summaryrefslogtreecommitdiff
path: root/recipes-support/ca-certificates
diff options
context:
space:
mode:
authorJohn Klug <john.klug@multitech.com>2019-07-26 12:44:37 -0500
committerSerhii Kostiuk <serhii.o.kostiuk@globallogic.com>2020-05-20 13:45:48 +0300
commitdc6ddbdae1fdb0c8c703aedf8de28821d46a3878 (patch)
treef6cef19863a34e61f6f20ec60ae2d18aadaecf9f /recipes-support/ca-certificates
parentbb12df039a86d07bcc991e46aa4a469d1ceb0680 (diff)
downloadmeta-mlinux-dc6ddbdae1fdb0c8c703aedf8de28821d46a3878.tar.gz
meta-mlinux-dc6ddbdae1fdb0c8c703aedf8de28821d46a3878.tar.bz2
meta-mlinux-dc6ddbdae1fdb0c8c703aedf8de28821d46a3878.zip
Remove outdated certificates
Diffstat (limited to 'recipes-support/ca-certificates')
-rw-r--r--recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch34
-rw-r--r--recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch46
-rw-r--r--recipes-support/ca-certificates/ca-certificates/default-sysroot.patch50
-rw-r--r--recipes-support/ca-certificates/ca-certificates/sbindir.patch20
-rw-r--r--recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch34
-rw-r--r--recipes-support/ca-certificates/ca-certificates_20161130.bb82
6 files changed, 0 insertions, 266 deletions
diff --git a/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
deleted file mode 100644
index 4a8ae5f..0000000
--- a/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-ca-certificates is a package from Debian, but some host distros such as Fedora
-have a leaner run-parts provided by cron which doesn't support --verbose or the
- -- separator between arguments and paths.
-
-This solves errors such as
-
-| Running hooks in [...]/rootfs/etc/ca-certificates/update.d...
-| [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found
-| [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
-| E: Not a directory: -- exited with code 127.
-
-
-Upstream-Status: Inappropriate
-Signed-off-by: Ross Burton <ross.burton@intel.com>
-Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
----
- sbin/update-ca-certificates | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
-@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
- then
-
- echo "Running hooks in $HOOKSDIR..."
-- VERBOSE_ARG=
-- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
-- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
-+ eval run-parts --test "$HOOKSDIR" | while read hook
- do
- ( cat "$ADDED"
- cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
deleted file mode 100644
index 792b403..0000000
--- a/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Pending
-
-From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
-From: Andreas Oberritter <obi@opendreambox.org>
-Date: Tue, 19 Mar 2013 17:14:33 +0100
-Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
-
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
----
- sbin/update-ca-certificates | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
-@@ -24,12 +24,12 @@
- verbose=0
- fresh=0
- default=0
--CERTSCONF=/etc/ca-certificates.conf
--CERTSDIR=/usr/share/ca-certificates
--LOCALCERTSDIR=/usr/local/share/ca-certificates
-+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
-+CERTSDIR=$SYSROOT/usr/share/ca-certificates
-+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
- CERTBUNDLE=ca-certificates.crt
--ETCCERTSDIR=/etc/ssl/certs
--HOOKSDIR=/etc/ca-certificates/update.d
-+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
-+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
-
- while [ $# -gt 0 ];
- do
-@@ -92,9 +92,9 @@ add() {
- PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
- -e 's/[()]/=/g' \
- -e 's/,/_/g').pem"
-- if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
-+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
- then
-- ln -sf "$CERT" "$PEM"
-+ ln -sf "${CERT##$SYSROOT}" "$PEM"
- echo "+$PEM" >> "$ADDED"
- fi
- # Add trailing newline to certificate, if it is missing (#635570)
diff --git a/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
deleted file mode 100644
index f8b0791..0000000
--- a/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-Upstream-Status: Pending
-
-update-ca-certificates: find SYSROOT relative to its own location
-
-This makes the script relocatable.
-
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
-@@ -66,6 +66,39 @@ do
- shift
- done
-
-+if [ -z "$SYSROOT" ]; then
-+ local_which () {
-+ if [ $# -lt 1 ]; then
-+ return 1
-+ fi
-+
-+ (
-+ IFS=:
-+ for entry in $PATH; do
-+ if [ -x "$entry/$1" ]; then
-+ echo "$entry/$1"
-+ exit 0
-+ fi
-+ done
-+ exit 1
-+ )
-+ }
-+
-+ case "$0" in
-+ */*)
-+ sbindir=$(cd ${0%/*} && pwd)
-+ ;;
-+ *)
-+ sbindir=$(cd $(dirname $(local_which $0)) && pwd)
-+ ;;
-+ esac
-+ prefix=${sbindir%/*}
-+ SYSROOT=${prefix%/*}
-+ if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
-+ SYSROOT=
-+ fi
-+fi
-+
- if [ ! -s "$CERTSCONF" ]
- then
- fresh=1
diff --git a/recipes-support/ca-certificates/ca-certificates/sbindir.patch b/recipes-support/ca-certificates/ca-certificates/sbindir.patch
deleted file mode 100644
index a113fa8..0000000
--- a/recipes-support/ca-certificates/ca-certificates/sbindir.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Upstream-Status: Pending
-
-Let us alter the install destination of the script via SBINDIR
-
---- ca-certificates-20130119.orig/sbin/Makefile
-+++ ca-certificates-20130119/sbin/Makefile
-@@ -3,9 +3,12 @@
- #
- #
-
-+SBINDIR = /usr/sbin
-+
- all:
-
- clean:
-
- install:
-- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
-+ install -d $(DESTDIR)$(SBINDIR)
-+ install -m755 update-ca-certificates $(DESTDIR)$(SBINDIR)/
diff --git a/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch b/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
deleted file mode 100644
index 6e2171f..0000000
--- a/recipes-support/ca-certificates/ca-certificates/update-ca-certificates-support-Toybox.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 30378026d136efa779732e3f6664e2ecf461e458 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly <patrick.ohly@intel.com>
-Date: Thu, 17 Mar 2016 12:38:09 +0100
-Subject: [PATCH] update-ca-certificates: support Toybox
-
-"mktemp -t" is deprecated and does not work when using Toybox. Replace
-with something that works also with Toybox.
-
-Upstream-Status: Pending
-
-Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
----
- sbin/update-ca-certificates | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 79c41bb..ae9e3f1 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -113,9 +113,9 @@ trap cleanup 0
-
- # Helper files. (Some of them are not simple arrays because we spawn
- # subshells later on.)
--TEMPBUNDLE="$(mktemp -t "${CERTBUNDLE}.tmp.XXXXXX")"
--ADDED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
--REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")"
-+TEMPBUNDLE="$(mktemp -p${TMPDIR:-/tmp} "${CERTBUNDLE}.tmp.XXXXXX")"
-+ADDED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")"
-+REMOVED="$(mktemp -p${TMPDIR:-/tmp} "ca-certificates.tmp.XXXXXX")"
-
- # Adds a certificate to the list of trusted ones. This includes a symlink
- # in /etc/ssl/certs to the certificate file and its inclusion into the
---
-2.1.4
diff --git a/recipes-support/ca-certificates/ca-certificates_20161130.bb b/recipes-support/ca-certificates/ca-certificates_20161130.bb
deleted file mode 100644
index e0b2e41..0000000
--- a/recipes-support/ca-certificates/ca-certificates_20161130.bb
+++ /dev/null
@@ -1,82 +0,0 @@
-SUMMARY = "Common CA certificates"
-DESCRIPTION = "This package includes PEM files of CA certificates to allow \
-SSL-based applications to check for the authenticity of SSL connections. \
-This derived from Debian's CA Certificates."
-HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
-SECTION = "misc"
-LICENSE = "GPL-2.0+ & MPL-2.0"
-LIC_FILES_CHKSUM = "file://debian/copyright;md5=e7358b9541ccf3029e9705ed8de57968"
-
-# This is needed to ensure we can run the postinst at image creation time
-DEPENDS = "ca-certificates-native"
-DEPENDS_class-native = "openssl-native"
-DEPENDS_class-nativesdk = "ca-certificates-native openssl-native"
-
-SRCREV = "61b70a1007dc269d56881a0d480fc841daacc77c"
-
-SRC_URI = "git://anonscm.debian.org/collab-maint/ca-certificates.git \
- file://0002-update-ca-certificates-use-SYSROOT.patch \
- file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
- file://update-ca-certificates-support-Toybox.patch \
- file://default-sysroot.patch \
- file://sbindir.patch"
-
-S = "${WORKDIR}/git"
-
-inherit allarch
-
-EXTRA_OEMAKE = "\
- 'CERTSDIR=${datadir}/ca-certificates' \
- 'SBINDIR=${sbindir}' \
-"
-
-do_compile_prepend() {
- oe_runmake clean
-}
-
-do_install () {
- install -d ${D}${datadir}/ca-certificates \
- ${D}${sysconfdir}/ssl/certs \
- ${D}${sysconfdir}/ca-certificates/update.d
- oe_runmake 'DESTDIR=${D}' install
-
- install -d ${D}${mandir}/man8
- install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
-
- install -d ${D}${sysconfdir}
- {
- echo "# Lines starting with # will be ignored"
- echo "# Lines starting with ! will remove certificate on next update"
- echo "#"
- find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
- sed 's,^${D}${datadir}/ca-certificates/,,'
- } >${D}${sysconfdir}/ca-certificates.conf
-}
-
-do_install_append_class-target () {
- sed -i -e 's,/etc/,${sysconfdir}/,' \
- -e 's,/usr/share/,${datadir}/,' \
- -e 's,/usr/local,${prefix}/local,' \
- ${D}${sbindir}/update-ca-certificates \
- ${D}${mandir}/man8/update-ca-certificates.8
-}
-
-pkg_postinst_${PN} () {
- SYSROOT="$D" update-ca-certificates
-}
-
-CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
-
-# Postinsts don't seem to be run for nativesdk packages when populating SDKs.
-CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
-do_install_append_class-nativesdk () {
- SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates
-}
-
-do_install_append_class-native () {
- SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
-}
-
-RDEPENDS_${PN} += "openssl"
-
-BBCLASSEXTEND += "native nativesdk"