[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ - gentoo-commits

From:	"Robin H. Johnson" <robbat2@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date:	Mon, 27 Sep 2021 04:26:26
Message-Id:	`1632716762.422191f4346143c52e585b449f369dffb577f4fd.robbat2@gentoo`

1

commit:     422191f4346143c52e585b449f369dffb577f4fd

2

Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

3

AuthorDate: Mon Sep 27 04:25:24 2021 +0000

4

Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>

5

CommitDate: Mon Sep 27 04:26:02 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=422191f4

7

8

app-misc/ca-certificates: bump, internal nss tooling updates, no cert changes

9

10

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

11

12

 app-misc/ca-certificates/Manifest                  |   1 +

13

 .../ca-certificates-20210119.3.70.ebuild           | 189 +++++++++++++++++++++

14

 2 files changed, 190 insertions(+)

15

16

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest

17

index 266e112c77f..f060e3b22cf 100644

18

--- a/app-misc/ca-certificates/Manifest

19

+++ b/app-misc/ca-certificates/Manifest

20

@@ -1,3 +1,4 @@

21

 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373

22

 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467

23

+DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82

24

 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

25

26

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild

27

new file mode 100644

28

index 00000000000..589797be280

29

--- /dev/null

30

+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild

31

@@ -0,0 +1,189 @@

32

+# Copyright 1999-2021 Gentoo Authors

33

+# Distributed under the terms of the GNU General Public License v2

34

+

35

+# The Debian ca-certificates package merely takes the CA database as it exists

36

+# in the nss package and repackages it for use by openssl.

37

+#

38

+# The issue with using the compiled debs directly is two fold:

39

+# - they do not update frequently enough for us to rely on them

40

+# - they pull the CA database from nss tip of tree rather than the release

41

+#

42

+# So we take the Debian source tools and combine them with the latest nss

43

+# release to produce (largely) the same end result.  The difference is that

44

+# now we know our cert database is kept in sync with nss and, if need be,

45

+# can be sync with nss tip of tree more frequently to respond to bugs.

46

+

47

+# When triaging user reports, refer to our wiki for tips:

48

+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues

49

+

50

+EAPI=7

51

+

52

+PYTHON_COMPAT=( python3_{7..10} )

53

+

54

+inherit python-any-r1

55

+

56

+if [[ ${PV} == *.* ]] ; then

57

+	# Compile from source ourselves.

58

+	PRECOMPILED=false

59

+

60

+	DEB_VER=$(ver_cut 1)

61

+	NSS_VER=$(ver_cut 2-)

62

+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"

63

+else

64

+	# Debian precompiled version.

65

+	PRECOMPILED=true

66

+	inherit unpacker

67

+fi

68

+

69

+DESCRIPTION="Common CA Certificates PEM files"

70

+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"

71

+NMU_PR=""

72

+if ${PRECOMPILED} ; then

73

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"

74

+else

75

+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz

76

+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz

77

+		cacert? (

78

+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch

79

+		)"

80

+fi

81

+

82

+LICENSE="MPL-1.1"

83

+SLOT="0"

84

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"

85

+IUSE=""

86

+${PRECOMPILED} || IUSE+=" cacert"

87

+

88

+# c_rehash: we run `c_rehash`

89

+# debianutils: we run `run-parts`

90

+CDEPEND="app-misc/c_rehash

91

+	sys-apps/debianutils"

92

+

93

+BDEPEND="${CDEPEND}"

94

+if ! ${PRECOMPILED} ; then

95

+	BDEPEND+=" ${PYTHON_DEPS}"

96

+fi

97

+

98

+DEPEND=""

99

+if ${PRECOMPILED} ; then

100

+	DEPEND+=" !<sys-apps/portage-2.1.10.41"

101

+fi

102

+

103

+RDEPEND="${CDEPEND}

104

+	${DEPEND}"

105

+

106

+S=${WORKDIR}

107

+

108

+pkg_setup() {

109

+	# For the conversion to having it in CONFIG_PROTECT_MASK,

110

+	# we need to tell users about it once manually first.

111

+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \

112

+		|| ewarn "You should run update-ca-certificates manually after etc-update"

113

+}

114

+

115

+src_unpack() {

116

+	if ! ${PRECOMPILED} ; then

117

+		default

118

+		# Initial 20200601 deb release had bad naming inside the debian source tarball.

119

+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"

120

+		DEB_BAD_S="${WORKDIR}/work"

121

+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then

122

+			mv "${DEB_BAD_S}" "${DEB_S}"

123

+		fi

124

+	fi

125

+

126

+	# Do all the work in the image subdir to avoid conflicting with source

127

+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937

128

+	mkdir -p "image/${EPREFIX}" || die

129

+	cd "image/${EPREFIX}" || die

130

+

131

+	${PRECOMPILED} && unpacker_src_unpack

132

+}

133

+

134

+src_prepare() {

135

+	cd "image/${EPREFIX}" || die

136

+	if ! ${PRECOMPILED} ; then

137

+		mkdir -p usr/sbin || die

138

+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \

139

+			usr/sbin/ || die

140

+

141

+		if use cacert ; then

142

+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die

143

+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch

144

+			popd >/dev/null || die

145

+		fi

146

+	fi

147

+

148

+	default

149

+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch

150

+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')

151

+	sed -i \

152

+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \

153

+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \

154

+		-e 's/openssl rehash/c_rehash/' \

155

+		usr/sbin/update-ca-certificates || die

156

+}

157

+

158

+src_compile() {

159

+	cd "image/${EPREFIX}" || die

160

+	if ! ${PRECOMPILED} ; then

161

+		python_setup

162

+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"

163

+		# Grab the database from the nss sources.

164

+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die

165

+		emake -C "${d}"

166

+

167

+		# Now move the files to the same places that the precompiled would.

168

+		mkdir -p etc/ssl/certs \

169

+			etc/ca-certificates/update.d \

170

+			"${c}"/mozilla \

171

+			|| die

172

+		if use cacert ; then

173

+			mkdir -p "${c}"/cacert.org || die

174

+			mv "${d}"/CA_Cert_Signing_Authority.crt \

175

+				"${c}"/cacert.org/cacert.org_class1.crt || die

176

+			mv "${d}"/CAcert_Class_3_Root.crt \

177

+				"${c}"/cacert.org/cacert.org_class3.crt || die

178

+		fi

179

+		mv "${d}"/*.crt "${c}"/mozilla/ || die

180

+	else

181

+		mv usr/share/doc/{ca-certificates,${PF}} || die

182

+	fi

183

+

184

+	(

185

+		echo "# Automatically generated by ${CATEGORY}/${PF}"

186

+		echo "# $(date -u)"

187

+		echo "# Do not edit."

188

+		cd "${c}" || die

189

+		find * -name '*.crt' | LC_ALL=C sort

190

+	) > etc/ca-certificates.conf

191

+

192

+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die

193

+}

194

+

195

+src_install() {

196

+	cp -pPR image/* "${D}"/ || die

197

+	if ! ${PRECOMPILED} ; then

198

+		cd ${PN}-${DEB_VER} || die

199

+		doman sbin/*.8

200

+		dodoc debian/README.* examples/ca-certificates-local/README

201

+	fi

202

+

203

+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates

204

+	doenvd 98ca-certificates

205

+}

206

+

207

+pkg_postinst() {

208

+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then

209

+		# if the user has local certs, we need to rebuild again

210

+		# to include their stuff in the db.

211

+		# However it's too overzealous when the user has custom certs in place.

212

+		# --fresh is to clean up dangling symlinks

213

+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"

214

+	fi

215

+

216

+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then

217

+		ewarn "Removing the following broken symlinks:"

218

+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"

219

+	fi

220

+}

1	commit: 422191f4346143c52e585b449f369dffb577f4fd
2	Author: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
3	AuthorDate: Mon Sep 27 04:25:24 2021 +0000
4	Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
5	CommitDate: Mon Sep 27 04:26:02 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=422191f4
7
8	app-misc/ca-certificates: bump, internal nss tooling updates, no cert changes
9
10	Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
11
12	app-misc/ca-certificates/Manifest \| 1 +
13	.../ca-certificates-20210119.3.70.ebuild \| 189 +++++++++++++++++++++
14	2 files changed, 190 insertions(+)
15
16	diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
17	index 266e112c77f..f060e3b22cf 100644
18	--- a/app-misc/ca-certificates/Manifest
19	+++ b/app-misc/ca-certificates/Manifest
20	@@ -1,3 +1,4 @@
21	DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
22	DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
23	+DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
24	DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4
25
26	diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
27	new file mode 100644
28	index 00000000000..589797be280
29	--- /dev/null
30	+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
31	@@ -0,0 +1,189 @@
32	+# Copyright 1999-2021 Gentoo Authors
33	+# Distributed under the terms of the GNU General Public License v2
34	+
35	+# The Debian ca-certificates package merely takes the CA database as it exists
36	+# in the nss package and repackages it for use by openssl.
37	+#
38	+# The issue with using the compiled debs directly is two fold:
39	+# - they do not update frequently enough for us to rely on them
40	+# - they pull the CA database from nss tip of tree rather than the release
41	+#
42	+# So we take the Debian source tools and combine them with the latest nss
43	+# release to produce (largely) the same end result. The difference is that
44	+# now we know our cert database is kept in sync with nss and, if need be,
45	+# can be sync with nss tip of tree more frequently to respond to bugs.
46	+
47	+# When triaging user reports, refer to our wiki for tips:
48	+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
49	+
50	+EAPI=7
51	+
52	+PYTHON_COMPAT=( python3_{7..10} )
53	+
54	+inherit python-any-r1
55	+
56	+if [[ ${PV} == . ]] ; then
57	+ # Compile from source ourselves.
58	+ PRECOMPILED=false
59	+
60	+ DEB_VER=$(ver_cut 1)
61	+ NSS_VER=$(ver_cut 2-)
62	+ RTM_NAME="NSS_${NSS_VER//./_}_RTM"
63	+else
64	+ # Debian precompiled version.
65	+ PRECOMPILED=true
66	+ inherit unpacker
67	+fi
68	+
69	+DESCRIPTION="Common CA Certificates PEM files"
70	+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
71	+NMU_PR=""
72	+if ${PRECOMPILED} ; then
73	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
74	+else
75	+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
76	+ https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
77	+ cacert? (
78	+ https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
79	+ )"
80	+fi
81	+
82	+LICENSE="MPL-1.1"
83	+SLOT="0"
84	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
85	+IUSE=""
86	+${PRECOMPILED} \|\| IUSE+=" cacert"
87	+
88	+# c_rehash: we run `c_rehash`
89	+# debianutils: we run `run-parts`
90	+CDEPEND="app-misc/c_rehash
91	+ sys-apps/debianutils"
92	+
93	+BDEPEND="${CDEPEND}"
94	+if ! ${PRECOMPILED} ; then
95	+ BDEPEND+=" ${PYTHON_DEPS}"
96	+fi
97	+
98	+DEPEND=""
99	+if ${PRECOMPILED} ; then
100	+ DEPEND+=" !<sys-apps/portage-2.1.10.41"
101	+fi
102	+
103	+RDEPEND="${CDEPEND}
104	+ ${DEPEND}"
105	+
106	+S=${WORKDIR}
107	+
108	+pkg_setup() {
109	+ # For the conversion to having it in CONFIG_PROTECT_MASK,
110	+ # we need to tell users about it once manually first.
111	+ [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
112	+ \|\| ewarn "You should run update-ca-certificates manually after etc-update"
113	+}
114	+
115	+src_unpack() {
116	+ if ! ${PRECOMPILED} ; then
117	+ default
118	+ # Initial 20200601 deb release had bad naming inside the debian source tarball.
119	+ DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
120	+ DEB_BAD_S="${WORKDIR}/work"
121	+ if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
122	+ mv "${DEB_BAD_S}" "${DEB_S}"
123	+ fi
124	+ fi
125	+
126	+ # Do all the work in the image subdir to avoid conflicting with source
127	+ # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
128	+ mkdir -p "image/${EPREFIX}" \|\| die
129	+ cd "image/${EPREFIX}" \|\| die
130	+
131	+ ${PRECOMPILED} && unpacker_src_unpack
132	+}
133	+
134	+src_prepare() {
135	+ cd "image/${EPREFIX}" \|\| die
136	+ if ! ${PRECOMPILED} ; then
137	+ mkdir -p usr/sbin \|\| die
138	+ cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
139	+ usr/sbin/ \|\| die
140	+
141	+ if use cacert ; then
142	+ pushd "${S}"/nss-${NSS_VER} >/dev/null \|\| die
143	+ eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
144	+ popd >/dev/null \|\| die
145	+ fi
146	+ fi
147	+
148	+ default
149	+ eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
150	+ local relp=$(echo "${EPREFIX}" \| sed -e 's:[^/]\+:..:g')
151	+ sed -i \
152	+ -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
153	+ -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
154	+ -e 's/openssl rehash/c_rehash/' \
155	+ usr/sbin/update-ca-certificates \|\| die
156	+}
157	+
158	+src_compile() {
159	+ cd "image/${EPREFIX}" \|\| die
160	+ if ! ${PRECOMPILED} ; then
161	+ python_setup
162	+ local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
163	+ # Grab the database from the nss sources.
164	+ cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" \|\| die
165	+ emake -C "${d}"
166	+
167	+ # Now move the files to the same places that the precompiled would.
168	+ mkdir -p etc/ssl/certs \
169	+ etc/ca-certificates/update.d \
170	+ "${c}"/mozilla \
171	+ \|\| die
172	+ if use cacert ; then
173	+ mkdir -p "${c}"/cacert.org \|\| die
174	+ mv "${d}"/CA_Cert_Signing_Authority.crt \
175	+ "${c}"/cacert.org/cacert.org_class1.crt \|\| die
176	+ mv "${d}"/CAcert_Class_3_Root.crt \
177	+ "${c}"/cacert.org/cacert.org_class3.crt \|\| die
178	+ fi
179	+ mv "${d}"/*.crt "${c}"/mozilla/ \|\| die
180	+ else
181	+ mv usr/share/doc/{ca-certificates,${PF}} \|\| die
182	+ fi
183	+
184	+ (
185	+ echo "# Automatically generated by ${CATEGORY}/${PF}"
186	+ echo "# $(date -u)"
187	+ echo "# Do not edit."
188	+ cd "${c}" \|\| die
189	+ find * -name '*.crt' \| LC_ALL=C sort
190	+ ) > etc/ca-certificates.conf
191	+
192	+ sh usr/sbin/update-ca-certificates --root "${S}/image" \|\| die
193	+}
194	+
195	+src_install() {
196	+ cp -pPR image/* "${D}"/ \|\| die
197	+ if ! ${PRECOMPILED} ; then
198	+ cd ${PN}-${DEB_VER} \|\| die
199	+ doman sbin/*.8
200	+ dodoc debian/README.* examples/ca-certificates-local/README
201	+ fi
202	+
203	+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
204	+ doenvd 98ca-certificates
205	+}
206	+
207	+pkg_postinst() {
208	+ if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
209	+ # if the user has local certs, we need to rebuild again
210	+ # to include their stuff in the db.
211	+ # However it's too overzealous when the user has custom certs in place.
212	+ # --fresh is to clean up dangling symlinks
213	+ "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
214	+ fi
215	+
216	+ if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
217	+ ewarn "Removing the following broken symlinks:"
218	+ ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
219	+ fi
220	+}

Gentoo Archives: gentoo-commits