We were relying on running ca-certificates from the -native version. This
meant the host and target path layouts had to match which might not be true,
it certainly isn't true for the sdk builds.
There was a dependency on run-parts which wasn't represented (we can get it
from busybox or debianutils).
Since this is an allarch script, call the script directly, making sure debianutils
and openssl are available as postinst rootfs time to resolve the issues.
(From OE-Core rev: a406704fd68d08c3916b7986f96175be34affc50)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d9575e05f2cb8bf293534c036ddc0d0336701256)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace some "+=/=+" with "=" when setting BBCLASSEXTEND, they are
redundant and inconsistent with the same setting in other recipes.
(From OE-Core rev: 09266d6c91acd8ba4df6e8242aa44d9ba41e9cee)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The postinstall needs ca-certificates-native, mark the dependency
(From OE-Core rev: 723a924adf0661167690987acfc4213803ec3305)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Options and directory separator -- slipped past the patch removing
Debianims, thus resulting in failures on hosts running Fedora.
(From OE-Core rev: a8431689983f5860173548acd899e6806906e4d1)
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When running update-ca-certificates on the build host, as we do during
do_install for ca-certificates-native (and nativesdk-ca-certificates),
as of OE-Core commit cea46e7b8d9463306779301fa97f651d750f380f we now
need openssl-native so it can run c_rehash.
(From OE-Core rev: 523c99a2f12c20ce7bfa7755609f2c860dda6717)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The update-ca-certificates script uses the c_rehash utility which is
installed by openssl. Add openssl as a runtime dependency to fulfill
the utility requirement.
(From OE-Core rev: a90ba07812444ebac93cd535d11dd54994897bfd)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As now the c_rehash utility is available, we can use it. This removes
the patch to disable its usage allowing for a standard SSL behaviour.
(From OE-Core rev: cea46e7b8d9463306779301fa97f651d750f380f)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"mktemp -t" is deprecated and does not work when using Toybox. Replace
with something that works also with Toybox.
(From OE-Core rev: 8d47d075ca02612fe16e403be1aa2079edc3ef5f)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LICENSE checksum changed due to an updated file listing in debian/copyright
(From OE-Core rev: 1b9e9e5086998fdd0ef92e300148234cd99c5f42)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Older SRCREV was not fetchable which triggered this upgrade
Change-Id: I85d028294ff0018f4c81c6bb81ae262b18af7a87
(From OE-Core rev: 39c759cd43f4e4371ef9654bf4d821436a5eaebf)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ca-certificates comes from Debian but not all distros (i.e. Fedora) have a
leaner run-parts that doesn't support the -- separator between options and
paths, which causes this error:
| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
(From OE-Core rev: db2116e7a06c6a35d1d24d9f28ec60926d59b9d7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise the script which converts mozilla certificates extracts
each certificate twice.
(From OE-Core rev: 3aae6a3c2786713115451f6b6fe151ba69369c1d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase default-sysroot patch
Remove backported Mozilla certdata patch
License has not changed, just wording.
(From OE-Core rev: 33222af134c465791ed84eccd61bbc2b69ad81f1)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes to debian/copyright:
Update to "Copyright: Mozilla Contributors" for mozilla/{certdata.txt,nssckbi.h}
Backported on additional patch from ca-certificates tree
[YOCTO #6454]
(From OE-Core rev: 3af33d60f03afb19543247b5350137ff3a7ee7e0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Git-replacement-native needs the generated files in place for https:// URIs:
WARNING: Failed to fetch URL git://github.com/kernelslacker/trinity.git;protocol=https, attempting MIRRORS if available
ERROR: Fetcher failure: Fetch command failed with exit code 128, output:
Cloning into bare repository '/build/linaro/build/build/downloads/git2/github.com.kernelslacker.trinity.git'...
fatal: unable to access 'https://github.com/kernelslacker/trinity.git/': error setting certificate verify locations:
CAfile: /build/linaro/build/build/tmp-eglibc/sysroots/x86_64-linux/etc/ssl/certs/ca-certificates.crt
CApath: none
ERROR: Function failed: Fetcher failure for URL: 'git://github.com/kernelslacker/trinity.git;protocol=https'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /build/linaro/build/build/tmp-eglibc/work/aarch64-oe-linux/trinity/1.3-r0/temp/log.do_fetch.7843
ERROR: Task 1378 (/build/linaro/build/meta-linaro/meta-linaro/recipes-extra/trinity/trinity_1.3.bb, do_fetch) failed with exit code '1'
(From OE-Core rev: 74a772727cbf4d76d2ef314041acafb3086e4ff9)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As postinsts aren't run for nativesdk packages when populating an SDK, we need
to prepopulate up-front.
(From OE-Core rev: 09e768b68b3605e897d422c9c7b3815f3b994d31)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need this for certain nativesdk recipes, as we can't rely on the
certificate path or bundle path being the same across distros, and it's useful
in many cases on the target as well.
This is based on the 20130119 recipe from meta-oe, with the following changes:
- use the debian git repository to avoid vanishing sources
- obey our target paths
- default to a sysroot relative to the script location (make relocatable)
- define SUMMARY
- don't inherit autotools, this isn't an autotools package
- add MPL-2.0 to LICENSE, as that's the license of the certdata
- install the script man page
- use a native rather than cross recipe, as it's not bound in any way to the
target system
- add nativesdk to bbclassextend, for use in SDKs
(From OE-Core rev: ad2851cf0abc2ab35e0f60c96d3142c29a07c8fc)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie
Ming Liu
Alexander Kanavin
Maciej Borzecki
Paul Eggleton
Otavio Salvador
Patrick Ohly
Khem Raj
Ross Burton
Andreas Oberritter
Saul Wold
Koen Kooi
Christopher Larson