[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date:	Sun, 03 Apr 2022 01:48:13
Message-Id:	`1648950472.765d9db5019129169b505cdd62cf7f132309c018.sam@gentoo`

1

commit:     765d9db5019129169b505cdd62cf7f132309c018

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Sun Apr  3 01:21:48 2022 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Sun Apr  3 01:47:52 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=765d9db5

7

8

app-misc/ca-certificates: add 20211016.3.77

9

10

Signed-off-by: Sam James <sam <AT> gentoo.org>

11

12

 app-misc/ca-certificates/Manifest                  |   1 +

13

 .../ca-certificates-20211016.3.77.ebuild           | 198 +++++++++++++++++++++

14

 2 files changed, 199 insertions(+)

15

16

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest

17

index 6a311f5ee131..5413a3177ae8 100644

18

--- a/app-misc/ca-certificates/Manifest

19

+++ b/app-misc/ca-certificates/Manifest

20

@@ -4,4 +4,5 @@ DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d

21

 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2

22

 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb

23

 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54

24

+DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e

25

 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

26

27

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild

28

new file mode 100644

29

index 000000000000..864b59789c1f

30

--- /dev/null

31

+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild

32

@@ -0,0 +1,198 @@

33

+# Copyright 1999-2022 Gentoo Authors

34

+# Distributed under the terms of the GNU General Public License v2

35

+

36

+# The Debian ca-certificates package merely takes the CA database as it exists

37

+# in the nss package and repackages it for use by openssl.

38

+#

39

+# The issue with using the compiled debs directly is two fold:

40

+# - they do not update frequently enough for us to rely on them

41

+# - they pull the CA database from nss tip of tree rather than the release

42

+#

43

+# So we take the Debian source tools and combine them with the latest nss

44

+# release to produce (largely) the same end result.  The difference is that

45

+# now we know our cert database is kept in sync with nss and, if need be,

46

+# can be sync with nss tip of tree more frequently to respond to bugs.

47

+

48

+# When triaging user reports, refer to our wiki for tips:

49

+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues

50

+

51

+EAPI=7

52

+

53

+PYTHON_COMPAT=( python3_{7..10} )

54

+

55

+inherit python-any-r1

56

+

57

+if [[ ${PV} == *.* ]] ; then

58

+	# Compile from source ourselves.

59

+	PRECOMPILED=false

60

+

61

+	DEB_VER=$(ver_cut 1)

62

+	NSS_VER=$(ver_cut 2-)

63

+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"

64

+else

65

+	# Debian precompiled version.

66

+	PRECOMPILED=true

67

+	inherit unpacker

68

+fi

69

+

70

+DESCRIPTION="Common CA Certificates PEM files"

71

+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"

72

+NMU_PR=""

73

+if ${PRECOMPILED} ; then

74

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"

75

+else

76

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz

77

+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz

78

+		cacert? (

79

+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch

80

+		)"

81

+fi

82

+

83

+LICENSE="MPL-1.1"

84

+SLOT="0"

85

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

86

+IUSE=""

87

+${PRECOMPILED} || IUSE+=" cacert"

88

+

89

+# c_rehash: we run `c_rehash`

90

+# debianutils: we run `run-parts`

91

+CDEPEND="app-misc/c_rehash

92

+	sys-apps/debianutils"

93

+

94

+BDEPEND="${CDEPEND}"

95

+if ! ${PRECOMPILED} ; then

96

+	BDEPEND+=" ${PYTHON_DEPS}"

97

+fi

98

+

99

+DEPEND=""

100

+if ${PRECOMPILED} ; then

101

+	DEPEND+=" !<sys-apps/portage-2.1.10.41"

102

+fi

103

+

104

+RDEPEND="${CDEPEND}

105

+	${DEPEND}"

106

+

107

+S=${WORKDIR}

108

+

109

+pkg_setup() {

110

+	# For the conversion to having it in CONFIG_PROTECT_MASK,

111

+	# we need to tell users about it once manually first.

112

+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \

113

+		|| ewarn "You should run update-ca-certificates manually after etc-update"

114

+

115

+	if ! ${PRECOMPILED} ; then

116

+		python-any-r1_pkg_setup

117

+	fi

118

+}

119

+

120

+src_unpack() {

121

+	if ! ${PRECOMPILED} ; then

122

+		default

123

+		# Initial 20200601 deb release had bad naming inside the debian source tarball.

124

+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"

125

+		DEB_BAD_S="${WORKDIR}/work"

126

+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then

127

+			mv "${DEB_BAD_S}" "${DEB_S}"

128

+		fi

129

+	fi

130

+

131

+	# Do all the work in the image subdir to avoid conflicting with source

132

+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937

133

+	mkdir -p "image/${EPREFIX}" || die

134

+	cd "image/${EPREFIX}" || die

135

+

136

+	${PRECOMPILED} && unpacker_src_unpack

137

+}

138

+

139

+src_prepare() {

140

+	cd "image/${EPREFIX}" || die

141

+	if ! ${PRECOMPILED} ; then

142

+		mkdir -p usr/sbin || die

143

+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \

144

+			usr/sbin/ || die

145

+

146

+		if use cacert ; then

147

+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die

148

+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch

149

+			popd >/dev/null || die

150

+		fi

151

+	fi

152

+

153

+	default

154

+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch

155

+

156

+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die

157

+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch

158

+	popd >/dev/null || die

159

+

160

+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')

161

+	sed -i \

162

+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \

163

+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \

164

+		-e 's/openssl rehash/c_rehash/' \

165

+		usr/sbin/update-ca-certificates || die

166

+}

167

+

168

+src_compile() {

169

+	cd "image/${EPREFIX}" || die

170

+	if ! ${PRECOMPILED} ; then

171

+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"

172

+

173

+		# Grab the database from the nss sources.

174

+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die

175

+		emake -C "${d}"

176

+

177

+		# Now move the files to the same places that the precompiled would.

178

+		mkdir -p etc/ssl/certs \

179

+			etc/ca-certificates/update.d \

180

+			"${c}"/mozilla \

181

+			|| die

182

+		if use cacert ; then

183

+			mkdir -p "${c}"/cacert.org || die

184

+			mv "${d}"/CA_Cert_Signing_Authority.crt \

185

+				"${c}"/cacert.org/cacert.org_class1.crt || die

186

+			mv "${d}"/CAcert_Class_3_Root.crt \

187

+				"${c}"/cacert.org/cacert.org_class3.crt || die

188

+		fi

189

+		mv "${d}"/*.crt "${c}"/mozilla/ || die

190

+	else

191

+		mv usr/share/doc/{ca-certificates,${PF}} || die

192

+	fi

193

+

194

+	(

195

+		echo "# Automatically generated by ${CATEGORY}/${PF}"

196

+		echo "# $(date -u)"

197

+		echo "# Do not edit."

198

+		cd "${c}" || die

199

+		find * -name '*.crt' | LC_ALL=C sort

200

+	) > etc/ca-certificates.conf

201

+

202

+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die

203

+}

204

+

205

+src_install() {

206

+	cp -pPR image/* "${D}"/ || die

207

+	if ! ${PRECOMPILED} ; then

208

+		cd ${PN}-${DEB_VER} || die

209

+		doman sbin/*.8

210

+		dodoc debian/README.* examples/ca-certificates-local/README

211

+	fi

212

+

213

+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates

214

+	doenvd 98ca-certificates

215

+}

216

+

217

+pkg_postinst() {

218

+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then

219

+		# if the user has local certs, we need to rebuild again

220

+		# to include their stuff in the db.

221

+		# However it's too overzealous when the user has custom certs in place.

222

+		# --fresh is to clean up dangling symlinks

223

+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"

224

+	fi

225

+

226

+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then

227

+		ewarn "Removing the following broken symlinks:"

228

+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"

229

+	fi

230

+}

1	commit: 765d9db5019129169b505cdd62cf7f132309c018
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Sun Apr 3 01:21:48 2022 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Sun Apr 3 01:47:52 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=765d9db5
7
8	app-misc/ca-certificates: add 20211016.3.77
9
10	Signed-off-by: Sam James <sam <AT> gentoo.org>
11
12	app-misc/ca-certificates/Manifest \| 1 +
13	.../ca-certificates-20211016.3.77.ebuild \| 198 +++++++++++++++++++++
14	2 files changed, 199 insertions(+)
15
16	diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
17	index 6a311f5ee131..5413a3177ae8 100644
18	--- a/app-misc/ca-certificates/Manifest
19	+++ b/app-misc/ca-certificates/Manifest
20	@@ -4,4 +4,5 @@ DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d
21	DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
22	DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
23	DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
24	+DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
25	DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
26
27	diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
28	new file mode 100644
29	index 000000000000..864b59789c1f
30	--- /dev/null
31	+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
32	@@ -0,0 +1,198 @@
33	+# Copyright 1999-2022 Gentoo Authors
34	+# Distributed under the terms of the GNU General Public License v2
35	+
36	+# The Debian ca-certificates package merely takes the CA database as it exists
37	+# in the nss package and repackages it for use by openssl.
38	+#
39	+# The issue with using the compiled debs directly is two fold:
40	+# - they do not update frequently enough for us to rely on them
41	+# - they pull the CA database from nss tip of tree rather than the release
42	+#
43	+# So we take the Debian source tools and combine them with the latest nss
44	+# release to produce (largely) the same end result. The difference is that
45	+# now we know our cert database is kept in sync with nss and, if need be,
46	+# can be sync with nss tip of tree more frequently to respond to bugs.
47	+
48	+# When triaging user reports, refer to our wiki for tips:
49	+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
50	+
51	+EAPI=7
52	+
53	+PYTHON_COMPAT=( python3_{7..10} )
54	+
55	+inherit python-any-r1
56	+
57	+if [[ ${PV} == . ]] ; then
58	+ # Compile from source ourselves.
59	+ PRECOMPILED=false
60	+
61	+ DEB_VER=$(ver_cut 1)
62	+ NSS_VER=$(ver_cut 2-)
63	+ RTM_NAME="NSS_${NSS_VER//./_}_RTM"
64	+else
65	+ # Debian precompiled version.
66	+ PRECOMPILED=true
67	+ inherit unpacker
68	+fi
69	+
70	+DESCRIPTION="Common CA Certificates PEM files"
71	+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
72	+NMU_PR=""
73	+if ${PRECOMPILED} ; then
74	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
75	+else
76	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
77	+ https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
78	+ cacert? (
79	+ https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
80	+ )"
81	+fi
82	+
83	+LICENSE="MPL-1.1"
84	+SLOT="0"
85	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
86	+IUSE=""
87	+${PRECOMPILED} \|\| IUSE+=" cacert"
88	+
89	+# c_rehash: we run `c_rehash`
90	+# debianutils: we run `run-parts`
91	+CDEPEND="app-misc/c_rehash
92	+ sys-apps/debianutils"
93	+
94	+BDEPEND="${CDEPEND}"
95	+if ! ${PRECOMPILED} ; then
96	+ BDEPEND+=" ${PYTHON_DEPS}"
97	+fi
98	+
99	+DEPEND=""
100	+if ${PRECOMPILED} ; then
101	+ DEPEND+=" !<sys-apps/portage-2.1.10.41"
102	+fi
103	+
104	+RDEPEND="${CDEPEND}
105	+ ${DEPEND}"
106	+
107	+S=${WORKDIR}
108	+
109	+pkg_setup() {
110	+ # For the conversion to having it in CONFIG_PROTECT_MASK,
111	+ # we need to tell users about it once manually first.
112	+ [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
113	+ \|\| ewarn "You should run update-ca-certificates manually after etc-update"
114	+
115	+ if ! ${PRECOMPILED} ; then
116	+ python-any-r1_pkg_setup
117	+ fi
118	+}
119	+
120	+src_unpack() {
121	+ if ! ${PRECOMPILED} ; then
122	+ default
123	+ # Initial 20200601 deb release had bad naming inside the debian source tarball.
124	+ DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
125	+ DEB_BAD_S="${WORKDIR}/work"
126	+ if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
127	+ mv "${DEB_BAD_S}" "${DEB_S}"
128	+ fi
129	+ fi
130	+
131	+ # Do all the work in the image subdir to avoid conflicting with source
132	+ # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
133	+ mkdir -p "image/${EPREFIX}" \|\| die
134	+ cd "image/${EPREFIX}" \|\| die
135	+
136	+ ${PRECOMPILED} && unpacker_src_unpack
137	+}
138	+
139	+src_prepare() {
140	+ cd "image/${EPREFIX}" \|\| die
141	+ if ! ${PRECOMPILED} ; then
142	+ mkdir -p usr/sbin \|\| die
143	+ cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
144	+ usr/sbin/ \|\| die
145	+
146	+ if use cacert ; then
147	+ pushd "${S}"/nss-${NSS_VER} >/dev/null \|\| die
148	+ eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
149	+ popd >/dev/null \|\| die
150	+ fi
151	+ fi
152	+
153	+ default
154	+ eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
155	+
156	+ pushd "${S}/${PN}-${DEB_VER}" >/dev/null \|\| die
157	+ eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
158	+ popd >/dev/null \|\| die
159	+
160	+ local relp=$(echo "${EPREFIX}" \| sed -e 's:[^/]\+:..:g')
161	+ sed -i \
162	+ -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
163	+ -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
164	+ -e 's/openssl rehash/c_rehash/' \
165	+ usr/sbin/update-ca-certificates \|\| die
166	+}
167	+
168	+src_compile() {
169	+ cd "image/${EPREFIX}" \|\| die
170	+ if ! ${PRECOMPILED} ; then
171	+ local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
172	+
173	+ # Grab the database from the nss sources.
174	+ cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" \|\| die
175	+ emake -C "${d}"
176	+
177	+ # Now move the files to the same places that the precompiled would.
178	+ mkdir -p etc/ssl/certs \
179	+ etc/ca-certificates/update.d \
180	+ "${c}"/mozilla \
181	+ \|\| die
182	+ if use cacert ; then
183	+ mkdir -p "${c}"/cacert.org \|\| die
184	+ mv "${d}"/CA_Cert_Signing_Authority.crt \
185	+ "${c}"/cacert.org/cacert.org_class1.crt \|\| die
186	+ mv "${d}"/CAcert_Class_3_Root.crt \
187	+ "${c}"/cacert.org/cacert.org_class3.crt \|\| die
188	+ fi
189	+ mv "${d}"/*.crt "${c}"/mozilla/ \|\| die
190	+ else
191	+ mv usr/share/doc/{ca-certificates,${PF}} \|\| die
192	+ fi
193	+
194	+ (
195	+ echo "# Automatically generated by ${CATEGORY}/${PF}"
196	+ echo "# $(date -u)"
197	+ echo "# Do not edit."
198	+ cd "${c}" \|\| die
199	+ find * -name '*.crt' \| LC_ALL=C sort
200	+ ) > etc/ca-certificates.conf
201	+
202	+ sh usr/sbin/update-ca-certificates --root "${S}/image" \|\| die
203	+}
204	+
205	+src_install() {
206	+ cp -pPR image/* "${D}"/ \|\| die
207	+ if ! ${PRECOMPILED} ; then
208	+ cd ${PN}-${DEB_VER} \|\| die
209	+ doman sbin/*.8
210	+ dodoc debian/README.* examples/ca-certificates-local/README
211	+ fi
212	+
213	+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
214	+ doenvd 98ca-certificates
215	+}
216	+
217	+pkg_postinst() {
218	+ if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
219	+ # if the user has local certs, we need to rebuild again
220	+ # to include their stuff in the db.
221	+ # However it's too overzealous when the user has custom certs in place.
222	+ # --fresh is to clean up dangling symlinks
223	+ "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
224	+ fi
225	+
226	+ if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
227	+ ewarn "Removing the following broken symlinks:"
228	+ ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
229	+ fi
230	+}

Gentoo Archives: gentoo-commits