ca-certificates: get rid of expired "DST Root CA X3" #2
|
@ -3,15 +3,15 @@ HOMEPAGE = "http://www.cacert.org/index.php?id=3"
|
|||
SECTION = "misc"
|
||||
LICENSE = "RDL-COD14"
|
||||
LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
|
||||
PR = "r6"
|
||||
PR = "r7"
|
||||
|
||||
SRC_URI = "file://root.crt file://class3.crt file://DST_Root_CA_X3.pem"
|
||||
SRC_URI = "file://root.crt file://class3.crt file://ISRG_Root_X1.pem"
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${libdir}/ssl/certs
|
||||
install -m 0644 ${WORKDIR}/root.crt ${D}${libdir}/ssl/certs/cacert.org.pem
|
||||
cat ${WORKDIR}/class3.crt >> ${D}${libdir}/ssl/certs/cacert.org.pem
|
||||
install -m 0644 ${WORKDIR}/DST_Root_CA_X3.pem ${D}${libdir}/ssl/certs/
|
||||
install -m 0644 ${WORKDIR}/ISRG_Root_X1.pem ${D}${libdir}/ssl/certs/
|
||||
|
||||
# Create hash symlinks
|
||||
cd ${D}${libdir}/ssl/certs
|
||||
|
@ -19,7 +19,7 @@ do_install() {
|
|||
ln -s cacert.org.pem 5ed36f99.0
|
||||
ln -s cacert.org.pem 99d0fa06.0
|
||||
|
||||
ln -s DST_Root_CA_X3.pem 2e5ac55d.0
|
||||
ln -s ISRG_Root_X1.pem 4042bcee.0
|
||||
}
|
||||
|
||||
FILES_${PN} = "${libdir}/ssl/certs/*"
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Kanavin <alex@linutronix.de>
|
||||
Date: Mon, 18 Oct 2021 12:05:49 +0200
|
||||
Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
|
||||
certificates."
|
||||
|
||||
This avoids a dependency on python3-cryptography, and only checks
|
||||
for expired certs (which is upstream concern, but not ours).
|
||||
|
||||
Upstream-Status: Inappropriate [oe-core specific]
|
||||
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
|
||||
---
|
||||
debian/changelog | 1 -
|
||||
debian/control | 2 +-
|
||||
mozilla/certdata2pem.py | 11 -----------
|
||||
3 files changed, 1 insertion(+), 13 deletions(-)
|
||||
|
||||
diff --git a/debian/changelog b/debian/changelog
|
||||
index 531e4d0..4006509 100644
|
||||
--- a/debian/changelog
|
||||
+++ b/debian/changelog
|
||||
@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
|
||||
- "Trustis FPS Root CA"
|
||||
- "Staat der Nederlanden Root CA - G3"
|
||||
* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|
||||
- * mozilla/certdata2pem.py: print a warning for expired certificates.
|
||||
|
||||
-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200
|
||||
|
||||
diff --git a/debian/control b/debian/control
|
||||
index 4434b7a..5c6ba24 100644
|
||||
--- a/debian/control
|
||||
+++ b/debian/control
|
||||
@@ -3,7 +3,7 @@ Section: misc
|
||||
Priority: optional
|
||||
Maintainer: Julien Cristau <jcristau@debian.org>
|
||||
Build-Depends: debhelper-compat (= 13), po-debconf
|
||||
-Build-Depends-Indep: python3, openssl, python3-cryptography
|
||||
+Build-Depends-Indep: python3, openssl
|
||||
Standards-Version: 4.5.0.2
|
||||
Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
|
||||
Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
|
||||
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
|
||||
index ede23d4..7d796f1 100644
|
||||
--- a/mozilla/certdata2pem.py
|
||||
+++ b/mozilla/certdata2pem.py
|
||||
@@ -21,16 +21,12 @@
|
||||
# USA.
|
||||
|
||||
import base64
|
||||
-import datetime
|
||||
import os.path
|
||||
import re
|
||||
import sys
|
||||
import textwrap
|
||||
import io
|
||||
|
||||
-from cryptography import x509
|
||||
-
|
||||
-
|
||||
objects = []
|
||||
|
||||
# Dirty file parser.
|
||||
@@ -121,13 +117,6 @@ for obj in objects:
|
||||
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
|
||||
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
|
||||
continue
|
||||
-
|
||||
- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|
||||
- if cert.not_valid_after < datetime.datetime.now():
|
||||
- print('!'*74)
|
||||
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
|
||||
- print('!'*74)
|
||||
-
|
||||
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
|
||||
.replace(' ', '_')\
|
||||
.replace('(', '=')\
|
||||
--
|
||||
2.20.1
|
||||
|
|
@ -0,0 +1,34 @@
|
|||
ca-certificates is a package from Debian, but some host distros such as Fedora
|
||||
have a leaner run-parts provided by cron which doesn't support --verbose or the
|
||||
-- separator between arguments and paths.
|
||||
|
||||
This solves errors such as
|
||||
|
||||
| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
|
||||
| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
|
||||
| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
|
||||
| E: Not a directory: -- exited with code 127.
|
||||
|
||||
|
||||
Upstream-Status: Inappropriate
|
||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
||||
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
|
||||
---
|
||||
sbin/update-ca-certificates | 4 +---
|
||||
1 file changed, 1 insertion(+), 3 deletions(-)
|
||||
|
||||
Index: git/sbin/update-ca-certificates
|
||||
===================================================================
|
||||
--- git.orig/sbin/update-ca-certificates
|
||||
+++ git/sbin/update-ca-certificates
|
||||
@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
|
||||
then
|
||||
|
||||
echo "Running hooks in $HOOKSDIR..."
|
||||
- VERBOSE_ARG=
|
||||
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
|
||||
- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
|
||||
+ eval run-parts --test "$HOOKSDIR" | while read hook
|
||||
do
|
||||
( cat "$ADDED"
|
||||
cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
|
|
@ -1,45 +0,0 @@
|
|||
From 111e905fe931da1a3800accfc675cc01c8ee080c Mon Sep 17 00:00:00 2001
|
||||
From: Ulf Samuelsson <ulf@emagii.com>
|
||||
Date: Tue, 28 Feb 2012 06:42:58 +0100
|
||||
Subject: [PATCH] update-ca-certificates: remove c rehash
|
||||
|
||||
Updated earlier patch to apply clean on 2012-02-12
|
||||
Signed-off-by: Ulf Samuelsson <ulf@emagii.com>
|
||||
---
|
||||
sbin/update-ca-certificates | 20 ++++++++++----------
|
||||
1 files changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index 5375950..c567e3d 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -132,16 +132,16 @@ rm -f "$CERTBUNDLE"
|
||||
ADDED_CNT=$(wc -l < "$ADDED")
|
||||
REMOVED_CNT=$(wc -l < "$REMOVED")
|
||||
|
||||
-if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
|
||||
-then
|
||||
- # only run if set of files has changed
|
||||
- if [ "$verbose" = 0 ]
|
||||
- then
|
||||
- c_rehash . > /dev/null
|
||||
- else
|
||||
- c_rehash .
|
||||
- fi
|
||||
-fi
|
||||
+#if [ "$ADDED_CNT" -gt 0 ] || [ "$REMOVED_CNT" -gt 0 ]
|
||||
+#then
|
||||
+# # only run if set of files has changed
|
||||
+# if [ "$verbose" = 0 ]
|
||||
+# then
|
||||
+# c_rehash . > /dev/null
|
||||
+# else
|
||||
+# c_rehash .
|
||||
+# fi
|
||||
+#fi
|
||||
|
||||
chmod 0644 "$TEMPBUNDLE"
|
||||
mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
|
||||
--
|
||||
1.7.4.1
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
Upstream-Status: Pending
|
||||
|
||||
From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Oberritter <obi@opendreambox.org>
|
||||
Date: Tue, 19 Mar 2013 17:14:33 +0100
|
||||
Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
|
||||
|
||||
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
||||
---
|
||||
sbin/update-ca-certificates | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
Index: git/sbin/update-ca-certificates
|
||||
===================================================================
|
||||
--- git.orig/sbin/update-ca-certificates
|
||||
+++ git/sbin/update-ca-certificates
|
||||
@@ -24,12 +24,12 @@
|
||||
verbose=0
|
||||
fresh=0
|
||||
default=0
|
||||
-CERTSCONF=/etc/ca-certificates.conf
|
||||
-CERTSDIR=/usr/share/ca-certificates
|
||||
-LOCALCERTSDIR=/usr/local/share/ca-certificates
|
||||
+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
|
||||
+CERTSDIR=$SYSROOT/usr/share/ca-certificates
|
||||
+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
|
||||
CERTBUNDLE=ca-certificates.crt
|
||||
-ETCCERTSDIR=/etc/ssl/certs
|
||||
-HOOKSDIR=/etc/ca-certificates/update.d
|
||||
+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
|
||||
+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
|
||||
|
||||
while [ $# -gt 0 ];
|
||||
do
|
||||
@@ -92,9 +92,9 @@ add() {
|
||||
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
|
||||
-e 's/[()]/=/g' \
|
||||
-e 's/,/_/g').pem"
|
||||
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
|
||||
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
||||
then
|
||||
- ln -sf "$CERT" "$PEM"
|
||||
+ ln -sf "${CERT##$SYSROOT}" "$PEM"
|
||||
echo "+$PEM" >> "$ADDED"
|
||||
fi
|
||||
# Add trailing newline to certificate, if it is missing (#635570)
|
|
@ -0,0 +1,71 @@
|
|||
From a9fc13b2aee55655d58fcb77a3180fa99f96438a Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
|
||||
Date: Wed, 28 Mar 2018 16:45:05 +0100
|
||||
Subject: [PATCH] update-ca-certificates: use relative symlinks from
|
||||
$ETCCERTSDIR
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
update-ca-certificates symlinks (trusted) certificates
|
||||
from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR.
|
||||
update-ca-certificates can call hook scripts installed
|
||||
into /etc/ca-certificates/update.d. Those scripts are
|
||||
passed the pem file in /etc/ssl/certs/ that was added or
|
||||
removed in this run and those pem files are absolute
|
||||
symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment.
|
||||
|
||||
When running update-ca-certificates during image build
|
||||
time, they thusly all point into the host's file system,
|
||||
not into the $SYSROOT. This means:
|
||||
* the host's file system layout must match the one
|
||||
produced by OE, and
|
||||
* it also means that the host must have installed the same
|
||||
(or more) certificates as the target in $CERTSDIR and
|
||||
$LOCALCERTSDIR
|
||||
|
||||
This is a problem when wanting to execute hook scripts,
|
||||
because they all need to be taught about $SYSROOT, and
|
||||
behave differently depending on whether they're called
|
||||
at image build time, or on the target, as otherwise they
|
||||
will be trying to actually read the host's certificates
|
||||
from $CERTSDIR or $LOCALCERTSDIR.
|
||||
|
||||
This also is a problem when running anything else during
|
||||
image build time that depends on the trusted CA
|
||||
certificates.
|
||||
|
||||
Changing the symlink to be relative solves all of these
|
||||
problems. Do so.
|
||||
|
||||
Upstream-Status: Inappropriate [OE-specific]
|
||||
Signed-off-by: André Draszik <andre.draszik@jci.com>
|
||||
---
|
||||
sbin/update-ca-certificates | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
|
||||
index 00f80c7..7e911a9 100755
|
||||
--- a/sbin/update-ca-certificates
|
||||
+++ b/sbin/update-ca-certificates
|
||||
@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates
|
||||
LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
|
||||
CERTBUNDLE=ca-certificates.crt
|
||||
ETCCERTSDIR=$SYSROOT/etc/ssl/certs
|
||||
+FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system
|
||||
HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
|
||||
|
||||
while [ $# -gt 0 ];
|
||||
@@ -125,9 +126,10 @@ add() {
|
||||
PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
|
||||
-e 's/[()]/=/g' \
|
||||
-e 's/,/_/g').pem"
|
||||
- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
|
||||
+ DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )"
|
||||
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
|
||||
then
|
||||
- ln -sf "${CERT##$SYSROOT}" "$PEM"
|
||||
+ ln -sf "${DST}" "$PEM"
|
||||
echo "+$PEM" >> "$ADDED"
|
||||
fi
|
||||
# Add trailing newline to certificate, if it is missing (#635570)
|
|
@ -0,0 +1,50 @@
|
|||
Upstream-Status: Pending
|
||||
|
||||
update-ca-certificates: find SYSROOT relative to its own location
|
||||
|
||||
This makes the script relocatable.
|
||||
|
||||
Index: git/sbin/update-ca-certificates
|
||||
===================================================================
|
||||
--- git.orig/sbin/update-ca-certificates
|
||||
+++ git/sbin/update-ca-certificates
|
||||
@@ -66,6 +66,39 @@ do
|
||||
shift
|
||||
done
|
||||
|
||||
+if [ -z "$SYSROOT" ]; then
|
||||
+ local_which () {
|
||||
+ if [ $# -lt 1 ]; then
|
||||
+ return 1
|
||||
+ fi
|
||||
+
|
||||
+ (
|
||||
+ IFS=:
|
||||
+ for entry in $PATH; do
|
||||
+ if [ -x "$entry/$1" ]; then
|
||||
+ echo "$entry/$1"
|
||||
+ exit 0
|
||||
+ fi
|
||||
+ done
|
||||
+ exit 1
|
||||
+ )
|
||||
+ }
|
||||
+
|
||||
+ case "$0" in
|
||||
+ */*)
|
||||
+ sbindir=$(cd ${0%/*} && pwd)
|
||||
+ ;;
|
||||
+ *)
|
||||
+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
|
||||
+ ;;
|
||||
+ esac
|
||||
+ prefix=${sbindir%/*}
|
||||
+ SYSROOT=${prefix%/*}
|
||||
+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
|
||||
+ SYSROOT=
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
if [ ! -s "$CERTSCONF" ]
|
||||
then
|
||||
fresh=1
|
|
@ -1,46 +0,0 @@
|
|||
DESCRIPTION = "Common CA certificates"
|
||||
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
|
||||
SECTION = "misc"
|
||||
LICENSE = "GPLv2+"
|
||||
LIC_FILES_CHKSUM = "file://debian/copyright;md5=6135800ff6d893c7904d7aad90972eb5"
|
||||
|
||||
SRC_URI = "https://launchpad.net/ubuntu/+archive/primary/+files/ca-certificates_${PV}.tar.gz \
|
||||
file://0001-update-ca-certificates-remove-c-rehash.patch"
|
||||
|
||||
SRC_URI[md5sum] = "5105d4cc086f0d4ecf7bf2e4c4667289"
|
||||
SRC_URI[sha256sum] = "878cd1130ba056fe5f96decde7e5fc1b71d35eb8565a1515744912e100731ee9"
|
||||
|
||||
inherit allarch
|
||||
|
||||
do_install_prepend() {
|
||||
mkdir -p ${D}/usr/share/ca-certificates
|
||||
mkdir -p ${D}/usr/sbin
|
||||
mkdir -p ${D}/etc/ssl/certs
|
||||
mkdir -p ${D}/etc/ca-certificates/update.d
|
||||
|
||||
oe_runmake 'DESTDIR=${D}' install
|
||||
}
|
||||
|
||||
do_install_append() {
|
||||
cd ${D}/usr/share/ca-certificates
|
||||
echo "# Lines starting with # will be ignored" > ${D}/etc/ca-certificates.conf
|
||||
echo "# Lines starting with ! will remove certificate on next update" >> ${D}/etc/ca-certificates.conf
|
||||
echo "#" >> ${D}/etc/ca-certificates.conf
|
||||
for crt in $(find . -type f -name '*.crt' -print)
|
||||
do
|
||||
crt=$(echo $crt | sed -e 's/\.\///')
|
||||
echo $crt >> ${D}/etc/ca-certificates.conf
|
||||
done
|
||||
}
|
||||
|
||||
pkg_postinst_${PN} () {
|
||||
if [ -n "$D" ] ; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
${sbindir}/update-ca-certificates
|
||||
}
|
||||
|
||||
CONFFILES_${PN} = "/etc/ca-certificates.conf"
|
||||
|
||||
DEFAULT_PREFERENCE = "-1"
|
|
@ -0,0 +1,89 @@
|
|||
SUMMARY = "Common CA certificates"
|
||||
DESCRIPTION = "This package includes PEM files of CA certificates to allow \
|
||||
SSL-based applications to check for the authenticity of SSL connections. \
|
||||
This derived from Debian's CA Certificates."
|
||||
HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
|
||||
SECTION = "misc"
|
||||
LICENSE = "GPL-2.0+ & MPL-2.0"
|
||||
LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
|
||||
|
||||
# This is needed to ensure we can run the postinst at image creation time
|
||||
DEPENDS = ""
|
||||
DEPENDS_class-native = "openssl-native"
|
||||
DEPENDS_class-nativesdk = "openssl-native"
|
||||
# Need rehash from openssl and run-parts from debianutils
|
||||
PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
|
||||
|
||||
SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
|
||||
|
||||
SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
|
||||
file://0002-update-ca-certificates-use-SYSROOT.patch \
|
||||
file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
|
||||
file://default-sysroot.patch \
|
||||
file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
|
||||
file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
|
||||
"
|
||||
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
|
||||
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
inherit allarch
|
||||
|
||||
EXTRA_OEMAKE = "\
|
||||
'CERTSDIR=${datadir}/ca-certificates' \
|
||||
'SBINDIR=${sbindir}' \
|
||||
"
|
||||
|
||||
do_compile_prepend() {
|
||||
oe_runmake clean
|
||||
}
|
||||
|
||||
do_install () {
|
||||
install -d ${D}${datadir}/ca-certificates \
|
||||
${D}${sysconfdir}/ssl/certs \
|
||||
${D}${sysconfdir}/ca-certificates/update.d
|
||||
oe_runmake 'DESTDIR=${D}' install
|
||||
|
||||
install -d ${D}${mandir}/man8
|
||||
install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
|
||||
|
||||
install -d ${D}${sysconfdir}
|
||||
{
|
||||
echo "# Lines starting with # will be ignored"
|
||||
echo "# Lines starting with ! will remove certificate on next update"
|
||||
echo "#"
|
||||
find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
|
||||
sed 's,^${D}${datadir}/ca-certificates/,,' | sort
|
||||
} >${D}${sysconfdir}/ca-certificates.conf
|
||||
}
|
||||
|
||||
do_install_append_class-target () {
|
||||
sed -i -e 's,/etc/,${sysconfdir}/,' \
|
||||
-e 's,/usr/share/,${datadir}/,' \
|
||||
-e 's,/usr/local,${prefix}/local,' \
|
||||
${D}${sbindir}/update-ca-certificates \
|
||||
${D}${mandir}/man8/update-ca-certificates.8
|
||||
}
|
||||
|
||||
pkg_postinst_${PN}_class-target () {
|
||||
SYSROOT="$D" $D${sbindir}/update-ca-certificates
|
||||
}
|
||||
|
||||
CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
|
||||
|
||||
# Rather than make a postinst script that works for both target and nativesdk,
|
||||
# we just run update-ca-certificate from do_install() for nativesdk.
|
||||
CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
|
||||
do_install_append_class-nativesdk () {
|
||||
SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
|
||||
}
|
||||
|
||||
do_install_append_class-native () {
|
||||
SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
|
||||
}
|
||||
|
||||
RDEPENDS_${PN}_append_class-target = " openssl-bin openssl"
|
||||
RDEPENDS_${PN}_append_class-native = " openssl-native"
|
||||
RDEPENDS_${PN}_append_class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
|
||||
|
||||
BBCLASSEXTEND = "native nativesdk"
|
|
@ -1,20 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
|
||||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
|
||||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
|
||||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
|
||||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
|
||||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
|
||||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
|
||||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
|
||||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
|
||||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
|
||||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
|
||||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
|
||||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
|
||||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
|
||||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,31 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
|
||||
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
|
||||
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
|
||||
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
|
||||
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
|
||||
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
|
||||
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
|
||||
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
|
||||
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
|
||||
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
|
||||
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
|
||||
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
|
||||
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
|
||||
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
|
||||
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
|
||||
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
|
||||
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
|
||||
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
|
||||
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
|
||||
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
|
||||
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
|
||||
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
|
||||
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
|
||||
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
|
||||
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
|
||||
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
|
||||
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
|
||||
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
|
||||
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
|
||||
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue