1 |
commit: 13f0b6dc156f34f040465780c59d0ed7d340f56e |
2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 26 16:22:20 2015 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 26 17:45:27 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f0b6dc |
7 |
|
8 |
app-misc/ca-certificates: delete old |
9 |
|
10 |
app-misc/ca-certificates/Manifest | 7 - |
11 |
.../ca-certificates-20130906-r1.ebuild | 95 ----------- |
12 |
.../ca-certificates-20140223-r1.ebuild | 178 -------------------- |
13 |
.../ca-certificates-20140223.3.15.5-r1.ebuild | 184 --------------------- |
14 |
.../ca-certificates-20140223.3.16-r1.ebuild | 184 --------------------- |
15 |
.../ca-certificates-20140325.3.16.3.ebuild | 184 --------------------- |
16 |
6 files changed, 832 deletions(-) |
17 |
|
18 |
diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest |
19 |
index a963113..436f77d 100644 |
20 |
--- a/app-misc/ca-certificates/Manifest |
21 |
+++ b/app-misc/ca-certificates/Manifest |
22 |
@@ -1,13 +1,6 @@ |
23 |
-DIST ca-certificates_20130906_all.deb 185064 SHA256 b2326834479192de2298c607bc020715c949cbd4dc5dd6be28a1b3f348eb9b76 SHA512 0410d11843e36fb488698a5ce7e1eda473b91d476c99d8e3bd006705167c9f2ac9a554e7fce1595f3717f1781a1390af345b3e7e4bc1e58c055e0a11321ececa WHIRLPOOL b9cf04b0e080752567a82c8fecffd033d10f19e41c0ecb1e676246947a34d1380002f9860539611dd79b04c47d19f6631a126c5887cff7ee52ff866b36c50109 |
24 |
-DIST ca-certificates_20140223.tar.xz 274768 SHA256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c SHA512 14855eba51f90ab062b53a0d1986889de9ad7db4cb52bd4d764872b7c90eaaee62920543a4670ab45329469f76365d1e902219397b660034689159f13b8668d8 WHIRLPOOL f841d9a5fa2d4b3d46d06a2de947108ccb8bf7f19c99979822e22f043624656e789ba0340657b21a15560fd6593efa4256efc9f317974bdca8088a3647836e49 |
25 |
-DIST ca-certificates_20140223_all.deb 190226 SHA256 13cb11144a97d95a8be130e4bcdd6c9ffc3df269bb194699bcd21ca377e01df2 SHA512 003b6fd2301eee3ca2119781ee75a1b195f142678d4570b598c4b93847de23c4f659152f834db1f0c8866767324d02b27807260cf43f6ae16207538fa419aa31 WHIRLPOOL 179a0bcf341e7de07d02f6574850614ef221851379945db00018d25f485cee6c11915322ee370e72321d81464d7d6bb96401b41029b8f7215a68e46971671deb |
26 |
-DIST ca-certificates_20140325.tar.xz 278816 SHA256 c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a SHA512 6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 WHIRLPOOL 93d4ff1ac74c6961612ffa0e4da35228636698940fd0a66e4e6842de4e48f5ded74885bfb330f6d106ae267124309d51d49f646959bbae1ef9fa7a55dbb2085a |
27 |
DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270 |
28 |
DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f |
29 |
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 |
30 |
-DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 SHA512 4db27ea98f17f1a5bc6f513455497945fc35957f573b3ac7e730b166fbe0e8fd741c188187c578faf361d969db63d83ff8ccf15ac2b8ca72a367f33a018695ca WHIRLPOOL c3c687ac53dca571d1c45bdf4a80e192ca58da07e06ef56de7ac9736480c97689dd12d14351860764b70a1d823092a1ddbc471328c4bae4a899edd0e331c8aee |
31 |
-DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3 |
32 |
-DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e |
33 |
DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859 |
34 |
DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf |
35 |
DIST nss-3.19.tar.gz 6951461 SHA256 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14 WHIRLPOOL 3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c |
36 |
|
37 |
diff --git a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild |
38 |
deleted file mode 100644 |
39 |
index 1147230..0000000 |
40 |
--- a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild |
41 |
+++ /dev/null |
42 |
@@ -1,95 +0,0 @@ |
43 |
-# Copyright 1999-2014 Gentoo Foundation |
44 |
-# Distributed under the terms of the GNU General Public License v2 |
45 |
-# $Id$ |
46 |
- |
47 |
-EAPI="4" |
48 |
- |
49 |
-inherit eutils unpacker |
50 |
- |
51 |
-DESCRIPTION="Common CA Certificates PEM files" |
52 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
53 |
-#NMU_PR="1" |
54 |
-SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
55 |
- |
56 |
-LICENSE="MPL-1.1" |
57 |
-SLOT="0" |
58 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
59 |
-IUSE="" |
60 |
- |
61 |
-# platforms like AIX don't have a good ar |
62 |
-DEPEND="kernel_AIX? ( app-arch/deb2targz ) |
63 |
- !<sys-apps/portage-2.1.10.41" |
64 |
-# openssl: we run `c_rehash` |
65 |
-# debianutils: we run `run-parts` |
66 |
-RDEPEND="${DEPEND} |
67 |
- dev-libs/openssl |
68 |
- sys-apps/debianutils" |
69 |
- |
70 |
-S=${WORKDIR} |
71 |
- |
72 |
-pkg_setup() { |
73 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
74 |
- # we need to tell users about it once manually first. |
75 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
76 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
77 |
-} |
78 |
- |
79 |
-src_unpack() { |
80 |
- if [[ -n ${EPREFIX} ]] ; then |
81 |
- # need to perform everything in the offset, #381937 |
82 |
- mkdir -p "./${EPREFIX}" |
83 |
- cd "./${EPREFIX}" || die |
84 |
- fi |
85 |
- unpack_deb ${A} |
86 |
-} |
87 |
- |
88 |
-src_prepare() { |
89 |
- cd "./${EPREFIX}" || die |
90 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
91 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
92 |
- sed -i \ |
93 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
94 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
95 |
- usr/sbin/update-ca-certificates || die |
96 |
-} |
97 |
- |
98 |
-src_compile() { |
99 |
- ( |
100 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
101 |
- echo "# $(date -u)" |
102 |
- echo "# Do not edit." |
103 |
- cd "${S}${EPREFIX}"/usr/share/ca-certificates |
104 |
- find * -name '*.crt' | LC_ALL=C sort |
105 |
- ) > "${S}${EPREFIX}"/etc/ca-certificates.conf |
106 |
- |
107 |
- sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die |
108 |
-} |
109 |
- |
110 |
-src_install() { |
111 |
- cp -pPR . "${D}"/ || die |
112 |
- |
113 |
- mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die |
114 |
- |
115 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
116 |
- doenvd 98ca-certificates |
117 |
-} |
118 |
- |
119 |
-pkg_postinst() { |
120 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
121 |
- # if the user has local certs, we need to rebuild again |
122 |
- # to include their stuff in the db. |
123 |
- # However it's too overzealous when the user has custom certs in place. |
124 |
- # --fresh is to clean up dangling symlinks |
125 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
126 |
- fi |
127 |
- |
128 |
- local c badcerts=0 |
129 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
130 |
- ewarn "Broken symlink for a certificate at $c" |
131 |
- badcerts=1 |
132 |
- done |
133 |
- if [ $badcerts -eq 1 ]; then |
134 |
- ewarn "Removing the following broken symlinks:" |
135 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
136 |
- fi |
137 |
-} |
138 |
|
139 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild |
140 |
deleted file mode 100644 |
141 |
index df086ec..0000000 |
142 |
--- a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild |
143 |
+++ /dev/null |
144 |
@@ -1,178 +0,0 @@ |
145 |
-# Copyright 1999-2014 Gentoo Foundation |
146 |
-# Distributed under the terms of the GNU General Public License v2 |
147 |
-# $Id$ |
148 |
- |
149 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
150 |
-# in the nss package and repackages it for use by openssl. |
151 |
-# |
152 |
-# The issue with using the compiled debs directly is two fold: |
153 |
-# - they do not update frequently enough for us to rely on them |
154 |
-# - they pull the CA database from nss tip of tree rather than the release |
155 |
-# |
156 |
-# So we take the Debian source tools and combine them with the latest nss |
157 |
-# release to produce (largely) the same end result. The difference is that |
158 |
-# now we know our cert database is kept in sync with nss and, if need be, |
159 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
160 |
- |
161 |
-# When triaging bugs from users, here's some handy tips: |
162 |
-# - To see what cert is hitting errors, use openssl: |
163 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
164 |
-# Focus on the errors written to stderr. |
165 |
-# |
166 |
-# - Look at the upstream log as to why certs were added/removed: |
167 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
168 |
-# |
169 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
170 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
171 |
- |
172 |
-EAPI="4" |
173 |
- |
174 |
-inherit eutils |
175 |
- |
176 |
-if [[ ${PV} == *.* ]] ; then |
177 |
- # Compile from source ourselves. |
178 |
- PRECOMPILED=false |
179 |
- inherit versionator |
180 |
- |
181 |
- DEB_VER=$(get_version_component_range 1) |
182 |
- NSS_VER=$(get_version_component_range 2-) |
183 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
184 |
-else |
185 |
- # Debian precompiled version. |
186 |
- PRECOMPILED=true |
187 |
- inherit unpacker |
188 |
-fi |
189 |
- |
190 |
-DESCRIPTION="Common CA Certificates PEM files" |
191 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
192 |
-if ${PRECOMPILED} ; then |
193 |
- #NMU_PR="1" |
194 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
195 |
-else |
196 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
197 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
198 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
199 |
-fi |
200 |
- |
201 |
-LICENSE="MPL-1.1" |
202 |
-SLOT="0" |
203 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
204 |
-IUSE="" |
205 |
-${PRECOMPILED} || IUSE+=" +cacert" |
206 |
- |
207 |
-DEPEND="" |
208 |
-if ${PRECOMPILED} ; then |
209 |
- # platforms like AIX don't have a good ar |
210 |
- DEPEND+=" |
211 |
- kernel_AIX? ( app-arch/deb2targz ) |
212 |
- !<sys-apps/portage-2.1.10.41" |
213 |
-fi |
214 |
-# openssl: we run `c_rehash` |
215 |
-# debianutils: we run `run-parts` |
216 |
-RDEPEND="${DEPEND} |
217 |
- dev-libs/openssl |
218 |
- sys-apps/debianutils" |
219 |
- |
220 |
-S=${WORKDIR} |
221 |
- |
222 |
-pkg_setup() { |
223 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
224 |
- # we need to tell users about it once manually first. |
225 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
226 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
227 |
-} |
228 |
- |
229 |
-src_unpack() { |
230 |
- ${PRECOMPILED} || default |
231 |
- |
232 |
- # Do all the work in the image subdir to avoid conflicting with source |
233 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
234 |
- mkdir -p "image/${EPREFIX}" |
235 |
- cd "image/${EPREFIX}" || die |
236 |
- |
237 |
- ${PRECOMPILED} && unpacker_src_unpack |
238 |
-} |
239 |
- |
240 |
-src_prepare() { |
241 |
- cd "image/${EPREFIX}" || die |
242 |
- if ! ${PRECOMPILED} ; then |
243 |
- mkdir -p usr/sbin |
244 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
245 |
- |
246 |
- if use cacert ; then |
247 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
248 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
249 |
- popd >/dev/null |
250 |
- fi |
251 |
- fi |
252 |
- |
253 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
254 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
255 |
- sed -i \ |
256 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
257 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
258 |
- usr/sbin/update-ca-certificates || die |
259 |
-} |
260 |
- |
261 |
-src_compile() { |
262 |
- cd "image/${EPREFIX}" || die |
263 |
- if ! ${PRECOMPILED} ; then |
264 |
- local d="${S}/${PN}/mozilla" |
265 |
- # Grab the database from the nss sources. |
266 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
267 |
- emake -C "${d}" |
268 |
- |
269 |
- # Now move the files to the same places that the precompiled would. |
270 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
271 |
- if use cacert ; then |
272 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
273 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
274 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
275 |
- fi |
276 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
277 |
- else |
278 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
279 |
- fi |
280 |
- |
281 |
- ( |
282 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
283 |
- echo "# $(date -u)" |
284 |
- echo "# Do not edit." |
285 |
- cd usr/share/ca-certificates |
286 |
- find * -name '*.crt' | LC_ALL=C sort |
287 |
- ) > etc/ca-certificates.conf |
288 |
- |
289 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
290 |
-} |
291 |
- |
292 |
-src_install() { |
293 |
- cp -pPR image/* "${D}"/ || die |
294 |
- if ! ${PRECOMPILED} ; then |
295 |
- cd ca-certificates |
296 |
- doman sbin/*.8 |
297 |
- dodoc debian/README.* examples/ca-certificates-local/README |
298 |
- fi |
299 |
- |
300 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
301 |
- doenvd 98ca-certificates |
302 |
-} |
303 |
- |
304 |
-pkg_postinst() { |
305 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
306 |
- # if the user has local certs, we need to rebuild again |
307 |
- # to include their stuff in the db. |
308 |
- # However it's too overzealous when the user has custom certs in place. |
309 |
- # --fresh is to clean up dangling symlinks |
310 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
311 |
- fi |
312 |
- |
313 |
- local c badcerts=0 |
314 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
315 |
- ewarn "Broken symlink for a certificate at $c" |
316 |
- badcerts=1 |
317 |
- done |
318 |
- if [ $badcerts -eq 1 ]; then |
319 |
- ewarn "Removing the following broken symlinks:" |
320 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
321 |
- fi |
322 |
-} |
323 |
|
324 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild |
325 |
deleted file mode 100644 |
326 |
index 81b211a..0000000 |
327 |
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild |
328 |
+++ /dev/null |
329 |
@@ -1,184 +0,0 @@ |
330 |
-# Copyright 1999-2015 Gentoo Foundation |
331 |
-# Distributed under the terms of the GNU General Public License v2 |
332 |
-# $Id$ |
333 |
- |
334 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
335 |
-# in the nss package and repackages it for use by openssl. |
336 |
-# |
337 |
-# The issue with using the compiled debs directly is two fold: |
338 |
-# - they do not update frequently enough for us to rely on them |
339 |
-# - they pull the CA database from nss tip of tree rather than the release |
340 |
-# |
341 |
-# So we take the Debian source tools and combine them with the latest nss |
342 |
-# release to produce (largely) the same end result. The difference is that |
343 |
-# now we know our cert database is kept in sync with nss and, if need be, |
344 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
345 |
- |
346 |
-# When triaging bugs from users, here's some handy tips: |
347 |
-# - To see what cert is hitting errors, use openssl: |
348 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
349 |
-# Focus on the errors written to stderr. |
350 |
-# |
351 |
-# - Look at the upstream log as to why certs were added/removed: |
352 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
353 |
-# |
354 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
355 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
356 |
- |
357 |
-EAPI="4" |
358 |
-PYTHON_COMPAT=( python2_7 ) |
359 |
- |
360 |
-inherit eutils python-any-r1 |
361 |
- |
362 |
-if [[ ${PV} == *.* ]] ; then |
363 |
- # Compile from source ourselves. |
364 |
- PRECOMPILED=false |
365 |
- inherit versionator |
366 |
- |
367 |
- DEB_VER=$(get_version_component_range 1) |
368 |
- NSS_VER=$(get_version_component_range 2-) |
369 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
370 |
-else |
371 |
- # Debian precompiled version. |
372 |
- PRECOMPILED=true |
373 |
- inherit unpacker |
374 |
-fi |
375 |
- |
376 |
-DESCRIPTION="Common CA Certificates PEM files" |
377 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
378 |
-if ${PRECOMPILED} ; then |
379 |
- #NMU_PR="1" |
380 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
381 |
-else |
382 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
383 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
384 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
385 |
-fi |
386 |
- |
387 |
-LICENSE="MPL-1.1" |
388 |
-SLOT="0" |
389 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
390 |
-IUSE="" |
391 |
-${PRECOMPILED} || IUSE+=" +cacert" |
392 |
- |
393 |
-DEPEND="" |
394 |
-if ${PRECOMPILED} ; then |
395 |
- # platforms like AIX don't have a good ar |
396 |
- DEPEND+=" |
397 |
- kernel_AIX? ( app-arch/deb2targz ) |
398 |
- !<sys-apps/portage-2.1.10.41" |
399 |
-fi |
400 |
-# openssl: we run `c_rehash` |
401 |
-# debianutils: we run `run-parts` |
402 |
-RDEPEND="${DEPEND} |
403 |
- dev-libs/openssl |
404 |
- sys-apps/debianutils" |
405 |
- |
406 |
-if ! ${PRECOMPILED}; then |
407 |
- DEPEND+=" ${PYTHON_DEPS}" |
408 |
-fi |
409 |
- |
410 |
-S=${WORKDIR} |
411 |
- |
412 |
-pkg_setup() { |
413 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
414 |
- # we need to tell users about it once manually first. |
415 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
416 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
417 |
-} |
418 |
- |
419 |
-src_unpack() { |
420 |
- ${PRECOMPILED} || default |
421 |
- |
422 |
- # Do all the work in the image subdir to avoid conflicting with source |
423 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
424 |
- mkdir -p "image/${EPREFIX}" |
425 |
- cd "image/${EPREFIX}" || die |
426 |
- |
427 |
- ${PRECOMPILED} && unpacker_src_unpack |
428 |
-} |
429 |
- |
430 |
-src_prepare() { |
431 |
- cd "image/${EPREFIX}" || die |
432 |
- if ! ${PRECOMPILED} ; then |
433 |
- mkdir -p usr/sbin |
434 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
435 |
- |
436 |
- if use cacert ; then |
437 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
438 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
439 |
- popd >/dev/null |
440 |
- fi |
441 |
- fi |
442 |
- |
443 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
444 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
445 |
- sed -i \ |
446 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
447 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
448 |
- usr/sbin/update-ca-certificates || die |
449 |
-} |
450 |
- |
451 |
-src_compile() { |
452 |
- cd "image/${EPREFIX}" || die |
453 |
- if ! ${PRECOMPILED} ; then |
454 |
- python_setup |
455 |
- local d="${S}/${PN}/mozilla" |
456 |
- # Grab the database from the nss sources. |
457 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
458 |
- emake -C "${d}" |
459 |
- |
460 |
- # Now move the files to the same places that the precompiled would. |
461 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
462 |
- if use cacert ; then |
463 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
464 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
465 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
466 |
- fi |
467 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
468 |
- else |
469 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
470 |
- fi |
471 |
- |
472 |
- ( |
473 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
474 |
- echo "# $(date -u)" |
475 |
- echo "# Do not edit." |
476 |
- cd usr/share/ca-certificates |
477 |
- find * -name '*.crt' | LC_ALL=C sort |
478 |
- ) > etc/ca-certificates.conf |
479 |
- |
480 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
481 |
-} |
482 |
- |
483 |
-src_install() { |
484 |
- cp -pPR image/* "${D}"/ || die |
485 |
- if ! ${PRECOMPILED} ; then |
486 |
- cd ca-certificates |
487 |
- doman sbin/*.8 |
488 |
- dodoc debian/README.* examples/ca-certificates-local/README |
489 |
- fi |
490 |
- |
491 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
492 |
- doenvd 98ca-certificates |
493 |
-} |
494 |
- |
495 |
-pkg_postinst() { |
496 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
497 |
- # if the user has local certs, we need to rebuild again |
498 |
- # to include their stuff in the db. |
499 |
- # However it's too overzealous when the user has custom certs in place. |
500 |
- # --fresh is to clean up dangling symlinks |
501 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
502 |
- fi |
503 |
- |
504 |
- local c badcerts=0 |
505 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
506 |
- ewarn "Broken symlink for a certificate at $c" |
507 |
- badcerts=1 |
508 |
- done |
509 |
- if [ $badcerts -eq 1 ]; then |
510 |
- ewarn "Removing the following broken symlinks:" |
511 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
512 |
- fi |
513 |
-} |
514 |
|
515 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild |
516 |
deleted file mode 100644 |
517 |
index 81b211a..0000000 |
518 |
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild |
519 |
+++ /dev/null |
520 |
@@ -1,184 +0,0 @@ |
521 |
-# Copyright 1999-2015 Gentoo Foundation |
522 |
-# Distributed under the terms of the GNU General Public License v2 |
523 |
-# $Id$ |
524 |
- |
525 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
526 |
-# in the nss package and repackages it for use by openssl. |
527 |
-# |
528 |
-# The issue with using the compiled debs directly is two fold: |
529 |
-# - they do not update frequently enough for us to rely on them |
530 |
-# - they pull the CA database from nss tip of tree rather than the release |
531 |
-# |
532 |
-# So we take the Debian source tools and combine them with the latest nss |
533 |
-# release to produce (largely) the same end result. The difference is that |
534 |
-# now we know our cert database is kept in sync with nss and, if need be, |
535 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
536 |
- |
537 |
-# When triaging bugs from users, here's some handy tips: |
538 |
-# - To see what cert is hitting errors, use openssl: |
539 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
540 |
-# Focus on the errors written to stderr. |
541 |
-# |
542 |
-# - Look at the upstream log as to why certs were added/removed: |
543 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
544 |
-# |
545 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
546 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
547 |
- |
548 |
-EAPI="4" |
549 |
-PYTHON_COMPAT=( python2_7 ) |
550 |
- |
551 |
-inherit eutils python-any-r1 |
552 |
- |
553 |
-if [[ ${PV} == *.* ]] ; then |
554 |
- # Compile from source ourselves. |
555 |
- PRECOMPILED=false |
556 |
- inherit versionator |
557 |
- |
558 |
- DEB_VER=$(get_version_component_range 1) |
559 |
- NSS_VER=$(get_version_component_range 2-) |
560 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
561 |
-else |
562 |
- # Debian precompiled version. |
563 |
- PRECOMPILED=true |
564 |
- inherit unpacker |
565 |
-fi |
566 |
- |
567 |
-DESCRIPTION="Common CA Certificates PEM files" |
568 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
569 |
-if ${PRECOMPILED} ; then |
570 |
- #NMU_PR="1" |
571 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
572 |
-else |
573 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
574 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
575 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
576 |
-fi |
577 |
- |
578 |
-LICENSE="MPL-1.1" |
579 |
-SLOT="0" |
580 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
581 |
-IUSE="" |
582 |
-${PRECOMPILED} || IUSE+=" +cacert" |
583 |
- |
584 |
-DEPEND="" |
585 |
-if ${PRECOMPILED} ; then |
586 |
- # platforms like AIX don't have a good ar |
587 |
- DEPEND+=" |
588 |
- kernel_AIX? ( app-arch/deb2targz ) |
589 |
- !<sys-apps/portage-2.1.10.41" |
590 |
-fi |
591 |
-# openssl: we run `c_rehash` |
592 |
-# debianutils: we run `run-parts` |
593 |
-RDEPEND="${DEPEND} |
594 |
- dev-libs/openssl |
595 |
- sys-apps/debianutils" |
596 |
- |
597 |
-if ! ${PRECOMPILED}; then |
598 |
- DEPEND+=" ${PYTHON_DEPS}" |
599 |
-fi |
600 |
- |
601 |
-S=${WORKDIR} |
602 |
- |
603 |
-pkg_setup() { |
604 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
605 |
- # we need to tell users about it once manually first. |
606 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
607 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
608 |
-} |
609 |
- |
610 |
-src_unpack() { |
611 |
- ${PRECOMPILED} || default |
612 |
- |
613 |
- # Do all the work in the image subdir to avoid conflicting with source |
614 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
615 |
- mkdir -p "image/${EPREFIX}" |
616 |
- cd "image/${EPREFIX}" || die |
617 |
- |
618 |
- ${PRECOMPILED} && unpacker_src_unpack |
619 |
-} |
620 |
- |
621 |
-src_prepare() { |
622 |
- cd "image/${EPREFIX}" || die |
623 |
- if ! ${PRECOMPILED} ; then |
624 |
- mkdir -p usr/sbin |
625 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
626 |
- |
627 |
- if use cacert ; then |
628 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
629 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
630 |
- popd >/dev/null |
631 |
- fi |
632 |
- fi |
633 |
- |
634 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
635 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
636 |
- sed -i \ |
637 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
638 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
639 |
- usr/sbin/update-ca-certificates || die |
640 |
-} |
641 |
- |
642 |
-src_compile() { |
643 |
- cd "image/${EPREFIX}" || die |
644 |
- if ! ${PRECOMPILED} ; then |
645 |
- python_setup |
646 |
- local d="${S}/${PN}/mozilla" |
647 |
- # Grab the database from the nss sources. |
648 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
649 |
- emake -C "${d}" |
650 |
- |
651 |
- # Now move the files to the same places that the precompiled would. |
652 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
653 |
- if use cacert ; then |
654 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
655 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
656 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
657 |
- fi |
658 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
659 |
- else |
660 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
661 |
- fi |
662 |
- |
663 |
- ( |
664 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
665 |
- echo "# $(date -u)" |
666 |
- echo "# Do not edit." |
667 |
- cd usr/share/ca-certificates |
668 |
- find * -name '*.crt' | LC_ALL=C sort |
669 |
- ) > etc/ca-certificates.conf |
670 |
- |
671 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
672 |
-} |
673 |
- |
674 |
-src_install() { |
675 |
- cp -pPR image/* "${D}"/ || die |
676 |
- if ! ${PRECOMPILED} ; then |
677 |
- cd ca-certificates |
678 |
- doman sbin/*.8 |
679 |
- dodoc debian/README.* examples/ca-certificates-local/README |
680 |
- fi |
681 |
- |
682 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
683 |
- doenvd 98ca-certificates |
684 |
-} |
685 |
- |
686 |
-pkg_postinst() { |
687 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
688 |
- # if the user has local certs, we need to rebuild again |
689 |
- # to include their stuff in the db. |
690 |
- # However it's too overzealous when the user has custom certs in place. |
691 |
- # --fresh is to clean up dangling symlinks |
692 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
693 |
- fi |
694 |
- |
695 |
- local c badcerts=0 |
696 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
697 |
- ewarn "Broken symlink for a certificate at $c" |
698 |
- badcerts=1 |
699 |
- done |
700 |
- if [ $badcerts -eq 1 ]; then |
701 |
- ewarn "Removing the following broken symlinks:" |
702 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
703 |
- fi |
704 |
-} |
705 |
|
706 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild b/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild |
707 |
deleted file mode 100644 |
708 |
index c29feef..0000000 |
709 |
--- a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild |
710 |
+++ /dev/null |
711 |
@@ -1,184 +0,0 @@ |
712 |
-# Copyright 1999-2015 Gentoo Foundation |
713 |
-# Distributed under the terms of the GNU General Public License v2 |
714 |
-# $Id$ |
715 |
- |
716 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
717 |
-# in the nss package and repackages it for use by openssl. |
718 |
-# |
719 |
-# The issue with using the compiled debs directly is two fold: |
720 |
-# - they do not update frequently enough for us to rely on them |
721 |
-# - they pull the CA database from nss tip of tree rather than the release |
722 |
-# |
723 |
-# So we take the Debian source tools and combine them with the latest nss |
724 |
-# release to produce (largely) the same end result. The difference is that |
725 |
-# now we know our cert database is kept in sync with nss and, if need be, |
726 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
727 |
- |
728 |
-# When triaging bugs from users, here's some handy tips: |
729 |
-# - To see what cert is hitting errors, use openssl: |
730 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
731 |
-# Focus on the errors written to stderr. |
732 |
-# |
733 |
-# - Look at the upstream log as to why certs were added/removed: |
734 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
735 |
-# |
736 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
737 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
738 |
- |
739 |
-EAPI="4" |
740 |
-PYTHON_COMPAT=( python2_7 ) |
741 |
- |
742 |
-inherit eutils python-any-r1 |
743 |
- |
744 |
-if [[ ${PV} == *.* ]] ; then |
745 |
- # Compile from source ourselves. |
746 |
- PRECOMPILED=false |
747 |
- inherit versionator |
748 |
- |
749 |
- DEB_VER=$(get_version_component_range 1) |
750 |
- NSS_VER=$(get_version_component_range 2-) |
751 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
752 |
-else |
753 |
- # Debian precompiled version. |
754 |
- PRECOMPILED=true |
755 |
- inherit unpacker |
756 |
-fi |
757 |
- |
758 |
-DESCRIPTION="Common CA Certificates PEM files" |
759 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
760 |
-NMU_PR="" |
761 |
-if ${PRECOMPILED} ; then |
762 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
763 |
-else |
764 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
765 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
766 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
767 |
-fi |
768 |
- |
769 |
-LICENSE="MPL-1.1" |
770 |
-SLOT="0" |
771 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
772 |
-IUSE="" |
773 |
-${PRECOMPILED} || IUSE+=" +cacert" |
774 |
- |
775 |
-DEPEND="" |
776 |
-if ${PRECOMPILED} ; then |
777 |
- # platforms like AIX don't have a good ar |
778 |
- DEPEND+=" |
779 |
- kernel_AIX? ( app-arch/deb2targz ) |
780 |
- !<sys-apps/portage-2.1.10.41" |
781 |
-fi |
782 |
-# openssl: we run `c_rehash` |
783 |
-# debianutils: we run `run-parts` |
784 |
-RDEPEND="${DEPEND} |
785 |
- dev-libs/openssl |
786 |
- sys-apps/debianutils" |
787 |
- |
788 |
-if ! ${PRECOMPILED}; then |
789 |
- DEPEND+=" ${PYTHON_DEPS}" |
790 |
-fi |
791 |
- |
792 |
-S=${WORKDIR} |
793 |
- |
794 |
-pkg_setup() { |
795 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
796 |
- # we need to tell users about it once manually first. |
797 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
798 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
799 |
-} |
800 |
- |
801 |
-src_unpack() { |
802 |
- ${PRECOMPILED} || default |
803 |
- |
804 |
- # Do all the work in the image subdir to avoid conflicting with source |
805 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
806 |
- mkdir -p "image/${EPREFIX}" |
807 |
- cd "image/${EPREFIX}" || die |
808 |
- |
809 |
- ${PRECOMPILED} && unpacker_src_unpack |
810 |
-} |
811 |
- |
812 |
-src_prepare() { |
813 |
- cd "image/${EPREFIX}" || die |
814 |
- if ! ${PRECOMPILED} ; then |
815 |
- mkdir -p usr/sbin |
816 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
817 |
- |
818 |
- if use cacert ; then |
819 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
820 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
821 |
- popd >/dev/null |
822 |
- fi |
823 |
- fi |
824 |
- |
825 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
826 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
827 |
- sed -i \ |
828 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
829 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
830 |
- usr/sbin/update-ca-certificates || die |
831 |
-} |
832 |
- |
833 |
-src_compile() { |
834 |
- cd "image/${EPREFIX}" || die |
835 |
- if ! ${PRECOMPILED} ; then |
836 |
- python_setup |
837 |
- local d="${S}/${PN}/mozilla" |
838 |
- # Grab the database from the nss sources. |
839 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
840 |
- emake -C "${d}" |
841 |
- |
842 |
- # Now move the files to the same places that the precompiled would. |
843 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
844 |
- if use cacert ; then |
845 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
846 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
847 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
848 |
- fi |
849 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
850 |
- else |
851 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
852 |
- fi |
853 |
- |
854 |
- ( |
855 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
856 |
- echo "# $(date -u)" |
857 |
- echo "# Do not edit." |
858 |
- cd usr/share/ca-certificates |
859 |
- find * -name '*.crt' | LC_ALL=C sort |
860 |
- ) > etc/ca-certificates.conf |
861 |
- |
862 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
863 |
-} |
864 |
- |
865 |
-src_install() { |
866 |
- cp -pPR image/* "${D}"/ || die |
867 |
- if ! ${PRECOMPILED} ; then |
868 |
- cd ca-certificates |
869 |
- doman sbin/*.8 |
870 |
- dodoc debian/README.* examples/ca-certificates-local/README |
871 |
- fi |
872 |
- |
873 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
874 |
- doenvd 98ca-certificates |
875 |
-} |
876 |
- |
877 |
-pkg_postinst() { |
878 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
879 |
- # if the user has local certs, we need to rebuild again |
880 |
- # to include their stuff in the db. |
881 |
- # However it's too overzealous when the user has custom certs in place. |
882 |
- # --fresh is to clean up dangling symlinks |
883 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
884 |
- fi |
885 |
- |
886 |
- local c badcerts=0 |
887 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
888 |
- ewarn "Broken symlink for a certificate at $c" |
889 |
- badcerts=1 |
890 |
- done |
891 |
- if [ $badcerts -eq 1 ]; then |
892 |
- ewarn "Removing the following broken symlinks:" |
893 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
894 |
- fi |
895 |
-} |