[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ - gentoo-commits

From:	Lars Wendler <polynomial-c@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date:	Mon, 18 Feb 2019 09:02:20
Message-Id:	`1550480528.4ceee380da2876430e00d913a714173290ad02b8.polynomial-c@gentoo`

1

commit:     4ceee380da2876430e00d913a714173290ad02b8

2

Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

3

AuthorDate: Mon Feb 18 09:02:08 2019 +0000

4

Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>

5

CommitDate: Mon Feb 18 09:02:08 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ceee380

7

8

app-misc/ca-certificates: Bump to version 20190110.3.42.1

9

10

Package-Manager: Portage-2.3.61, Repoman-2.3.12

11

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

12

13

 app-misc/ca-certificates/Manifest                  |   2 +

14

 .../ca-certificates-20190110.3.42.1.ebuild         | 184 +++++++++++++++++++++

15

 2 files changed, 186 insertions(+)

16

17

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest

18

index f559af13ed9..45754412ffb 100644

19

--- a/app-misc/ca-certificates/Manifest

20

+++ b/app-misc/ca-certificates/Manifest

21

@@ -1,3 +1,5 @@

22

 DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53

23

+DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372

24

 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103

25

+DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265

26

 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

27

28

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild

29

new file mode 100644

30

index 00000000000..1fc190158c6

31

--- /dev/null

32

+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild

33

@@ -0,0 +1,184 @@

34

+# Copyright 1999-2019 Gentoo Authors

35

+# Distributed under the terms of the GNU General Public License v2

36

+

37

+# The Debian ca-certificates package merely takes the CA database as it exists

38

+# in the nss package and repackages it for use by openssl.

39

+#

40

+# The issue with using the compiled debs directly is two fold:

41

+# - they do not update frequently enough for us to rely on them

42

+# - they pull the CA database from nss tip of tree rather than the release

43

+#

44

+# So we take the Debian source tools and combine them with the latest nss

45

+# release to produce (largely) the same end result.  The difference is that

46

+# now we know our cert database is kept in sync with nss and, if need be,

47

+# can be sync with nss tip of tree more frequently to respond to bugs.

48

+

49

+# When triaging bugs from users, here's some handy tips:

50

+# - To see what cert is hitting errors, use openssl:

51

+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME

52

+#   Focus on the errors written to stderr.

53

+#

54

+# - Look at the upstream log as to why certs were added/removed:

55

+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt

56

+#

57

+# - If people want to add/remove certs, tell them to file w/mozilla:

58

+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk

59

+

60

+EAPI=6

61

+

62

+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )

63

+

64

+inherit eutils python-any-r1

65

+

66

+if [[ ${PV} == *.* ]] ; then

67

+	# Compile from source ourselves.

68

+	PRECOMPILED=false

69

+	inherit eapi7-ver

70

+

71

+	DEB_VER=$(ver_cut 1)

72

+	NSS_VER=$(ver_cut 2-)

73

+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"

74

+else

75

+	# Debian precompiled version.

76

+	PRECOMPILED=true

77

+	inherit unpacker

78

+fi

79

+

80

+DESCRIPTION="Common CA Certificates PEM files"

81

+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"

82

+NMU_PR=""

83

+if ${PRECOMPILED} ; then

84

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"

85

+else

86

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz

87

+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz

88

+		cacert? (

89

+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch

90

+		)"

91

+fi

92

+

93

+LICENSE="MPL-1.1"

94

+SLOT="0"

95

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

96

+IUSE=""

97

+${PRECOMPILED} || IUSE+=" cacert"

98

+

99

+DEPEND=""

100

+if ${PRECOMPILED} ; then

101

+	DEPEND+=" !<sys-apps/portage-2.1.10.41"

102

+fi

103

+# c_rehash: we run `c_rehash`

104

+# debianutils: we run `run-parts`

105

+RDEPEND="${DEPEND}

106

+	app-misc/c_rehash

107

+	sys-apps/debianutils"

108

+

109

+if ! ${PRECOMPILED}; then

110

+	DEPEND+=" ${PYTHON_DEPS}"

111

+fi

112

+

113

+S=${WORKDIR}

114

+

115

+pkg_setup() {

116

+	# For the conversion to having it in CONFIG_PROTECT_MASK,

117

+	# we need to tell users about it once manually first.

118

+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \

119

+		|| ewarn "You should run update-ca-certificates manually after etc-update"

120

+}

121

+

122

+src_unpack() {

123

+	${PRECOMPILED} || default

124

+

125

+	# Do all the work in the image subdir to avoid conflicting with source

126

+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937

127

+	mkdir -p "image/${EPREFIX}" || die

128

+	cd "image/${EPREFIX}" || die

129

+

130

+	${PRECOMPILED} && unpacker_src_unpack

131

+}

132

+

133

+src_prepare() {

134

+	cd "image/${EPREFIX}" || die

135

+	if ! ${PRECOMPILED} ; then

136

+		mkdir -p usr/sbin || die

137

+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \

138

+			usr/sbin/ || die

139

+

140

+		if use cacert ; then

141

+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die

142

+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch

143

+			popd >/dev/null || die

144

+		fi

145

+	fi

146

+

147

+	default

148

+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch

149

+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')

150

+	sed -i \

151

+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \

152

+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \

153

+		-e 's/openssl rehash/c_rehash/' \

154

+		usr/sbin/update-ca-certificates || die

155

+}

156

+

157

+src_compile() {

158

+	cd "image/${EPREFIX}" || die

159

+	if ! ${PRECOMPILED} ; then

160

+		python_setup

161

+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"

162

+		# Grab the database from the nss sources.

163

+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die

164

+		emake -C "${d}"

165

+

166

+		# Now move the files to the same places that the precompiled would.

167

+		mkdir -p etc/ssl/certs \

168

+			etc/ca-certificates/update.d \

169

+			"${c}"/mozilla \

170

+			|| die

171

+		if use cacert ; then

172

+			mkdir -p "${c}"/cacert.org || die

173

+			mv "${d}"/CAcert_Inc..crt \

174

+				"${c}"/cacert.org/cacert.org_root.crt || die

175

+		fi

176

+		mv "${d}"/*.crt "${c}"/mozilla/ || die

177

+	else

178

+		mv usr/share/doc/{ca-certificates,${PF}} || die

179

+	fi

180

+

181

+	(

182

+		echo "# Automatically generated by ${CATEGORY}/${PF}"

183

+		echo "# $(date -u)"

184

+		echo "# Do not edit."

185

+		cd "${c}" || die

186

+		find * -name '*.crt' | LC_ALL=C sort

187

+	) > etc/ca-certificates.conf

188

+

189

+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die

190

+}

191

+

192

+src_install() {

193

+	cp -pPR image/* "${ED}"/ || die

194

+	if ! ${PRECOMPILED} ; then

195

+		cd ${PN}-${DEB_VER} || die

196

+		doman sbin/*.8

197

+		dodoc debian/README.* examples/ca-certificates-local/README

198

+	fi

199

+

200

+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates

201

+	doenvd 98ca-certificates

202

+}

203

+

204

+pkg_postinst() {

205

+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then

206

+		# if the user has local certs, we need to rebuild again

207

+		# to include their stuff in the db.

208

+		# However it's too overzealous when the user has custom certs in place.

209

+		# --fresh is to clean up dangling symlinks

210

+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"

211

+	fi

212

+

213

+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then

214

+		ewarn "Removing the following broken symlinks:"

215

+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"

216

+	fi

217

+}

1	commit: 4ceee380da2876430e00d913a714173290ad02b8
2	Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3	AuthorDate: Mon Feb 18 09:02:08 2019 +0000
4	Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5	CommitDate: Mon Feb 18 09:02:08 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ceee380
7
8	app-misc/ca-certificates: Bump to version 20190110.3.42.1
9
10	Package-Manager: Portage-2.3.61, Repoman-2.3.12
11	Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
12
13	app-misc/ca-certificates/Manifest \| 2 +
14	.../ca-certificates-20190110.3.42.1.ebuild \| 184 +++++++++++++++++++++
15	2 files changed, 186 insertions(+)
16
17	diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
18	index f559af13ed9..45754412ffb 100644
19	--- a/app-misc/ca-certificates/Manifest
20	+++ b/app-misc/ca-certificates/Manifest
21	@@ -1,3 +1,5 @@
22	DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
23	+DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
24	DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
25	+DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
26	DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
27
28	diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
29	new file mode 100644
30	index 00000000000..1fc190158c6
31	--- /dev/null
32	+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
33	@@ -0,0 +1,184 @@
34	+# Copyright 1999-2019 Gentoo Authors
35	+# Distributed under the terms of the GNU General Public License v2
36	+
37	+# The Debian ca-certificates package merely takes the CA database as it exists
38	+# in the nss package and repackages it for use by openssl.
39	+#
40	+# The issue with using the compiled debs directly is two fold:
41	+# - they do not update frequently enough for us to rely on them
42	+# - they pull the CA database from nss tip of tree rather than the release
43	+#
44	+# So we take the Debian source tools and combine them with the latest nss
45	+# release to produce (largely) the same end result. The difference is that
46	+# now we know our cert database is kept in sync with nss and, if need be,
47	+# can be sync with nss tip of tree more frequently to respond to bugs.
48	+
49	+# When triaging bugs from users, here's some handy tips:
50	+# - To see what cert is hitting errors, use openssl:
51	+# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
52	+# Focus on the errors written to stderr.
53	+#
54	+# - Look at the upstream log as to why certs were added/removed:
55	+# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
56	+#
57	+# - If people want to add/remove certs, tell them to file w/mozilla:
58	+# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
59	+
60	+EAPI=6
61	+
62	+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
63	+
64	+inherit eutils python-any-r1
65	+
66	+if [[ ${PV} == . ]] ; then
67	+ # Compile from source ourselves.
68	+ PRECOMPILED=false
69	+ inherit eapi7-ver
70	+
71	+ DEB_VER=$(ver_cut 1)
72	+ NSS_VER=$(ver_cut 2-)
73	+ RTM_NAME="NSS_${NSS_VER//./_}_RTM"
74	+else
75	+ # Debian precompiled version.
76	+ PRECOMPILED=true
77	+ inherit unpacker
78	+fi
79	+
80	+DESCRIPTION="Common CA Certificates PEM files"
81	+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
82	+NMU_PR=""
83	+if ${PRECOMPILED} ; then
84	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
85	+else
86	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
87	+ https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
88	+ cacert? (
89	+ https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
90	+ )"
91	+fi
92	+
93	+LICENSE="MPL-1.1"
94	+SLOT="0"
95	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
96	+IUSE=""
97	+${PRECOMPILED} \|\| IUSE+=" cacert"
98	+
99	+DEPEND=""
100	+if ${PRECOMPILED} ; then
101	+ DEPEND+=" !<sys-apps/portage-2.1.10.41"
102	+fi
103	+# c_rehash: we run `c_rehash`
104	+# debianutils: we run `run-parts`
105	+RDEPEND="${DEPEND}
106	+ app-misc/c_rehash
107	+ sys-apps/debianutils"
108	+
109	+if ! ${PRECOMPILED}; then
110	+ DEPEND+=" ${PYTHON_DEPS}"
111	+fi
112	+
113	+S=${WORKDIR}
114	+
115	+pkg_setup() {
116	+ # For the conversion to having it in CONFIG_PROTECT_MASK,
117	+ # we need to tell users about it once manually first.
118	+ [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
119	+ \|\| ewarn "You should run update-ca-certificates manually after etc-update"
120	+}
121	+
122	+src_unpack() {
123	+ ${PRECOMPILED} \|\| default
124	+
125	+ # Do all the work in the image subdir to avoid conflicting with source
126	+ # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
127	+ mkdir -p "image/${EPREFIX}" \|\| die
128	+ cd "image/${EPREFIX}" \|\| die
129	+
130	+ ${PRECOMPILED} && unpacker_src_unpack
131	+}
132	+
133	+src_prepare() {
134	+ cd "image/${EPREFIX}" \|\| die
135	+ if ! ${PRECOMPILED} ; then
136	+ mkdir -p usr/sbin \|\| die
137	+ cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
138	+ usr/sbin/ \|\| die
139	+
140	+ if use cacert ; then
141	+ pushd "${S}"/nss-${NSS_VER} >/dev/null \|\| die
142	+ eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
143	+ popd >/dev/null \|\| die
144	+ fi
145	+ fi
146	+
147	+ default
148	+ eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
149	+ local relp=$(echo "${EPREFIX}" \| sed -e 's:[^/]\+:..:g')
150	+ sed -i \
151	+ -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
152	+ -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
153	+ -e 's/openssl rehash/c_rehash/' \
154	+ usr/sbin/update-ca-certificates \|\| die
155	+}
156	+
157	+src_compile() {
158	+ cd "image/${EPREFIX}" \|\| die
159	+ if ! ${PRECOMPILED} ; then
160	+ python_setup
161	+ local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
162	+ # Grab the database from the nss sources.
163	+ cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" \|\| die
164	+ emake -C "${d}"
165	+
166	+ # Now move the files to the same places that the precompiled would.
167	+ mkdir -p etc/ssl/certs \
168	+ etc/ca-certificates/update.d \
169	+ "${c}"/mozilla \
170	+ \|\| die
171	+ if use cacert ; then
172	+ mkdir -p "${c}"/cacert.org \|\| die
173	+ mv "${d}"/CAcert_Inc..crt \
174	+ "${c}"/cacert.org/cacert.org_root.crt \|\| die
175	+ fi
176	+ mv "${d}"/*.crt "${c}"/mozilla/ \|\| die
177	+ else
178	+ mv usr/share/doc/{ca-certificates,${PF}} \|\| die
179	+ fi
180	+
181	+ (
182	+ echo "# Automatically generated by ${CATEGORY}/${PF}"
183	+ echo "# $(date -u)"
184	+ echo "# Do not edit."
185	+ cd "${c}" \|\| die
186	+ find * -name '*.crt' \| LC_ALL=C sort
187	+ ) > etc/ca-certificates.conf
188	+
189	+ sh usr/sbin/update-ca-certificates --root "${S}/image" \|\| die
190	+}
191	+
192	+src_install() {
193	+ cp -pPR image/* "${ED}"/ \|\| die
194	+ if ! ${PRECOMPILED} ; then
195	+ cd ${PN}-${DEB_VER} \|\| die
196	+ doman sbin/*.8
197	+ dodoc debian/README.* examples/ca-certificates-local/README
198	+ fi
199	+
200	+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
201	+ doenvd 98ca-certificates
202	+}
203	+
204	+pkg_postinst() {
205	+ if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
206	+ # if the user has local certs, we need to rebuild again
207	+ # to include their stuff in the db.
208	+ # However it's too overzealous when the user has custom certs in place.
209	+ # --fresh is to clean up dangling symlinks
210	+ "${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
211	+ fi
212	+
213	+ if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
214	+ ewarn "Removing the following broken symlinks:"
215	+ ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
216	+ fi
217	+}

Gentoo Archives: gentoo-commits