diff options
| author | Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> | 2016-10-28 10:22:35 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-11-16 10:33:33 +0000 |
| commit | 9ab0cba49d9ab67aacfcfb47689f4a77a72a0866 (patch) | |
| tree | 16cb4b5da0a087dadd06a010f0466c625518adfb /meta/lib/oe/prservice.py | |
| parent | 87705ab8f7224dbc1f397f9c388260a6370a06d9 (diff) | |
| download | openembedded-core-9ab0cba49d9ab67aacfcfb47689f4a77a72a0866.tar.gz openembedded-core-9ab0cba49d9ab67aacfcfb47689f4a77a72a0866.tar.bz2 openembedded-core-9ab0cba49d9ab67aacfcfb47689f4a77a72a0866.zip | |
openssl: rehash actual mozilla certificates inside rootfs
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs
of a rootfs where the package ca-certificates puts symlinks to
various CA certificates stored in /usr/share/ca-certificates/mozilla/.
These symlinks are absolute. This means that when c_rehash is run
at rootfs creation time it can't hash the actual files since they
actually reside in the build host's directory
$SYSROOT/usr/share/ca-certificates/mozilla/.
This problem doesn't reproduce when building on Debian or Ubuntu
hosts though, because these OSs have the certificates installed
in the same /usr/share/ca-certificates/mozilla/ folder.
Images built in other distros, e.g. Fedora, have problems with
connecting to https servers when using e.g. python's http lib.
The patch fixes c_rehash to check if it runs on a build host
by testing $SYSROOT and to translate the paths to certificates
accordingly.
(From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta/lib/oe/prservice.py')
0 files changed, 0 insertions, 0 deletions