73

-	# Debian precompiled version.

74

-	PRECOMPILED=true

75

-	inherit unpacker

76

-fi

77

-

78

-DESCRIPTION="Common CA Certificates PEM files"

79

-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"

80

-NMU_PR=""

81

-if ${PRECOMPILED} ; then

82

-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"

83

-else

84

-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz

85

-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz

86

-		cacert? (

87

-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch

88

-		)"

89

-fi

90

-

91

-LICENSE="MPL-1.1"

92

-SLOT="0"

93

-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

94

-IUSE="insecure_certs"

95

-${PRECOMPILED} || IUSE+=" cacert"

96

-

97

-DEPEND=""

98

-if ${PRECOMPILED} ; then

99

-	DEPEND+=" !<sys-apps/portage-2.1.10.41"

100

-fi

101

-# c_rehash: we run `c_rehash`

102

-# debianutils: we run `run-parts`

103

-RDEPEND="${DEPEND}

104

-	app-misc/c_rehash

105

-	sys-apps/debianutils"

106

-

107

-if ! ${PRECOMPILED}; then

108

-	DEPEND+=" ${PYTHON_DEPS}"

109

-fi

110

-

111

-S=${WORKDIR}

112

-

113

-pkg_setup() {

114

-	# For the conversion to having it in CONFIG_PROTECT_MASK,

115

-	# we need to tell users about it once manually first.

116

-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \

117

-		|| ewarn "You should run update-ca-certificates manually after etc-update"

118

-}

119

-

120

-src_unpack() {

121

-	${PRECOMPILED} || default

122

-

123

-	# Do all the work in the image subdir to avoid conflicting with source

124

-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937

125

-	mkdir -p "image/${EPREFIX}"

126

-	cd "image/${EPREFIX}" || die

127

-

128

-	${PRECOMPILED} && unpacker_src_unpack

129

-}

130

-

131

-src_prepare() {

132

-	cd "image/${EPREFIX}" || die

133

-	if ! ${PRECOMPILED} ; then

134

-		mkdir -p usr/sbin

135

-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die

136

-

137

-		if use cacert ; then

138

-			pushd "${S}"/nss-${NSS_VER} >/dev/null

139

-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch

140

-			popd >/dev/null

141

-		fi

142

-	fi

143

-

144

-	epatch "${FILESDIR}"/${PN}-20150426-root.patch

145

-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')

146

-	sed -i \

147

-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \

148

-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \

149

-		usr/sbin/update-ca-certificates || die

150

-}

151

-

152

-src_compile() {

153

-	cd "image/${EPREFIX}" || die

154

-	if ! ${PRECOMPILED} ; then

155

-		python_setup

156

-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"

157

-		# Grab the database from the nss sources.

158

-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die

159

-		emake -C "${d}"

160

-

161

-		# Now move the files to the same places that the precompiled would.

162

-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla

163

-		if use cacert ; then

164

-			mkdir -p "${c}"/cacert.org

165

-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die

166

-		fi

167

-		mv "${d}"/*.crt "${c}"/mozilla/ || die

168

-	else

169

-		mv usr/share/doc/{ca-certificates,${PF}} || die

170

-	fi

171

-

172

-	if ! use insecure_certs ; then

173

-		# Remove untrusted certs from StartCom and WoSign (bug #598072)

174

-		rm "${c}"/mozilla/StartCom* || die

175

-		rm "${c}"/mozilla/WoSign* || die

176

-	fi

177

-

178

-	(

179

-	echo "# Automatically generated by ${CATEGORY}/${PF}"

180

-	echo "# $(date -u)"

181

-	echo "# Do not edit."

182

-	cd "${c}"

183

-	find * -name '*.crt' | LC_ALL=C sort

184

-	) > etc/ca-certificates.conf

185

-

186

-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die

187

-}

188

-

189

-src_install() {

190

-	cp -pPR image/* "${D}"/ || die

191

-	if ! ${PRECOMPILED} ; then

192

-		cd ca-certificates

193

-		doman sbin/*.8

194

-		dodoc debian/README.* examples/ca-certificates-local/README

195

-	fi

196

-

197

-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates

198

-	doenvd 98ca-certificates

199

-}

200

-

201

-pkg_postinst() {

202

-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then

203

-		# if the user has local certs, we need to rebuild again

204

-		# to include their stuff in the db.

205

-		# However it's too overzealous when the user has custom certs in place.

206

-		# --fresh is to clean up dangling symlinks

207

-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"

208

-	fi

209

-

210

-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then

211

-		ewarn "Removing the following broken symlinks:"

212

-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"

213

-	fi

214

-}

1	commit: 2c3dcd55b95a866f095be639409c4575aeb7781d
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Wed Mar 8 09:46:42 2017 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Wed Mar 8 09:47:24 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c3dcd55
7
8	app-misc/ca-certificates: Removed old.
9
10	Package-Manager: Portage-2.3.4, Repoman-2.3.2
11
12	app-misc/ca-certificates/Manifest \| 1 -
13	.../ca-certificates-20161130.3.29.ebuild \| 182 ---------------------
14	2 files changed, 183 deletions(-)
15
16	diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
17	index 92c9e5a67b2..7d45d55b3ec 100644
18	--- a/app-misc/ca-certificates/Manifest
19	+++ b/app-misc/ca-certificates/Manifest
20	@@ -4,5 +4,4 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672
21	DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
22	DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
23	DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
24	-DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
25	DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700
26
27	diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
28	deleted file mode 100644
29	index a72077ebef8..00000000000
30	--- a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
31	+++ /dev/null
32	@@ -1,182 +0,0 @@
33	-# Copyright 1999-2017 Gentoo Foundation
34	-# Distributed under the terms of the GNU General Public License v2
35	-
36	-# The Debian ca-certificates package merely takes the CA database as it exists
37	-# in the nss package and repackages it for use by openssl.
38	-#
39	-# The issue with using the compiled debs directly is two fold:
40	-# - they do not update frequently enough for us to rely on them
41	-# - they pull the CA database from nss tip of tree rather than the release
42	-#
43	-# So we take the Debian source tools and combine them with the latest nss
44	-# release to produce (largely) the same end result. The difference is that
45	-# now we know our cert database is kept in sync with nss and, if need be,
46	-# can be sync with nss tip of tree more frequently to respond to bugs.
47	-
48	-# When triaging bugs from users, here's some handy tips:
49	-# - To see what cert is hitting errors, use openssl:
50	-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
51	-# Focus on the errors written to stderr.
52	-#
53	-# - Look at the upstream log as to why certs were added/removed:
54	-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
55	-#
56	-# - If people want to add/remove certs, tell them to file w/mozilla:
57	-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
58	-
59	-EAPI="5"
60	-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
61	-
62	-inherit eutils python-any-r1
63	-
64	-if [[ ${PV} == . ]] ; then
65	- # Compile from source ourselves.
66	- PRECOMPILED=false
67	- inherit versionator
68	-
69	- DEB_VER=$(get_version_component_range 1)
70	- NSS_VER=$(get_version_component_range 2-)
71	- RTM_NAME="NSS_${NSS_VER//./_}_RTM"
72	-else
73	- # Debian precompiled version.
74	- PRECOMPILED=true
75	- inherit unpacker
76	-fi
77	-
78	-DESCRIPTION="Common CA Certificates PEM files"
79	-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
80	-NMU_PR=""
81	-if ${PRECOMPILED} ; then
82	- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
83	-else
84	- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
85	- https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
86	- cacert? (
87	- https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
88	- )"
89	-fi
90	-
91	-LICENSE="MPL-1.1"
92	-SLOT="0"
93	-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
94	-IUSE="insecure_certs"
95	-${PRECOMPILED} \|\| IUSE+=" cacert"
96	-
97	-DEPEND=""
98	-if ${PRECOMPILED} ; then
99	- DEPEND+=" !<sys-apps/portage-2.1.10.41"
100	-fi
101	-# c_rehash: we run `c_rehash`
102	-# debianutils: we run `run-parts`
103	-RDEPEND="${DEPEND}
104	- app-misc/c_rehash
105	- sys-apps/debianutils"
106	-
107	-if ! ${PRECOMPILED}; then
108	- DEPEND+=" ${PYTHON_DEPS}"
109	-fi
110	-
111	-S=${WORKDIR}
112	-
113	-pkg_setup() {
114	- # For the conversion to having it in CONFIG_PROTECT_MASK,
115	- # we need to tell users about it once manually first.
116	- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
117	- \|\| ewarn "You should run update-ca-certificates manually after etc-update"
118	-}
119	-
120	-src_unpack() {
121	- ${PRECOMPILED} \|\| default
122	-
123	- # Do all the work in the image subdir to avoid conflicting with source
124	- # dirs in $WORKDIR. Need to perform everything in the offset #381937
125	- mkdir -p "image/${EPREFIX}"
126	- cd "image/${EPREFIX}" \|\| die
127	-
128	- ${PRECOMPILED} && unpacker_src_unpack
129	-}
130	-
131	-src_prepare() {
132	- cd "image/${EPREFIX}" \|\| die
133	- if ! ${PRECOMPILED} ; then
134	- mkdir -p usr/sbin
135	- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ \|\| die
136	-
137	- if use cacert ; then
138	- pushd "${S}"/nss-${NSS_VER} >/dev/null
139	- epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
140	- popd >/dev/null
141	- fi
142	- fi
143	-
144	- epatch "${FILESDIR}"/${PN}-20150426-root.patch
145	- local relp=$(echo "${EPREFIX}" \| sed -e 's:[^/]\+:..:g')
146	- sed -i \
147	- -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
148	- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
149	- usr/sbin/update-ca-certificates \|\| die
150	-}
151	-
152	-src_compile() {
153	- cd "image/${EPREFIX}" \|\| die
154	- if ! ${PRECOMPILED} ; then
155	- python_setup
156	- local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
157	- # Grab the database from the nss sources.
158	- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" \|\| die
159	- emake -C "${d}"
160	-
161	- # Now move the files to the same places that the precompiled would.
162	- mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
163	- if use cacert ; then
164	- mkdir -p "${c}"/cacert.org
165	- mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt \|\| die
166	- fi
167	- mv "${d}"/*.crt "${c}"/mozilla/ \|\| die
168	- else
169	- mv usr/share/doc/{ca-certificates,${PF}} \|\| die
170	- fi
171	-
172	- if ! use insecure_certs ; then
173	- # Remove untrusted certs from StartCom and WoSign (bug #598072)
174	- rm "${c}"/mozilla/StartCom* \|\| die
175	- rm "${c}"/mozilla/WoSign* \|\| die
176	- fi
177	-
178	- (
179	- echo "# Automatically generated by ${CATEGORY}/${PF}"
180	- echo "# $(date -u)"
181	- echo "# Do not edit."
182	- cd "${c}"
183	- find * -name '*.crt' \| LC_ALL=C sort
184	- ) > etc/ca-certificates.conf
185	-
186	- sh usr/sbin/update-ca-certificates --root "${S}/image" \|\| die
187	-}
188	-
189	-src_install() {
190	- cp -pPR image/* "${D}"/ \|\| die
191	- if ! ${PRECOMPILED} ; then
192	- cd ca-certificates
193	- doman sbin/*.8
194	- dodoc debian/README.* examples/ca-certificates-local/README
195	- fi
196	-
197	- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
198	- doenvd 98ca-certificates
199	-}
200	-
201	-pkg_postinst() {
202	- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
203	- # if the user has local certs, we need to rebuild again
204	- # to include their stuff in the db.
205	- # However it's too overzealous when the user has custom certs in place.
206	- # --fresh is to clean up dangling symlinks
207	- "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
208	- fi
209	-
210	- if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
211	- ewarn "Removing the following broken symlinks:"
212	- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
213	- fi
214	-}

Gentoo Archives: gentoo-commits