| 1 |
commit: 13f0b6dc156f34f040465780c59d0ed7d340f56e |
| 2 |
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Sep 26 16:22:20 2015 +0000 |
| 4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Sep 26 17:45:27 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f0b6dc |
| 7 |
|
| 8 |
app-misc/ca-certificates: delete old |
| 9 |
|
| 10 |
app-misc/ca-certificates/Manifest | 7 - |
| 11 |
.../ca-certificates-20130906-r1.ebuild | 95 ----------- |
| 12 |
.../ca-certificates-20140223-r1.ebuild | 178 -------------------- |
| 13 |
.../ca-certificates-20140223.3.15.5-r1.ebuild | 184 --------------------- |
| 14 |
.../ca-certificates-20140223.3.16-r1.ebuild | 184 --------------------- |
| 15 |
.../ca-certificates-20140325.3.16.3.ebuild | 184 --------------------- |
| 16 |
6 files changed, 832 deletions(-) |
| 17 |
|
| 18 |
diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest |
| 19 |
index a963113..436f77d 100644 |
| 20 |
--- a/app-misc/ca-certificates/Manifest |
| 21 |
+++ b/app-misc/ca-certificates/Manifest |
| 22 |
@@ -1,13 +1,6 @@ |
| 23 |
-DIST ca-certificates_20130906_all.deb 185064 SHA256 b2326834479192de2298c607bc020715c949cbd4dc5dd6be28a1b3f348eb9b76 SHA512 0410d11843e36fb488698a5ce7e1eda473b91d476c99d8e3bd006705167c9f2ac9a554e7fce1595f3717f1781a1390af345b3e7e4bc1e58c055e0a11321ececa WHIRLPOOL b9cf04b0e080752567a82c8fecffd033d10f19e41c0ecb1e676246947a34d1380002f9860539611dd79b04c47d19f6631a126c5887cff7ee52ff866b36c50109 |
| 24 |
-DIST ca-certificates_20140223.tar.xz 274768 SHA256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c SHA512 14855eba51f90ab062b53a0d1986889de9ad7db4cb52bd4d764872b7c90eaaee62920543a4670ab45329469f76365d1e902219397b660034689159f13b8668d8 WHIRLPOOL f841d9a5fa2d4b3d46d06a2de947108ccb8bf7f19c99979822e22f043624656e789ba0340657b21a15560fd6593efa4256efc9f317974bdca8088a3647836e49 |
| 25 |
-DIST ca-certificates_20140223_all.deb 190226 SHA256 13cb11144a97d95a8be130e4bcdd6c9ffc3df269bb194699bcd21ca377e01df2 SHA512 003b6fd2301eee3ca2119781ee75a1b195f142678d4570b598c4b93847de23c4f659152f834db1f0c8866767324d02b27807260cf43f6ae16207538fa419aa31 WHIRLPOOL 179a0bcf341e7de07d02f6574850614ef221851379945db00018d25f485cee6c11915322ee370e72321d81464d7d6bb96401b41029b8f7215a68e46971671deb |
| 26 |
-DIST ca-certificates_20140325.tar.xz 278816 SHA256 c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a SHA512 6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 WHIRLPOOL 93d4ff1ac74c6961612ffa0e4da35228636698940fd0a66e4e6842de4e48f5ded74885bfb330f6d106ae267124309d51d49f646959bbae1ef9fa7a55dbb2085a |
| 27 |
DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270 |
| 28 |
DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f |
| 29 |
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 |
| 30 |
-DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 SHA512 4db27ea98f17f1a5bc6f513455497945fc35957f573b3ac7e730b166fbe0e8fd741c188187c578faf361d969db63d83ff8ccf15ac2b8ca72a367f33a018695ca WHIRLPOOL c3c687ac53dca571d1c45bdf4a80e192ca58da07e06ef56de7ac9736480c97689dd12d14351860764b70a1d823092a1ddbc471328c4bae4a899edd0e331c8aee |
| 31 |
-DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3 |
| 32 |
-DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e |
| 33 |
DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859 |
| 34 |
DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf |
| 35 |
DIST nss-3.19.tar.gz 6951461 SHA256 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14 WHIRLPOOL 3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c |
| 36 |
|
| 37 |
diff --git a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild |
| 38 |
deleted file mode 100644 |
| 39 |
index 1147230..0000000 |
| 40 |
--- a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild |
| 41 |
+++ /dev/null |
| 42 |
@@ -1,95 +0,0 @@ |
| 43 |
-# Copyright 1999-2014 Gentoo Foundation |
| 44 |
-# Distributed under the terms of the GNU General Public License v2 |
| 45 |
-# $Id$ |
| 46 |
- |
| 47 |
-EAPI="4" |
| 48 |
- |
| 49 |
-inherit eutils unpacker |
| 50 |
- |
| 51 |
-DESCRIPTION="Common CA Certificates PEM files" |
| 52 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
| 53 |
-#NMU_PR="1" |
| 54 |
-SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
| 55 |
- |
| 56 |
-LICENSE="MPL-1.1" |
| 57 |
-SLOT="0" |
| 58 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
| 59 |
-IUSE="" |
| 60 |
- |
| 61 |
-# platforms like AIX don't have a good ar |
| 62 |
-DEPEND="kernel_AIX? ( app-arch/deb2targz ) |
| 63 |
- !<sys-apps/portage-2.1.10.41" |
| 64 |
-# openssl: we run `c_rehash` |
| 65 |
-# debianutils: we run `run-parts` |
| 66 |
-RDEPEND="${DEPEND} |
| 67 |
- dev-libs/openssl |
| 68 |
- sys-apps/debianutils" |
| 69 |
- |
| 70 |
-S=${WORKDIR} |
| 71 |
- |
| 72 |
-pkg_setup() { |
| 73 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
| 74 |
- # we need to tell users about it once manually first. |
| 75 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
| 76 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
| 77 |
-} |
| 78 |
- |
| 79 |
-src_unpack() { |
| 80 |
- if [[ -n ${EPREFIX} ]] ; then |
| 81 |
- # need to perform everything in the offset, #381937 |
| 82 |
- mkdir -p "./${EPREFIX}" |
| 83 |
- cd "./${EPREFIX}" || die |
| 84 |
- fi |
| 85 |
- unpack_deb ${A} |
| 86 |
-} |
| 87 |
- |
| 88 |
-src_prepare() { |
| 89 |
- cd "./${EPREFIX}" || die |
| 90 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
| 91 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 92 |
- sed -i \ |
| 93 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
| 94 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
| 95 |
- usr/sbin/update-ca-certificates || die |
| 96 |
-} |
| 97 |
- |
| 98 |
-src_compile() { |
| 99 |
- ( |
| 100 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
| 101 |
- echo "# $(date -u)" |
| 102 |
- echo "# Do not edit." |
| 103 |
- cd "${S}${EPREFIX}"/usr/share/ca-certificates |
| 104 |
- find * -name '*.crt' | LC_ALL=C sort |
| 105 |
- ) > "${S}${EPREFIX}"/etc/ca-certificates.conf |
| 106 |
- |
| 107 |
- sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die |
| 108 |
-} |
| 109 |
- |
| 110 |
-src_install() { |
| 111 |
- cp -pPR . "${D}"/ || die |
| 112 |
- |
| 113 |
- mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die |
| 114 |
- |
| 115 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
| 116 |
- doenvd 98ca-certificates |
| 117 |
-} |
| 118 |
- |
| 119 |
-pkg_postinst() { |
| 120 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
| 121 |
- # if the user has local certs, we need to rebuild again |
| 122 |
- # to include their stuff in the db. |
| 123 |
- # However it's too overzealous when the user has custom certs in place. |
| 124 |
- # --fresh is to clean up dangling symlinks |
| 125 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
| 126 |
- fi |
| 127 |
- |
| 128 |
- local c badcerts=0 |
| 129 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
| 130 |
- ewarn "Broken symlink for a certificate at $c" |
| 131 |
- badcerts=1 |
| 132 |
- done |
| 133 |
- if [ $badcerts -eq 1 ]; then |
| 134 |
- ewarn "Removing the following broken symlinks:" |
| 135 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
| 136 |
- fi |
| 137 |
-} |
| 138 |
|
| 139 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild |
| 140 |
deleted file mode 100644 |
| 141 |
index df086ec..0000000 |
| 142 |
--- a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild |
| 143 |
+++ /dev/null |
| 144 |
@@ -1,178 +0,0 @@ |
| 145 |
-# Copyright 1999-2014 Gentoo Foundation |
| 146 |
-# Distributed under the terms of the GNU General Public License v2 |
| 147 |
-# $Id$ |
| 148 |
- |
| 149 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
| 150 |
-# in the nss package and repackages it for use by openssl. |
| 151 |
-# |
| 152 |
-# The issue with using the compiled debs directly is two fold: |
| 153 |
-# - they do not update frequently enough for us to rely on them |
| 154 |
-# - they pull the CA database from nss tip of tree rather than the release |
| 155 |
-# |
| 156 |
-# So we take the Debian source tools and combine them with the latest nss |
| 157 |
-# release to produce (largely) the same end result. The difference is that |
| 158 |
-# now we know our cert database is kept in sync with nss and, if need be, |
| 159 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
| 160 |
- |
| 161 |
-# When triaging bugs from users, here's some handy tips: |
| 162 |
-# - To see what cert is hitting errors, use openssl: |
| 163 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
| 164 |
-# Focus on the errors written to stderr. |
| 165 |
-# |
| 166 |
-# - Look at the upstream log as to why certs were added/removed: |
| 167 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
| 168 |
-# |
| 169 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
| 170 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
| 171 |
- |
| 172 |
-EAPI="4" |
| 173 |
- |
| 174 |
-inherit eutils |
| 175 |
- |
| 176 |
-if [[ ${PV} == *.* ]] ; then |
| 177 |
- # Compile from source ourselves. |
| 178 |
- PRECOMPILED=false |
| 179 |
- inherit versionator |
| 180 |
- |
| 181 |
- DEB_VER=$(get_version_component_range 1) |
| 182 |
- NSS_VER=$(get_version_component_range 2-) |
| 183 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
| 184 |
-else |
| 185 |
- # Debian precompiled version. |
| 186 |
- PRECOMPILED=true |
| 187 |
- inherit unpacker |
| 188 |
-fi |
| 189 |
- |
| 190 |
-DESCRIPTION="Common CA Certificates PEM files" |
| 191 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
| 192 |
-if ${PRECOMPILED} ; then |
| 193 |
- #NMU_PR="1" |
| 194 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
| 195 |
-else |
| 196 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
| 197 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
| 198 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
| 199 |
-fi |
| 200 |
- |
| 201 |
-LICENSE="MPL-1.1" |
| 202 |
-SLOT="0" |
| 203 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
| 204 |
-IUSE="" |
| 205 |
-${PRECOMPILED} || IUSE+=" +cacert" |
| 206 |
- |
| 207 |
-DEPEND="" |
| 208 |
-if ${PRECOMPILED} ; then |
| 209 |
- # platforms like AIX don't have a good ar |
| 210 |
- DEPEND+=" |
| 211 |
- kernel_AIX? ( app-arch/deb2targz ) |
| 212 |
- !<sys-apps/portage-2.1.10.41" |
| 213 |
-fi |
| 214 |
-# openssl: we run `c_rehash` |
| 215 |
-# debianutils: we run `run-parts` |
| 216 |
-RDEPEND="${DEPEND} |
| 217 |
- dev-libs/openssl |
| 218 |
- sys-apps/debianutils" |
| 219 |
- |
| 220 |
-S=${WORKDIR} |
| 221 |
- |
| 222 |
-pkg_setup() { |
| 223 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
| 224 |
- # we need to tell users about it once manually first. |
| 225 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
| 226 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
| 227 |
-} |
| 228 |
- |
| 229 |
-src_unpack() { |
| 230 |
- ${PRECOMPILED} || default |
| 231 |
- |
| 232 |
- # Do all the work in the image subdir to avoid conflicting with source |
| 233 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
| 234 |
- mkdir -p "image/${EPREFIX}" |
| 235 |
- cd "image/${EPREFIX}" || die |
| 236 |
- |
| 237 |
- ${PRECOMPILED} && unpacker_src_unpack |
| 238 |
-} |
| 239 |
- |
| 240 |
-src_prepare() { |
| 241 |
- cd "image/${EPREFIX}" || die |
| 242 |
- if ! ${PRECOMPILED} ; then |
| 243 |
- mkdir -p usr/sbin |
| 244 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
| 245 |
- |
| 246 |
- if use cacert ; then |
| 247 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
| 248 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
| 249 |
- popd >/dev/null |
| 250 |
- fi |
| 251 |
- fi |
| 252 |
- |
| 253 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
| 254 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 255 |
- sed -i \ |
| 256 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
| 257 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
| 258 |
- usr/sbin/update-ca-certificates || die |
| 259 |
-} |
| 260 |
- |
| 261 |
-src_compile() { |
| 262 |
- cd "image/${EPREFIX}" || die |
| 263 |
- if ! ${PRECOMPILED} ; then |
| 264 |
- local d="${S}/${PN}/mozilla" |
| 265 |
- # Grab the database from the nss sources. |
| 266 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
| 267 |
- emake -C "${d}" |
| 268 |
- |
| 269 |
- # Now move the files to the same places that the precompiled would. |
| 270 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
| 271 |
- if use cacert ; then |
| 272 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
| 273 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
| 274 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
| 275 |
- fi |
| 276 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
| 277 |
- else |
| 278 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
| 279 |
- fi |
| 280 |
- |
| 281 |
- ( |
| 282 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
| 283 |
- echo "# $(date -u)" |
| 284 |
- echo "# Do not edit." |
| 285 |
- cd usr/share/ca-certificates |
| 286 |
- find * -name '*.crt' | LC_ALL=C sort |
| 287 |
- ) > etc/ca-certificates.conf |
| 288 |
- |
| 289 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
| 290 |
-} |
| 291 |
- |
| 292 |
-src_install() { |
| 293 |
- cp -pPR image/* "${D}"/ || die |
| 294 |
- if ! ${PRECOMPILED} ; then |
| 295 |
- cd ca-certificates |
| 296 |
- doman sbin/*.8 |
| 297 |
- dodoc debian/README.* examples/ca-certificates-local/README |
| 298 |
- fi |
| 299 |
- |
| 300 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
| 301 |
- doenvd 98ca-certificates |
| 302 |
-} |
| 303 |
- |
| 304 |
-pkg_postinst() { |
| 305 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
| 306 |
- # if the user has local certs, we need to rebuild again |
| 307 |
- # to include their stuff in the db. |
| 308 |
- # However it's too overzealous when the user has custom certs in place. |
| 309 |
- # --fresh is to clean up dangling symlinks |
| 310 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
| 311 |
- fi |
| 312 |
- |
| 313 |
- local c badcerts=0 |
| 314 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
| 315 |
- ewarn "Broken symlink for a certificate at $c" |
| 316 |
- badcerts=1 |
| 317 |
- done |
| 318 |
- if [ $badcerts -eq 1 ]; then |
| 319 |
- ewarn "Removing the following broken symlinks:" |
| 320 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
| 321 |
- fi |
| 322 |
-} |
| 323 |
|
| 324 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild |
| 325 |
deleted file mode 100644 |
| 326 |
index 81b211a..0000000 |
| 327 |
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild |
| 328 |
+++ /dev/null |
| 329 |
@@ -1,184 +0,0 @@ |
| 330 |
-# Copyright 1999-2015 Gentoo Foundation |
| 331 |
-# Distributed under the terms of the GNU General Public License v2 |
| 332 |
-# $Id$ |
| 333 |
- |
| 334 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
| 335 |
-# in the nss package and repackages it for use by openssl. |
| 336 |
-# |
| 337 |
-# The issue with using the compiled debs directly is two fold: |
| 338 |
-# - they do not update frequently enough for us to rely on them |
| 339 |
-# - they pull the CA database from nss tip of tree rather than the release |
| 340 |
-# |
| 341 |
-# So we take the Debian source tools and combine them with the latest nss |
| 342 |
-# release to produce (largely) the same end result. The difference is that |
| 343 |
-# now we know our cert database is kept in sync with nss and, if need be, |
| 344 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
| 345 |
- |
| 346 |
-# When triaging bugs from users, here's some handy tips: |
| 347 |
-# - To see what cert is hitting errors, use openssl: |
| 348 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
| 349 |
-# Focus on the errors written to stderr. |
| 350 |
-# |
| 351 |
-# - Look at the upstream log as to why certs were added/removed: |
| 352 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
| 353 |
-# |
| 354 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
| 355 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
| 356 |
- |
| 357 |
-EAPI="4" |
| 358 |
-PYTHON_COMPAT=( python2_7 ) |
| 359 |
- |
| 360 |
-inherit eutils python-any-r1 |
| 361 |
- |
| 362 |
-if [[ ${PV} == *.* ]] ; then |
| 363 |
- # Compile from source ourselves. |
| 364 |
- PRECOMPILED=false |
| 365 |
- inherit versionator |
| 366 |
- |
| 367 |
- DEB_VER=$(get_version_component_range 1) |
| 368 |
- NSS_VER=$(get_version_component_range 2-) |
| 369 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
| 370 |
-else |
| 371 |
- # Debian precompiled version. |
| 372 |
- PRECOMPILED=true |
| 373 |
- inherit unpacker |
| 374 |
-fi |
| 375 |
- |
| 376 |
-DESCRIPTION="Common CA Certificates PEM files" |
| 377 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
| 378 |
-if ${PRECOMPILED} ; then |
| 379 |
- #NMU_PR="1" |
| 380 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
| 381 |
-else |
| 382 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
| 383 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
| 384 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
| 385 |
-fi |
| 386 |
- |
| 387 |
-LICENSE="MPL-1.1" |
| 388 |
-SLOT="0" |
| 389 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
| 390 |
-IUSE="" |
| 391 |
-${PRECOMPILED} || IUSE+=" +cacert" |
| 392 |
- |
| 393 |
-DEPEND="" |
| 394 |
-if ${PRECOMPILED} ; then |
| 395 |
- # platforms like AIX don't have a good ar |
| 396 |
- DEPEND+=" |
| 397 |
- kernel_AIX? ( app-arch/deb2targz ) |
| 398 |
- !<sys-apps/portage-2.1.10.41" |
| 399 |
-fi |
| 400 |
-# openssl: we run `c_rehash` |
| 401 |
-# debianutils: we run `run-parts` |
| 402 |
-RDEPEND="${DEPEND} |
| 403 |
- dev-libs/openssl |
| 404 |
- sys-apps/debianutils" |
| 405 |
- |
| 406 |
-if ! ${PRECOMPILED}; then |
| 407 |
- DEPEND+=" ${PYTHON_DEPS}" |
| 408 |
-fi |
| 409 |
- |
| 410 |
-S=${WORKDIR} |
| 411 |
- |
| 412 |
-pkg_setup() { |
| 413 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
| 414 |
- # we need to tell users about it once manually first. |
| 415 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
| 416 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
| 417 |
-} |
| 418 |
- |
| 419 |
-src_unpack() { |
| 420 |
- ${PRECOMPILED} || default |
| 421 |
- |
| 422 |
- # Do all the work in the image subdir to avoid conflicting with source |
| 423 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
| 424 |
- mkdir -p "image/${EPREFIX}" |
| 425 |
- cd "image/${EPREFIX}" || die |
| 426 |
- |
| 427 |
- ${PRECOMPILED} && unpacker_src_unpack |
| 428 |
-} |
| 429 |
- |
| 430 |
-src_prepare() { |
| 431 |
- cd "image/${EPREFIX}" || die |
| 432 |
- if ! ${PRECOMPILED} ; then |
| 433 |
- mkdir -p usr/sbin |
| 434 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
| 435 |
- |
| 436 |
- if use cacert ; then |
| 437 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
| 438 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
| 439 |
- popd >/dev/null |
| 440 |
- fi |
| 441 |
- fi |
| 442 |
- |
| 443 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
| 444 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 445 |
- sed -i \ |
| 446 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
| 447 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
| 448 |
- usr/sbin/update-ca-certificates || die |
| 449 |
-} |
| 450 |
- |
| 451 |
-src_compile() { |
| 452 |
- cd "image/${EPREFIX}" || die |
| 453 |
- if ! ${PRECOMPILED} ; then |
| 454 |
- python_setup |
| 455 |
- local d="${S}/${PN}/mozilla" |
| 456 |
- # Grab the database from the nss sources. |
| 457 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
| 458 |
- emake -C "${d}" |
| 459 |
- |
| 460 |
- # Now move the files to the same places that the precompiled would. |
| 461 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
| 462 |
- if use cacert ; then |
| 463 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
| 464 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
| 465 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
| 466 |
- fi |
| 467 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
| 468 |
- else |
| 469 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
| 470 |
- fi |
| 471 |
- |
| 472 |
- ( |
| 473 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
| 474 |
- echo "# $(date -u)" |
| 475 |
- echo "# Do not edit." |
| 476 |
- cd usr/share/ca-certificates |
| 477 |
- find * -name '*.crt' | LC_ALL=C sort |
| 478 |
- ) > etc/ca-certificates.conf |
| 479 |
- |
| 480 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
| 481 |
-} |
| 482 |
- |
| 483 |
-src_install() { |
| 484 |
- cp -pPR image/* "${D}"/ || die |
| 485 |
- if ! ${PRECOMPILED} ; then |
| 486 |
- cd ca-certificates |
| 487 |
- doman sbin/*.8 |
| 488 |
- dodoc debian/README.* examples/ca-certificates-local/README |
| 489 |
- fi |
| 490 |
- |
| 491 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
| 492 |
- doenvd 98ca-certificates |
| 493 |
-} |
| 494 |
- |
| 495 |
-pkg_postinst() { |
| 496 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
| 497 |
- # if the user has local certs, we need to rebuild again |
| 498 |
- # to include their stuff in the db. |
| 499 |
- # However it's too overzealous when the user has custom certs in place. |
| 500 |
- # --fresh is to clean up dangling symlinks |
| 501 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
| 502 |
- fi |
| 503 |
- |
| 504 |
- local c badcerts=0 |
| 505 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
| 506 |
- ewarn "Broken symlink for a certificate at $c" |
| 507 |
- badcerts=1 |
| 508 |
- done |
| 509 |
- if [ $badcerts -eq 1 ]; then |
| 510 |
- ewarn "Removing the following broken symlinks:" |
| 511 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
| 512 |
- fi |
| 513 |
-} |
| 514 |
|
| 515 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild |
| 516 |
deleted file mode 100644 |
| 517 |
index 81b211a..0000000 |
| 518 |
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild |
| 519 |
+++ /dev/null |
| 520 |
@@ -1,184 +0,0 @@ |
| 521 |
-# Copyright 1999-2015 Gentoo Foundation |
| 522 |
-# Distributed under the terms of the GNU General Public License v2 |
| 523 |
-# $Id$ |
| 524 |
- |
| 525 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
| 526 |
-# in the nss package and repackages it for use by openssl. |
| 527 |
-# |
| 528 |
-# The issue with using the compiled debs directly is two fold: |
| 529 |
-# - they do not update frequently enough for us to rely on them |
| 530 |
-# - they pull the CA database from nss tip of tree rather than the release |
| 531 |
-# |
| 532 |
-# So we take the Debian source tools and combine them with the latest nss |
| 533 |
-# release to produce (largely) the same end result. The difference is that |
| 534 |
-# now we know our cert database is kept in sync with nss and, if need be, |
| 535 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
| 536 |
- |
| 537 |
-# When triaging bugs from users, here's some handy tips: |
| 538 |
-# - To see what cert is hitting errors, use openssl: |
| 539 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
| 540 |
-# Focus on the errors written to stderr. |
| 541 |
-# |
| 542 |
-# - Look at the upstream log as to why certs were added/removed: |
| 543 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
| 544 |
-# |
| 545 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
| 546 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
| 547 |
- |
| 548 |
-EAPI="4" |
| 549 |
-PYTHON_COMPAT=( python2_7 ) |
| 550 |
- |
| 551 |
-inherit eutils python-any-r1 |
| 552 |
- |
| 553 |
-if [[ ${PV} == *.* ]] ; then |
| 554 |
- # Compile from source ourselves. |
| 555 |
- PRECOMPILED=false |
| 556 |
- inherit versionator |
| 557 |
- |
| 558 |
- DEB_VER=$(get_version_component_range 1) |
| 559 |
- NSS_VER=$(get_version_component_range 2-) |
| 560 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
| 561 |
-else |
| 562 |
- # Debian precompiled version. |
| 563 |
- PRECOMPILED=true |
| 564 |
- inherit unpacker |
| 565 |
-fi |
| 566 |
- |
| 567 |
-DESCRIPTION="Common CA Certificates PEM files" |
| 568 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
| 569 |
-if ${PRECOMPILED} ; then |
| 570 |
- #NMU_PR="1" |
| 571 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
| 572 |
-else |
| 573 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
| 574 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
| 575 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
| 576 |
-fi |
| 577 |
- |
| 578 |
-LICENSE="MPL-1.1" |
| 579 |
-SLOT="0" |
| 580 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
| 581 |
-IUSE="" |
| 582 |
-${PRECOMPILED} || IUSE+=" +cacert" |
| 583 |
- |
| 584 |
-DEPEND="" |
| 585 |
-if ${PRECOMPILED} ; then |
| 586 |
- # platforms like AIX don't have a good ar |
| 587 |
- DEPEND+=" |
| 588 |
- kernel_AIX? ( app-arch/deb2targz ) |
| 589 |
- !<sys-apps/portage-2.1.10.41" |
| 590 |
-fi |
| 591 |
-# openssl: we run `c_rehash` |
| 592 |
-# debianutils: we run `run-parts` |
| 593 |
-RDEPEND="${DEPEND} |
| 594 |
- dev-libs/openssl |
| 595 |
- sys-apps/debianutils" |
| 596 |
- |
| 597 |
-if ! ${PRECOMPILED}; then |
| 598 |
- DEPEND+=" ${PYTHON_DEPS}" |
| 599 |
-fi |
| 600 |
- |
| 601 |
-S=${WORKDIR} |
| 602 |
- |
| 603 |
-pkg_setup() { |
| 604 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
| 605 |
- # we need to tell users about it once manually first. |
| 606 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
| 607 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
| 608 |
-} |
| 609 |
- |
| 610 |
-src_unpack() { |
| 611 |
- ${PRECOMPILED} || default |
| 612 |
- |
| 613 |
- # Do all the work in the image subdir to avoid conflicting with source |
| 614 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
| 615 |
- mkdir -p "image/${EPREFIX}" |
| 616 |
- cd "image/${EPREFIX}" || die |
| 617 |
- |
| 618 |
- ${PRECOMPILED} && unpacker_src_unpack |
| 619 |
-} |
| 620 |
- |
| 621 |
-src_prepare() { |
| 622 |
- cd "image/${EPREFIX}" || die |
| 623 |
- if ! ${PRECOMPILED} ; then |
| 624 |
- mkdir -p usr/sbin |
| 625 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
| 626 |
- |
| 627 |
- if use cacert ; then |
| 628 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
| 629 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
| 630 |
- popd >/dev/null |
| 631 |
- fi |
| 632 |
- fi |
| 633 |
- |
| 634 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
| 635 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 636 |
- sed -i \ |
| 637 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
| 638 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
| 639 |
- usr/sbin/update-ca-certificates || die |
| 640 |
-} |
| 641 |
- |
| 642 |
-src_compile() { |
| 643 |
- cd "image/${EPREFIX}" || die |
| 644 |
- if ! ${PRECOMPILED} ; then |
| 645 |
- python_setup |
| 646 |
- local d="${S}/${PN}/mozilla" |
| 647 |
- # Grab the database from the nss sources. |
| 648 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
| 649 |
- emake -C "${d}" |
| 650 |
- |
| 651 |
- # Now move the files to the same places that the precompiled would. |
| 652 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
| 653 |
- if use cacert ; then |
| 654 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
| 655 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
| 656 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
| 657 |
- fi |
| 658 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
| 659 |
- else |
| 660 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
| 661 |
- fi |
| 662 |
- |
| 663 |
- ( |
| 664 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
| 665 |
- echo "# $(date -u)" |
| 666 |
- echo "# Do not edit." |
| 667 |
- cd usr/share/ca-certificates |
| 668 |
- find * -name '*.crt' | LC_ALL=C sort |
| 669 |
- ) > etc/ca-certificates.conf |
| 670 |
- |
| 671 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
| 672 |
-} |
| 673 |
- |
| 674 |
-src_install() { |
| 675 |
- cp -pPR image/* "${D}"/ || die |
| 676 |
- if ! ${PRECOMPILED} ; then |
| 677 |
- cd ca-certificates |
| 678 |
- doman sbin/*.8 |
| 679 |
- dodoc debian/README.* examples/ca-certificates-local/README |
| 680 |
- fi |
| 681 |
- |
| 682 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
| 683 |
- doenvd 98ca-certificates |
| 684 |
-} |
| 685 |
- |
| 686 |
-pkg_postinst() { |
| 687 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
| 688 |
- # if the user has local certs, we need to rebuild again |
| 689 |
- # to include their stuff in the db. |
| 690 |
- # However it's too overzealous when the user has custom certs in place. |
| 691 |
- # --fresh is to clean up dangling symlinks |
| 692 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
| 693 |
- fi |
| 694 |
- |
| 695 |
- local c badcerts=0 |
| 696 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
| 697 |
- ewarn "Broken symlink for a certificate at $c" |
| 698 |
- badcerts=1 |
| 699 |
- done |
| 700 |
- if [ $badcerts -eq 1 ]; then |
| 701 |
- ewarn "Removing the following broken symlinks:" |
| 702 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
| 703 |
- fi |
| 704 |
-} |
| 705 |
|
| 706 |
diff --git a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild b/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild |
| 707 |
deleted file mode 100644 |
| 708 |
index c29feef..0000000 |
| 709 |
--- a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild |
| 710 |
+++ /dev/null |
| 711 |
@@ -1,184 +0,0 @@ |
| 712 |
-# Copyright 1999-2015 Gentoo Foundation |
| 713 |
-# Distributed under the terms of the GNU General Public License v2 |
| 714 |
-# $Id$ |
| 715 |
- |
| 716 |
-# The Debian ca-certificates package merely takes the CA database as it exists |
| 717 |
-# in the nss package and repackages it for use by openssl. |
| 718 |
-# |
| 719 |
-# The issue with using the compiled debs directly is two fold: |
| 720 |
-# - they do not update frequently enough for us to rely on them |
| 721 |
-# - they pull the CA database from nss tip of tree rather than the release |
| 722 |
-# |
| 723 |
-# So we take the Debian source tools and combine them with the latest nss |
| 724 |
-# release to produce (largely) the same end result. The difference is that |
| 725 |
-# now we know our cert database is kept in sync with nss and, if need be, |
| 726 |
-# can be sync with nss tip of tree more frequently to respond to bugs. |
| 727 |
- |
| 728 |
-# When triaging bugs from users, here's some handy tips: |
| 729 |
-# - To see what cert is hitting errors, use openssl: |
| 730 |
-# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
| 731 |
-# Focus on the errors written to stderr. |
| 732 |
-# |
| 733 |
-# - Look at the upstream log as to why certs were added/removed: |
| 734 |
-# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
| 735 |
-# |
| 736 |
-# - If people want to add/remove certs, tell them to file w/mozilla: |
| 737 |
-# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
| 738 |
- |
| 739 |
-EAPI="4" |
| 740 |
-PYTHON_COMPAT=( python2_7 ) |
| 741 |
- |
| 742 |
-inherit eutils python-any-r1 |
| 743 |
- |
| 744 |
-if [[ ${PV} == *.* ]] ; then |
| 745 |
- # Compile from source ourselves. |
| 746 |
- PRECOMPILED=false |
| 747 |
- inherit versionator |
| 748 |
- |
| 749 |
- DEB_VER=$(get_version_component_range 1) |
| 750 |
- NSS_VER=$(get_version_component_range 2-) |
| 751 |
- RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
| 752 |
-else |
| 753 |
- # Debian precompiled version. |
| 754 |
- PRECOMPILED=true |
| 755 |
- inherit unpacker |
| 756 |
-fi |
| 757 |
- |
| 758 |
-DESCRIPTION="Common CA Certificates PEM files" |
| 759 |
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
| 760 |
-NMU_PR="" |
| 761 |
-if ${PRECOMPILED} ; then |
| 762 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
| 763 |
-else |
| 764 |
- SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
| 765 |
- ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
| 766 |
- cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
| 767 |
-fi |
| 768 |
- |
| 769 |
-LICENSE="MPL-1.1" |
| 770 |
-SLOT="0" |
| 771 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
| 772 |
-IUSE="" |
| 773 |
-${PRECOMPILED} || IUSE+=" +cacert" |
| 774 |
- |
| 775 |
-DEPEND="" |
| 776 |
-if ${PRECOMPILED} ; then |
| 777 |
- # platforms like AIX don't have a good ar |
| 778 |
- DEPEND+=" |
| 779 |
- kernel_AIX? ( app-arch/deb2targz ) |
| 780 |
- !<sys-apps/portage-2.1.10.41" |
| 781 |
-fi |
| 782 |
-# openssl: we run `c_rehash` |
| 783 |
-# debianutils: we run `run-parts` |
| 784 |
-RDEPEND="${DEPEND} |
| 785 |
- dev-libs/openssl |
| 786 |
- sys-apps/debianutils" |
| 787 |
- |
| 788 |
-if ! ${PRECOMPILED}; then |
| 789 |
- DEPEND+=" ${PYTHON_DEPS}" |
| 790 |
-fi |
| 791 |
- |
| 792 |
-S=${WORKDIR} |
| 793 |
- |
| 794 |
-pkg_setup() { |
| 795 |
- # For the conversion to having it in CONFIG_PROTECT_MASK, |
| 796 |
- # we need to tell users about it once manually first. |
| 797 |
- [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
| 798 |
- || ewarn "You should run update-ca-certificates manually after etc-update" |
| 799 |
-} |
| 800 |
- |
| 801 |
-src_unpack() { |
| 802 |
- ${PRECOMPILED} || default |
| 803 |
- |
| 804 |
- # Do all the work in the image subdir to avoid conflicting with source |
| 805 |
- # dirs in $WORKDIR. Need to perform everything in the offset #381937 |
| 806 |
- mkdir -p "image/${EPREFIX}" |
| 807 |
- cd "image/${EPREFIX}" || die |
| 808 |
- |
| 809 |
- ${PRECOMPILED} && unpacker_src_unpack |
| 810 |
-} |
| 811 |
- |
| 812 |
-src_prepare() { |
| 813 |
- cd "image/${EPREFIX}" || die |
| 814 |
- if ! ${PRECOMPILED} ; then |
| 815 |
- mkdir -p usr/sbin |
| 816 |
- cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
| 817 |
- |
| 818 |
- if use cacert ; then |
| 819 |
- pushd "${S}"/nss-${NSS_VER} >/dev/null |
| 820 |
- epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
| 821 |
- popd >/dev/null |
| 822 |
- fi |
| 823 |
- fi |
| 824 |
- |
| 825 |
- epatch "${FILESDIR}"/${PN}-20110502-root.patch |
| 826 |
- local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 827 |
- sed -i \ |
| 828 |
- -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
| 829 |
- -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
| 830 |
- usr/sbin/update-ca-certificates || die |
| 831 |
-} |
| 832 |
- |
| 833 |
-src_compile() { |
| 834 |
- cd "image/${EPREFIX}" || die |
| 835 |
- if ! ${PRECOMPILED} ; then |
| 836 |
- python_setup |
| 837 |
- local d="${S}/${PN}/mozilla" |
| 838 |
- # Grab the database from the nss sources. |
| 839 |
- cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
| 840 |
- emake -C "${d}" |
| 841 |
- |
| 842 |
- # Now move the files to the same places that the precompiled would. |
| 843 |
- mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
| 844 |
- if use cacert ; then |
| 845 |
- mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
| 846 |
- mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
| 847 |
- mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
| 848 |
- fi |
| 849 |
- mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
| 850 |
- else |
| 851 |
- mv usr/share/doc/{ca-certificates,${PF}} || die |
| 852 |
- fi |
| 853 |
- |
| 854 |
- ( |
| 855 |
- echo "# Automatically generated by ${CATEGORY}/${PF}" |
| 856 |
- echo "# $(date -u)" |
| 857 |
- echo "# Do not edit." |
| 858 |
- cd usr/share/ca-certificates |
| 859 |
- find * -name '*.crt' | LC_ALL=C sort |
| 860 |
- ) > etc/ca-certificates.conf |
| 861 |
- |
| 862 |
- sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
| 863 |
-} |
| 864 |
- |
| 865 |
-src_install() { |
| 866 |
- cp -pPR image/* "${D}"/ || die |
| 867 |
- if ! ${PRECOMPILED} ; then |
| 868 |
- cd ca-certificates |
| 869 |
- doman sbin/*.8 |
| 870 |
- dodoc debian/README.* examples/ca-certificates-local/README |
| 871 |
- fi |
| 872 |
- |
| 873 |
- echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
| 874 |
- doenvd 98ca-certificates |
| 875 |
-} |
| 876 |
- |
| 877 |
-pkg_postinst() { |
| 878 |
- if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
| 879 |
- # if the user has local certs, we need to rebuild again |
| 880 |
- # to include their stuff in the db. |
| 881 |
- # However it's too overzealous when the user has custom certs in place. |
| 882 |
- # --fresh is to clean up dangling symlinks |
| 883 |
- "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
| 884 |
- fi |
| 885 |
- |
| 886 |
- local c badcerts=0 |
| 887 |
- for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
| 888 |
- ewarn "Broken symlink for a certificate at $c" |
| 889 |
- badcerts=1 |
| 890 |
- done |
| 891 |
- if [ $badcerts -eq 1 ]; then |
| 892 |
- ewarn "Removing the following broken symlinks:" |
| 893 |
- ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
| 894 |
- fi |
| 895 |
-} |
Archives