1 |
zerochaos 14/03/27 00:49:50 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: ca-certificates-20130906-r1.ebuild |
5 |
ca-certificates-20140223.3.15.5-r1.ebuild |
6 |
ca-certificates-20140223.3.16-r1.ebuild |
7 |
ca-certificates-20140223-r1.ebuild |
8 |
Removed: ca-certificates-20140223.3.16.ebuild |
9 |
ca-certificates-20140223.ebuild |
10 |
ca-certificates-20130906.ebuild |
11 |
ca-certificates-20140223.3.15.5.ebuild |
12 |
Log: |
13 |
fix for bug #475352, remove broken symlinks |
14 |
|
15 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, RepoMan options: --force, signed Manifest commit with key DD11F94A) |
16 |
|
17 |
Revision Changes Path |
18 |
1.103 app-misc/ca-certificates/ChangeLog |
19 |
|
20 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?rev=1.103&view=markup |
21 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?rev=1.103&content-type=text/plain |
22 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?r1=1.102&r2=1.103 |
23 |
|
24 |
Index: ChangeLog |
25 |
=================================================================== |
26 |
RCS file: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v |
27 |
retrieving revision 1.102 |
28 |
retrieving revision 1.103 |
29 |
diff -u -r1.102 -r1.103 |
30 |
--- ChangeLog 22 Mar 2014 09:34:05 -0000 1.102 |
31 |
+++ ChangeLog 27 Mar 2014 00:49:50 -0000 1.103 |
32 |
@@ -1,6 +1,19 @@ |
33 |
# ChangeLog for app-misc/ca-certificates |
34 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
35 |
-# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.102 2014/03/22 09:34:05 vapier Exp $ |
36 |
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.103 2014/03/27 00:49:50 zerochaos Exp $ |
37 |
+ |
38 |
+*ca-certificates-20130906-r1 (27 Mar 2014) |
39 |
+*ca-certificates-20140223.3.16-r1 (27 Mar 2014) |
40 |
+*ca-certificates-20140223.3.15.5-r1 (27 Mar 2014) |
41 |
+*ca-certificates-20140223-r1 (27 Mar 2014) |
42 |
+ |
43 |
+ 27 Mar 2014; Rick Farina <zerochaos@g.o> |
44 |
+ +ca-certificates-20130906-r1.ebuild, +ca-certificates-20140223-r1.ebuild, |
45 |
+ +ca-certificates-20140223.3.15.5-r1.ebuild, |
46 |
+ +ca-certificates-20140223.3.16-r1.ebuild, -ca-certificates-20130906.ebuild, |
47 |
+ -ca-certificates-20140223.3.15.5.ebuild, |
48 |
+ -ca-certificates-20140223.3.16.ebuild, -ca-certificates-20140223.ebuild: |
49 |
+ fix for bug #475352, remove broken symlinks |
50 |
|
51 |
*ca-certificates-20140223.3.16 (22 Mar 2014) |
52 |
|
53 |
|
54 |
|
55 |
|
56 |
1.1 app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild |
57 |
|
58 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild?rev=1.1&view=markup |
59 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild?rev=1.1&content-type=text/plain |
60 |
|
61 |
Index: ca-certificates-20130906-r1.ebuild |
62 |
=================================================================== |
63 |
# Copyright 1999-2014 Gentoo Foundation |
64 |
# Distributed under the terms of the GNU General Public License v2 |
65 |
# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild,v 1.1 2014/03/27 00:49:50 zerochaos Exp $ |
66 |
|
67 |
EAPI="4" |
68 |
|
69 |
inherit eutils unpacker |
70 |
|
71 |
DESCRIPTION="Common CA Certificates PEM files" |
72 |
HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
73 |
#NMU_PR="1" |
74 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
75 |
|
76 |
LICENSE="MPL-1.1" |
77 |
SLOT="0" |
78 |
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
79 |
IUSE="" |
80 |
|
81 |
# platforms like AIX don't have a good ar |
82 |
DEPEND="kernel_AIX? ( app-arch/deb2targz ) |
83 |
!<sys-apps/portage-2.1.10.41" |
84 |
# openssl: we run `c_rehash` |
85 |
# debianutils: we run `run-parts` |
86 |
RDEPEND="${DEPEND} |
87 |
dev-libs/openssl |
88 |
sys-apps/debianutils" |
89 |
|
90 |
S=${WORKDIR} |
91 |
|
92 |
pkg_setup() { |
93 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
94 |
# we need to tell users about it once manually first. |
95 |
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
96 |
|| ewarn "You should run update-ca-certificates manually after etc-update" |
97 |
} |
98 |
|
99 |
src_unpack() { |
100 |
if [[ -n ${EPREFIX} ]] ; then |
101 |
# need to perform everything in the offset, #381937 |
102 |
mkdir -p "./${EPREFIX}" |
103 |
cd "./${EPREFIX}" || die |
104 |
fi |
105 |
unpack_deb ${A} |
106 |
} |
107 |
|
108 |
src_prepare() { |
109 |
cd "./${EPREFIX}" || die |
110 |
epatch "${FILESDIR}"/${PN}-20110502-root.patch |
111 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
112 |
sed -i \ |
113 |
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
114 |
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
115 |
usr/sbin/update-ca-certificates || die |
116 |
} |
117 |
|
118 |
src_compile() { |
119 |
( |
120 |
echo "# Automatically generated by ${CATEGORY}/${PF}" |
121 |
echo "# $(date -u)" |
122 |
echo "# Do not edit." |
123 |
cd "${S}${EPREFIX}"/usr/share/ca-certificates |
124 |
find * -name '*.crt' | LC_ALL=C sort |
125 |
) > "${S}${EPREFIX}"/etc/ca-certificates.conf |
126 |
|
127 |
sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die |
128 |
} |
129 |
|
130 |
src_install() { |
131 |
cp -pPR . "${D}"/ || die |
132 |
|
133 |
mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die |
134 |
|
135 |
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
136 |
doenvd 98ca-certificates |
137 |
} |
138 |
|
139 |
pkg_postinst() { |
140 |
if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
141 |
# if the user has local certs, we need to rebuild again |
142 |
# to include their stuff in the db. |
143 |
# However it's too overzealous when the user has custom certs in place. |
144 |
# --fresh is to clean up dangling symlinks |
145 |
"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
146 |
fi |
147 |
|
148 |
local c badcerts=0 |
149 |
for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
150 |
ewarn "Broken symlink for a certificate at $c" |
151 |
badcerts=1 |
152 |
done |
153 |
if [ $badcerts -eq 1 ]; then |
154 |
ewarn "Removing the following broken symlinks:" |
155 |
ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
156 |
fi |
157 |
} |
158 |
|
159 |
|
160 |
|
161 |
1.1 app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild |
162 |
|
163 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild?rev=1.1&view=markup |
164 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild?rev=1.1&content-type=text/plain |
165 |
|
166 |
Index: ca-certificates-20140223.3.15.5-r1.ebuild |
167 |
=================================================================== |
168 |
# Copyright 1999-2014 Gentoo Foundation |
169 |
# Distributed under the terms of the GNU General Public License v2 |
170 |
# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild,v 1.1 2014/03/27 00:49:50 zerochaos Exp $ |
171 |
|
172 |
# The Debian ca-certificates package merely takes the CA database as it exists |
173 |
# in the nss package and repackages it for use by openssl. |
174 |
# |
175 |
# The issue with using the compiled debs directly is two fold: |
176 |
# - they do not update frequently enough for us to rely on them |
177 |
# - they pull the CA database from nss tip of tree rather than the release |
178 |
# |
179 |
# So we take the Debian source tools and combine them with the latest nss |
180 |
# release to produce (largely) the same end result. The difference is that |
181 |
# now we know our cert database is kept in sync with nss and, if need be, |
182 |
# can be sync with nss tip of tree more frequently to respond to bugs. |
183 |
|
184 |
# When triaging bugs from users, here's some handy tips: |
185 |
# - To see what cert is hitting errors, use openssl: |
186 |
# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
187 |
# Focus on the errors written to stderr. |
188 |
# |
189 |
# - Look at the upstream log as to why certs were added/removed: |
190 |
# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
191 |
# |
192 |
# - If people want to add/remove certs, tell them to file w/mozilla: |
193 |
# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
194 |
|
195 |
EAPI="4" |
196 |
PYTHON_COMPAT=( python{2_6,2_7} ) |
197 |
|
198 |
inherit eutils python-any-r1 |
199 |
|
200 |
if [[ ${PV} == *.* ]] ; then |
201 |
# Compile from source ourselves. |
202 |
PRECOMPILED=false |
203 |
inherit versionator |
204 |
|
205 |
DEB_VER=$(get_version_component_range 1) |
206 |
NSS_VER=$(get_version_component_range 2-) |
207 |
RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
208 |
else |
209 |
# Debian precompiled version. |
210 |
PRECOMPILED=true |
211 |
inherit unpacker |
212 |
fi |
213 |
|
214 |
DESCRIPTION="Common CA Certificates PEM files" |
215 |
HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
216 |
if ${PRECOMPILED} ; then |
217 |
#NMU_PR="1" |
218 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
219 |
else |
220 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
221 |
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
222 |
cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
223 |
fi |
224 |
|
225 |
LICENSE="MPL-1.1" |
226 |
SLOT="0" |
227 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
228 |
IUSE="" |
229 |
${PRECOMPILED} || IUSE+=" +cacert" |
230 |
|
231 |
DEPEND="" |
232 |
if ${PRECOMPILED} ; then |
233 |
# platforms like AIX don't have a good ar |
234 |
DEPEND+=" |
235 |
kernel_AIX? ( app-arch/deb2targz ) |
236 |
!<sys-apps/portage-2.1.10.41" |
237 |
fi |
238 |
# openssl: we run `c_rehash` |
239 |
# debianutils: we run `run-parts` |
240 |
RDEPEND="${DEPEND} |
241 |
dev-libs/openssl |
242 |
sys-apps/debianutils" |
243 |
|
244 |
if ! ${PRECOMPILED}; then |
245 |
DEPEND+=" ${PYTHON_DEPS}" |
246 |
fi |
247 |
|
248 |
S=${WORKDIR} |
249 |
|
250 |
pkg_setup() { |
251 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
252 |
# we need to tell users about it once manually first. |
253 |
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
254 |
|| ewarn "You should run update-ca-certificates manually after etc-update" |
255 |
} |
256 |
|
257 |
src_unpack() { |
258 |
${PRECOMPILED} || default |
259 |
|
260 |
# Do all the work in the image subdir to avoid conflicting with source |
261 |
# dirs in $WORKDIR. Need to perform everything in the offset #381937 |
262 |
mkdir -p "image/${EPREFIX}" |
263 |
cd "image/${EPREFIX}" || die |
264 |
|
265 |
${PRECOMPILED} && unpacker_src_unpack |
266 |
} |
267 |
|
268 |
src_prepare() { |
269 |
cd "image/${EPREFIX}" || die |
270 |
if ! ${PRECOMPILED} ; then |
271 |
mkdir -p usr/sbin |
272 |
cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
273 |
|
274 |
if use cacert ; then |
275 |
pushd "${S}"/nss-${NSS_VER} >/dev/null |
276 |
epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
277 |
popd >/dev/null |
278 |
fi |
279 |
fi |
280 |
|
281 |
epatch "${FILESDIR}"/${PN}-20110502-root.patch |
282 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
283 |
sed -i \ |
284 |
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
285 |
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
286 |
usr/sbin/update-ca-certificates || die |
287 |
} |
288 |
|
289 |
src_compile() { |
290 |
cd "image/${EPREFIX}" || die |
291 |
if ! ${PRECOMPILED} ; then |
292 |
python_setup |
293 |
local d="${S}/${PN}/mozilla" |
294 |
# Grab the database from the nss sources. |
295 |
cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
296 |
emake -C "${d}" |
297 |
|
298 |
# Now move the files to the same places that the precompiled would. |
299 |
mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
300 |
if use cacert ; then |
301 |
mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
302 |
mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
303 |
mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
304 |
fi |
305 |
mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
306 |
else |
307 |
mv usr/share/doc/{ca-certificates,${PF}} || die |
308 |
fi |
309 |
|
310 |
( |
311 |
echo "# Automatically generated by ${CATEGORY}/${PF}" |
312 |
echo "# $(date -u)" |
313 |
echo "# Do not edit." |
314 |
cd usr/share/ca-certificates |
315 |
find * -name '*.crt' | LC_ALL=C sort |
316 |
) > etc/ca-certificates.conf |
317 |
|
318 |
sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
319 |
} |
320 |
|
321 |
src_install() { |
322 |
cp -pPR image/* "${D}"/ || die |
323 |
if ! ${PRECOMPILED} ; then |
324 |
cd ca-certificates |
325 |
doman sbin/*.8 |
326 |
dodoc debian/README.* examples/ca-certificates-local/README |
327 |
fi |
328 |
|
329 |
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
330 |
doenvd 98ca-certificates |
331 |
} |
332 |
|
333 |
pkg_postinst() { |
334 |
if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
335 |
# if the user has local certs, we need to rebuild again |
336 |
# to include their stuff in the db. |
337 |
# However it's too overzealous when the user has custom certs in place. |
338 |
# --fresh is to clean up dangling symlinks |
339 |
"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
340 |
fi |
341 |
|
342 |
local c badcerts=0 |
343 |
for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
344 |
ewarn "Broken symlink for a certificate at $c" |
345 |
badcerts=1 |
346 |
done |
347 |
if [ $badcerts -eq 1 ]; then |
348 |
ewarn "Removing the following broken symlinks:" |
349 |
ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
350 |
fi |
351 |
} |
352 |
|
353 |
|
354 |
|
355 |
1.1 app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild |
356 |
|
357 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild?rev=1.1&view=markup |
358 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild?rev=1.1&content-type=text/plain |
359 |
|
360 |
Index: ca-certificates-20140223.3.16-r1.ebuild |
361 |
=================================================================== |
362 |
# Copyright 1999-2014 Gentoo Foundation |
363 |
# Distributed under the terms of the GNU General Public License v2 |
364 |
# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild,v 1.1 2014/03/27 00:49:50 zerochaos Exp $ |
365 |
|
366 |
# The Debian ca-certificates package merely takes the CA database as it exists |
367 |
# in the nss package and repackages it for use by openssl. |
368 |
# |
369 |
# The issue with using the compiled debs directly is two fold: |
370 |
# - they do not update frequently enough for us to rely on them |
371 |
# - they pull the CA database from nss tip of tree rather than the release |
372 |
# |
373 |
# So we take the Debian source tools and combine them with the latest nss |
374 |
# release to produce (largely) the same end result. The difference is that |
375 |
# now we know our cert database is kept in sync with nss and, if need be, |
376 |
# can be sync with nss tip of tree more frequently to respond to bugs. |
377 |
|
378 |
# When triaging bugs from users, here's some handy tips: |
379 |
# - To see what cert is hitting errors, use openssl: |
380 |
# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
381 |
# Focus on the errors written to stderr. |
382 |
# |
383 |
# - Look at the upstream log as to why certs were added/removed: |
384 |
# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
385 |
# |
386 |
# - If people want to add/remove certs, tell them to file w/mozilla: |
387 |
# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
388 |
|
389 |
EAPI="4" |
390 |
PYTHON_COMPAT=( python{2_6,2_7} ) |
391 |
|
392 |
inherit eutils python-any-r1 |
393 |
|
394 |
if [[ ${PV} == *.* ]] ; then |
395 |
# Compile from source ourselves. |
396 |
PRECOMPILED=false |
397 |
inherit versionator |
398 |
|
399 |
DEB_VER=$(get_version_component_range 1) |
400 |
NSS_VER=$(get_version_component_range 2-) |
401 |
RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
402 |
else |
403 |
# Debian precompiled version. |
404 |
PRECOMPILED=true |
405 |
inherit unpacker |
406 |
fi |
407 |
|
408 |
DESCRIPTION="Common CA Certificates PEM files" |
409 |
HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
410 |
if ${PRECOMPILED} ; then |
411 |
#NMU_PR="1" |
412 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
413 |
else |
414 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
415 |
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
416 |
cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
417 |
fi |
418 |
|
419 |
LICENSE="MPL-1.1" |
420 |
SLOT="0" |
421 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
422 |
IUSE="" |
423 |
${PRECOMPILED} || IUSE+=" +cacert" |
424 |
|
425 |
DEPEND="" |
426 |
if ${PRECOMPILED} ; then |
427 |
# platforms like AIX don't have a good ar |
428 |
DEPEND+=" |
429 |
kernel_AIX? ( app-arch/deb2targz ) |
430 |
!<sys-apps/portage-2.1.10.41" |
431 |
fi |
432 |
# openssl: we run `c_rehash` |
433 |
# debianutils: we run `run-parts` |
434 |
RDEPEND="${DEPEND} |
435 |
dev-libs/openssl |
436 |
sys-apps/debianutils" |
437 |
|
438 |
if ! ${PRECOMPILED}; then |
439 |
DEPEND+=" ${PYTHON_DEPS}" |
440 |
fi |
441 |
|
442 |
S=${WORKDIR} |
443 |
|
444 |
pkg_setup() { |
445 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
446 |
# we need to tell users about it once manually first. |
447 |
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
448 |
|| ewarn "You should run update-ca-certificates manually after etc-update" |
449 |
} |
450 |
|
451 |
src_unpack() { |
452 |
${PRECOMPILED} || default |
453 |
|
454 |
# Do all the work in the image subdir to avoid conflicting with source |
455 |
# dirs in $WORKDIR. Need to perform everything in the offset #381937 |
456 |
mkdir -p "image/${EPREFIX}" |
457 |
cd "image/${EPREFIX}" || die |
458 |
|
459 |
${PRECOMPILED} && unpacker_src_unpack |
460 |
} |
461 |
|
462 |
src_prepare() { |
463 |
cd "image/${EPREFIX}" || die |
464 |
if ! ${PRECOMPILED} ; then |
465 |
mkdir -p usr/sbin |
466 |
cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
467 |
|
468 |
if use cacert ; then |
469 |
pushd "${S}"/nss-${NSS_VER} >/dev/null |
470 |
epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
471 |
popd >/dev/null |
472 |
fi |
473 |
fi |
474 |
|
475 |
epatch "${FILESDIR}"/${PN}-20110502-root.patch |
476 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
477 |
sed -i \ |
478 |
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
479 |
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
480 |
usr/sbin/update-ca-certificates || die |
481 |
} |
482 |
|
483 |
src_compile() { |
484 |
cd "image/${EPREFIX}" || die |
485 |
if ! ${PRECOMPILED} ; then |
486 |
python_setup |
487 |
local d="${S}/${PN}/mozilla" |
488 |
# Grab the database from the nss sources. |
489 |
cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
490 |
emake -C "${d}" |
491 |
|
492 |
# Now move the files to the same places that the precompiled would. |
493 |
mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
494 |
if use cacert ; then |
495 |
mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
496 |
mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
497 |
mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
498 |
fi |
499 |
mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
500 |
else |
501 |
mv usr/share/doc/{ca-certificates,${PF}} || die |
502 |
fi |
503 |
|
504 |
( |
505 |
echo "# Automatically generated by ${CATEGORY}/${PF}" |
506 |
echo "# $(date -u)" |
507 |
echo "# Do not edit." |
508 |
cd usr/share/ca-certificates |
509 |
find * -name '*.crt' | LC_ALL=C sort |
510 |
) > etc/ca-certificates.conf |
511 |
|
512 |
sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
513 |
} |
514 |
|
515 |
src_install() { |
516 |
cp -pPR image/* "${D}"/ || die |
517 |
if ! ${PRECOMPILED} ; then |
518 |
cd ca-certificates |
519 |
doman sbin/*.8 |
520 |
dodoc debian/README.* examples/ca-certificates-local/README |
521 |
fi |
522 |
|
523 |
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
524 |
doenvd 98ca-certificates |
525 |
} |
526 |
|
527 |
pkg_postinst() { |
528 |
if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
529 |
# if the user has local certs, we need to rebuild again |
530 |
# to include their stuff in the db. |
531 |
# However it's too overzealous when the user has custom certs in place. |
532 |
# --fresh is to clean up dangling symlinks |
533 |
"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
534 |
fi |
535 |
|
536 |
local c badcerts=0 |
537 |
for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
538 |
ewarn "Broken symlink for a certificate at $c" |
539 |
badcerts=1 |
540 |
done |
541 |
if [ $badcerts -eq 1 ]; then |
542 |
ewarn "Removing the following broken symlinks:" |
543 |
ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
544 |
fi |
545 |
} |
546 |
|
547 |
|
548 |
|
549 |
1.1 app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild |
550 |
|
551 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild?rev=1.1&view=markup |
552 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild?rev=1.1&content-type=text/plain |
553 |
|
554 |
Index: ca-certificates-20140223-r1.ebuild |
555 |
=================================================================== |
556 |
# Copyright 1999-2014 Gentoo Foundation |
557 |
# Distributed under the terms of the GNU General Public License v2 |
558 |
# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild,v 1.1 2014/03/27 00:49:50 zerochaos Exp $ |
559 |
|
560 |
# The Debian ca-certificates package merely takes the CA database as it exists |
561 |
# in the nss package and repackages it for use by openssl. |
562 |
# |
563 |
# The issue with using the compiled debs directly is two fold: |
564 |
# - they do not update frequently enough for us to rely on them |
565 |
# - they pull the CA database from nss tip of tree rather than the release |
566 |
# |
567 |
# So we take the Debian source tools and combine them with the latest nss |
568 |
# release to produce (largely) the same end result. The difference is that |
569 |
# now we know our cert database is kept in sync with nss and, if need be, |
570 |
# can be sync with nss tip of tree more frequently to respond to bugs. |
571 |
|
572 |
# When triaging bugs from users, here's some handy tips: |
573 |
# - To see what cert is hitting errors, use openssl: |
574 |
# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
575 |
# Focus on the errors written to stderr. |
576 |
# |
577 |
# - Look at the upstream log as to why certs were added/removed: |
578 |
# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
579 |
# |
580 |
# - If people want to add/remove certs, tell them to file w/mozilla: |
581 |
# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
582 |
|
583 |
EAPI="4" |
584 |
|
585 |
inherit eutils |
586 |
|
587 |
if [[ ${PV} == *.* ]] ; then |
588 |
# Compile from source ourselves. |
589 |
PRECOMPILED=false |
590 |
inherit versionator |
591 |
|
592 |
DEB_VER=$(get_version_component_range 1) |
593 |
NSS_VER=$(get_version_component_range 2-) |
594 |
RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
595 |
else |
596 |
# Debian precompiled version. |
597 |
PRECOMPILED=true |
598 |
inherit unpacker |
599 |
fi |
600 |
|
601 |
DESCRIPTION="Common CA Certificates PEM files" |
602 |
HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
603 |
if ${PRECOMPILED} ; then |
604 |
#NMU_PR="1" |
605 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
606 |
else |
607 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
608 |
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
609 |
cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
610 |
fi |
611 |
|
612 |
LICENSE="MPL-1.1" |
613 |
SLOT="0" |
614 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
615 |
IUSE="" |
616 |
${PRECOMPILED} || IUSE+=" +cacert" |
617 |
|
618 |
DEPEND="" |
619 |
if ${PRECOMPILED} ; then |
620 |
# platforms like AIX don't have a good ar |
621 |
DEPEND+=" |
622 |
kernel_AIX? ( app-arch/deb2targz ) |
623 |
!<sys-apps/portage-2.1.10.41" |
624 |
fi |
625 |
# openssl: we run `c_rehash` |
626 |
# debianutils: we run `run-parts` |
627 |
RDEPEND="${DEPEND} |
628 |
dev-libs/openssl |
629 |
sys-apps/debianutils" |
630 |
|
631 |
S=${WORKDIR} |
632 |
|
633 |
pkg_setup() { |
634 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
635 |
# we need to tell users about it once manually first. |
636 |
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
637 |
|| ewarn "You should run update-ca-certificates manually after etc-update" |
638 |
} |
639 |
|
640 |
src_unpack() { |
641 |
${PRECOMPILED} || default |
642 |
|
643 |
# Do all the work in the image subdir to avoid conflicting with source |
644 |
# dirs in $WORKDIR. Need to perform everything in the offset #381937 |
645 |
mkdir -p "image/${EPREFIX}" |
646 |
cd "image/${EPREFIX}" || die |
647 |
|
648 |
${PRECOMPILED} && unpacker_src_unpack |
649 |
} |
650 |
|
651 |
src_prepare() { |
652 |
cd "image/${EPREFIX}" || die |
653 |
if ! ${PRECOMPILED} ; then |
654 |
mkdir -p usr/sbin |
655 |
cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
656 |
|
657 |
if use cacert ; then |
658 |
pushd "${S}"/nss-${NSS_VER} >/dev/null |
659 |
epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
660 |
popd >/dev/null |
661 |
fi |
662 |
fi |
663 |
|
664 |
epatch "${FILESDIR}"/${PN}-20110502-root.patch |
665 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
666 |
sed -i \ |
667 |
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
668 |
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
669 |
usr/sbin/update-ca-certificates || die |
670 |
} |
671 |
|
672 |
src_compile() { |
673 |
cd "image/${EPREFIX}" || die |
674 |
if ! ${PRECOMPILED} ; then |
675 |
local d="${S}/${PN}/mozilla" |
676 |
# Grab the database from the nss sources. |
677 |
cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
678 |
emake -C "${d}" |
679 |
|
680 |
# Now move the files to the same places that the precompiled would. |
681 |
mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
682 |
if use cacert ; then |
683 |
mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
684 |
mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
685 |
mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
686 |
fi |
687 |
mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
688 |
else |
689 |
mv usr/share/doc/{ca-certificates,${PF}} || die |
690 |
fi |
691 |
|
692 |
( |
693 |
echo "# Automatically generated by ${CATEGORY}/${PF}" |
694 |
echo "# $(date -u)" |
695 |
echo "# Do not edit." |
696 |
cd usr/share/ca-certificates |
697 |
find * -name '*.crt' | LC_ALL=C sort |
698 |
) > etc/ca-certificates.conf |
699 |
|
700 |
sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
701 |
} |
702 |
|
703 |
src_install() { |
704 |
cp -pPR image/* "${D}"/ || die |
705 |
if ! ${PRECOMPILED} ; then |
706 |
cd ca-certificates |
707 |
doman sbin/*.8 |
708 |
dodoc debian/README.* examples/ca-certificates-local/README |
709 |
fi |
710 |
|
711 |
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
712 |
doenvd 98ca-certificates |
713 |
} |
714 |
|
715 |
pkg_postinst() { |
716 |
if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
717 |
# if the user has local certs, we need to rebuild again |
718 |
# to include their stuff in the db. |
719 |
# However it's too overzealous when the user has custom certs in place. |
720 |
# --fresh is to clean up dangling symlinks |
721 |
"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
722 |
fi |
723 |
|
724 |
local c badcerts=0 |
725 |
for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
726 |
ewarn "Broken symlink for a certificate at $c" |
727 |
badcerts=1 |
728 |
done |
729 |
if [ $badcerts -eq 1 ]; then |
730 |
ewarn "Removing the following broken symlinks:" |
731 |
ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" |
732 |
fi |
733 |
} |