forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
app-misc/ca-certificates: Bump to version 20161102.3.27.2
Package-Manager: portage-2.3.2
- Loading branch information
Lars Wendler
committed
Dec 2, 2016
1 parent
4804a39
commit b8e9334
Showing
2 changed files
with
183 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,8 @@ | ||
| DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa | ||
| DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb | ||
| DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7 | ||
| DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 | ||
| DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4 | ||
| DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243 | ||
| DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364 | ||
| DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf |
181 changes: 181 additions & 0 deletions
181
app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,181 @@ | ||
| # Copyright 1999-2016 Gentoo Foundation | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
| # $Id$ | ||
|
|
||
| # The Debian ca-certificates package merely takes the CA database as it exists | ||
| # in the nss package and repackages it for use by openssl. | ||
| # | ||
| # The issue with using the compiled debs directly is two fold: | ||
| # - they do not update frequently enough for us to rely on them | ||
| # - they pull the CA database from nss tip of tree rather than the release | ||
| # | ||
| # So we take the Debian source tools and combine them with the latest nss | ||
| # release to produce (largely) the same end result. The difference is that | ||
| # now we know our cert database is kept in sync with nss and, if need be, | ||
| # can be sync with nss tip of tree more frequently to respond to bugs. | ||
|
|
||
| # When triaging bugs from users, here's some handy tips: | ||
| # - To see what cert is hitting errors, use openssl: | ||
| # openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME | ||
| # Focus on the errors written to stderr. | ||
| # | ||
| # - Look at the upstream log as to why certs were added/removed: | ||
| # https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt | ||
| # | ||
| # - If people want to add/remove certs, tell them to file w/mozilla: | ||
| # https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk | ||
|
|
||
| EAPI="5" | ||
| PYTHON_COMPAT=( python{2_7,3_4,3_5} ) | ||
|
|
||
| inherit eutils python-any-r1 | ||
|
|
||
| if [[ ${PV} == *.* ]] ; then | ||
| # Compile from source ourselves. | ||
| PRECOMPILED=false | ||
| inherit versionator | ||
|
|
||
| DEB_VER=$(get_version_component_range 1) | ||
| NSS_VER=$(get_version_component_range 2-) | ||
| RTM_NAME="NSS_${NSS_VER//./_}_RTM" | ||
| else | ||
| # Debian precompiled version. | ||
| PRECOMPILED=true | ||
| inherit unpacker | ||
| fi | ||
|
|
||
| DESCRIPTION="Common CA Certificates PEM files" | ||
| HOMEPAGE="http://packages.debian.org/sid/ca-certificates" | ||
| NMU_PR="" | ||
| if ${PRECOMPILED} ; then | ||
| SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" | ||
| else | ||
| SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz | ||
| https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz | ||
| cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" | ||
| fi | ||
|
|
||
| LICENSE="MPL-1.1" | ||
| SLOT="0" | ||
| KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" | ||
| IUSE="insecure_certs" | ||
| ${PRECOMPILED} || IUSE+=" cacert" | ||
|
|
||
| DEPEND="" | ||
| if ${PRECOMPILED} ; then | ||
| DEPEND+=" !<sys-apps/portage-2.1.10.41" | ||
| fi | ||
| # c_rehash: we run `c_rehash` | ||
| # debianutils: we run `run-parts` | ||
| RDEPEND="${DEPEND} | ||
| app-misc/c_rehash | ||
| sys-apps/debianutils" | ||
|
|
||
| if ! ${PRECOMPILED}; then | ||
| DEPEND+=" ${PYTHON_DEPS}" | ||
| fi | ||
|
|
||
| S=${WORKDIR} | ||
|
|
||
| pkg_setup() { | ||
| # For the conversion to having it in CONFIG_PROTECT_MASK, | ||
| # we need to tell users about it once manually first. | ||
| [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ | ||
| || ewarn "You should run update-ca-certificates manually after etc-update" | ||
| } | ||
|
|
||
| src_unpack() { | ||
| ${PRECOMPILED} || default | ||
|
|
||
| # Do all the work in the image subdir to avoid conflicting with source | ||
| # dirs in $WORKDIR. Need to perform everything in the offset #381937 | ||
| mkdir -p "image/${EPREFIX}" | ||
| cd "image/${EPREFIX}" || die | ||
|
|
||
| ${PRECOMPILED} && unpacker_src_unpack | ||
| } | ||
|
|
||
| src_prepare() { | ||
| cd "image/${EPREFIX}" || die | ||
| if ! ${PRECOMPILED} ; then | ||
| mkdir -p usr/sbin | ||
| cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die | ||
|
|
||
| if use cacert ; then | ||
| pushd "${S}"/nss-${NSS_VER} >/dev/null | ||
| epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch | ||
| popd >/dev/null | ||
| fi | ||
| fi | ||
|
|
||
| epatch "${FILESDIR}"/${PN}-20150426-root.patch | ||
| local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') | ||
| sed -i \ | ||
| -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \ | ||
| -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ | ||
| usr/sbin/update-ca-certificates || die | ||
| } | ||
|
|
||
| src_compile() { | ||
| cd "image/${EPREFIX}" || die | ||
| if ! ${PRECOMPILED} ; then | ||
| python_setup | ||
| local d="${S}/${PN}/mozilla" c="usr/share/${PN}" | ||
| # Grab the database from the nss sources. | ||
| cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die | ||
| emake -C "${d}" | ||
|
|
||
| # Now move the files to the same places that the precompiled would. | ||
| mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla | ||
| if use cacert ; then | ||
| mkdir -p "${c}"/cacert.org | ||
| mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die | ||
| fi | ||
| mv "${d}"/*.crt "${c}"/mozilla/ || die | ||
| else | ||
| mv usr/share/doc/{ca-certificates,${PF}} || die | ||
| fi | ||
|
|
||
| if ! use insecure_certs ; then | ||
| # Remove untrusted certs from StartCom and WoSign (bug #598072) | ||
| rm "${c}"/mozilla/StartCom* || die | ||
| rm "${c}"/mozilla/WoSign* || die | ||
| fi | ||
|
|
||
| ( | ||
| echo "# Automatically generated by ${CATEGORY}/${PF}" | ||
| echo "# $(date -u)" | ||
| echo "# Do not edit." | ||
| cd "${c}" | ||
| find * -name '*.crt' | LC_ALL=C sort | ||
| ) > etc/ca-certificates.conf | ||
|
|
||
| sh usr/sbin/update-ca-certificates --root "${S}/image" || die | ||
| } | ||
|
|
||
| src_install() { | ||
| cp -pPR image/* "${D}"/ || die | ||
| if ! ${PRECOMPILED} ; then | ||
| cd ca-certificates | ||
| doman sbin/*.8 | ||
| dodoc debian/README.* examples/ca-certificates-local/README | ||
| fi | ||
|
|
||
| echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates | ||
| doenvd 98ca-certificates | ||
| } | ||
|
|
||
| pkg_postinst() { | ||
| if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then | ||
| # if the user has local certs, we need to rebuild again | ||
| # to include their stuff in the db. | ||
| # However it's too overzealous when the user has custom certs in place. | ||
| # --fresh is to clean up dangling symlinks | ||
| "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}" | ||
| fi | ||
|
|
||
| if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then | ||
| ewarn "Removing the following broken symlinks:" | ||
| ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" | ||
| fi | ||
| } |