1 |
vapier 14/03/22 09:34:06 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: ca-certificates-20140223.3.16.ebuild |
5 |
Log: |
6 |
Version bump. |
7 |
|
8 |
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key D2E96200) |
9 |
|
10 |
Revision Changes Path |
11 |
1.102 app-misc/ca-certificates/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?rev=1.102&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?rev=1.102&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ChangeLog?r1=1.101&r2=1.102 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v |
20 |
retrieving revision 1.101 |
21 |
retrieving revision 1.102 |
22 |
diff -u -r1.101 -r1.102 |
23 |
--- ChangeLog 21 Mar 2014 23:09:20 -0000 1.101 |
24 |
+++ ChangeLog 22 Mar 2014 09:34:05 -0000 1.102 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for app-misc/ca-certificates |
27 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.101 2014/03/21 23:09:20 ottxor Exp $ |
29 |
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.102 2014/03/22 09:34:05 vapier Exp $ |
30 |
+ |
31 |
+*ca-certificates-20140223.3.16 (22 Mar 2014) |
32 |
+ |
33 |
+ 22 Mar 2014; Mike Frysinger <vapier@g.o> |
34 |
+ +ca-certificates-20140223.3.16.ebuild: |
35 |
+ Version bump. |
36 |
|
37 |
21 Mar 2014; Christoph Junghans <ottxor@g.o> |
38 |
ca-certificates-20140223.3.15.5.ebuild, ca-certificates-20140223.ebuild: |
39 |
|
40 |
|
41 |
|
42 |
1.1 app-misc/ca-certificates/ca-certificates-20140223.3.16.ebuild |
43 |
|
44 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16.ebuild?rev=1.1&view=markup |
45 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16.ebuild?rev=1.1&content-type=text/plain |
46 |
|
47 |
Index: ca-certificates-20140223.3.16.ebuild |
48 |
=================================================================== |
49 |
# Copyright 1999-2014 Gentoo Foundation |
50 |
# Distributed under the terms of the GNU General Public License v2 |
51 |
# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20140223.3.16.ebuild,v 1.1 2014/03/22 09:34:05 vapier Exp $ |
52 |
|
53 |
# The Debian ca-certificates package merely takes the CA database as it exists |
54 |
# in the nss package and repackages it for use by openssl. |
55 |
# |
56 |
# The issue with using the compiled debs directly is two fold: |
57 |
# - they do not update frequently enough for us to rely on them |
58 |
# - they pull the CA database from nss tip of tree rather than the release |
59 |
# |
60 |
# So we take the Debian source tools and combine them with the latest nss |
61 |
# release to produce (largely) the same end result. The difference is that |
62 |
# now we know our cert database is kept in sync with nss and, if need be, |
63 |
# can be sync with nss tip of tree more frequently to respond to bugs. |
64 |
|
65 |
# When triaging bugs from users, here's some handy tips: |
66 |
# - To see what cert is hitting errors, use openssl: |
67 |
# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME |
68 |
# Focus on the errors written to stderr. |
69 |
# |
70 |
# - Look at the upstream log as to why certs were added/removed: |
71 |
# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt |
72 |
# |
73 |
# - If people want to add/remove certs, tell them to file w/mozilla: |
74 |
# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk |
75 |
|
76 |
EAPI="4" |
77 |
PYTHON_COMPAT=( python{2_6,2_7} ) |
78 |
|
79 |
inherit eutils python-any-r1 |
80 |
|
81 |
if [[ ${PV} == *.* ]] ; then |
82 |
# Compile from source ourselves. |
83 |
PRECOMPILED=false |
84 |
inherit versionator |
85 |
|
86 |
DEB_VER=$(get_version_component_range 1) |
87 |
NSS_VER=$(get_version_component_range 2-) |
88 |
RTM_NAME="NSS_${NSS_VER//./_}_RTM" |
89 |
else |
90 |
# Debian precompiled version. |
91 |
PRECOMPILED=true |
92 |
inherit unpacker |
93 |
fi |
94 |
|
95 |
DESCRIPTION="Common CA Certificates PEM files" |
96 |
HOMEPAGE="http://packages.debian.org/sid/ca-certificates" |
97 |
if ${PRECOMPILED} ; then |
98 |
#NMU_PR="1" |
99 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" |
100 |
else |
101 |
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz |
102 |
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz |
103 |
cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" |
104 |
fi |
105 |
|
106 |
LICENSE="MPL-1.1" |
107 |
SLOT="0" |
108 |
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" |
109 |
IUSE="" |
110 |
${PRECOMPILED} || IUSE+=" +cacert" |
111 |
|
112 |
DEPEND="" |
113 |
if ${PRECOMPILED} ; then |
114 |
# platforms like AIX don't have a good ar |
115 |
DEPEND+=" |
116 |
kernel_AIX? ( app-arch/deb2targz ) |
117 |
!<sys-apps/portage-2.1.10.41" |
118 |
fi |
119 |
# openssl: we run `c_rehash` |
120 |
# debianutils: we run `run-parts` |
121 |
RDEPEND="${DEPEND} |
122 |
dev-libs/openssl |
123 |
sys-apps/debianutils" |
124 |
|
125 |
if ! ${PRECOMPILED}; then |
126 |
DEPEND+=" ${PYTHON_DEPS}" |
127 |
fi |
128 |
|
129 |
S=${WORKDIR} |
130 |
|
131 |
pkg_setup() { |
132 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
133 |
# we need to tell users about it once manually first. |
134 |
[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ |
135 |
|| ewarn "You should run update-ca-certificates manually after etc-update" |
136 |
} |
137 |
|
138 |
src_unpack() { |
139 |
${PRECOMPILED} || default |
140 |
|
141 |
# Do all the work in the image subdir to avoid conflicting with source |
142 |
# dirs in $WORKDIR. Need to perform everything in the offset #381937 |
143 |
mkdir -p "image/${EPREFIX}" |
144 |
cd "image/${EPREFIX}" || die |
145 |
|
146 |
${PRECOMPILED} && unpacker_src_unpack |
147 |
} |
148 |
|
149 |
src_prepare() { |
150 |
cd "image/${EPREFIX}" || die |
151 |
if ! ${PRECOMPILED} ; then |
152 |
mkdir -p usr/sbin |
153 |
cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die |
154 |
|
155 |
if use cacert ; then |
156 |
pushd "${S}"/nss-${NSS_VER} >/dev/null |
157 |
epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch |
158 |
popd >/dev/null |
159 |
fi |
160 |
fi |
161 |
|
162 |
epatch "${FILESDIR}"/${PN}-20110502-root.patch |
163 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
164 |
sed -i \ |
165 |
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ |
166 |
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ |
167 |
usr/sbin/update-ca-certificates || die |
168 |
} |
169 |
|
170 |
src_compile() { |
171 |
cd "image/${EPREFIX}" || die |
172 |
if ! ${PRECOMPILED} ; then |
173 |
python_setup |
174 |
local d="${S}/${PN}/mozilla" |
175 |
# Grab the database from the nss sources. |
176 |
cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die |
177 |
emake -C "${d}" |
178 |
|
179 |
# Now move the files to the same places that the precompiled would. |
180 |
mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla |
181 |
if use cacert ; then |
182 |
mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} |
183 |
mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die |
184 |
mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die |
185 |
fi |
186 |
mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die |
187 |
else |
188 |
mv usr/share/doc/{ca-certificates,${PF}} || die |
189 |
fi |
190 |
|
191 |
( |
192 |
echo "# Automatically generated by ${CATEGORY}/${PF}" |
193 |
echo "# $(date -u)" |
194 |
echo "# Do not edit." |
195 |
cd usr/share/ca-certificates |
196 |
find * -name '*.crt' | LC_ALL=C sort |
197 |
) > etc/ca-certificates.conf |
198 |
|
199 |
sh usr/sbin/update-ca-certificates --root "${S}/image" || die |
200 |
} |
201 |
|
202 |
src_install() { |
203 |
cp -pPR image/* "${D}"/ || die |
204 |
if ! ${PRECOMPILED} ; then |
205 |
cd ca-certificates |
206 |
doman sbin/*.8 |
207 |
dodoc debian/README.* examples/ca-certificates-local/README |
208 |
fi |
209 |
|
210 |
echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates |
211 |
doenvd 98ca-certificates |
212 |
} |
213 |
|
214 |
pkg_postinst() { |
215 |
if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then |
216 |
# if the user has local certs, we need to rebuild again |
217 |
# to include their stuff in the db. |
218 |
# However it's too overzealous when the user has custom certs in place. |
219 |
# --fresh is to clean up dangling symlinks |
220 |
"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" |
221 |
fi |
222 |
|
223 |
local c badcerts=0 |
224 |
for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do |
225 |
ewarn "Broken symlink for a certificate at $c" |
226 |
badcerts=1 |
227 |
done |
228 |
if [ $badcerts -eq 1 ]; then |
229 |
ewarn "You MUST remove the above broken symlinks" |
230 |
ewarn "Otherwise any SSL validation that use the directory may fail!" |
231 |
ewarn "To batch-remove them, run:" |
232 |
ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" |
233 |
fi |
234 |
} |