main/ca-certificates: run c_rehash as a hook from update.d

instead of running c_rehash directly we run it as a hook from update.d.

We also:
- update the man-page to be more correct.
- remove obsolete lua script

4 files changed, 41 insertions, 98 deletions

diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 8d04d4fd52..ed7118ca4a 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=ca-certificates
 pkgver=20160104
-pkgrel=0
+pkgrel=1
 pkgdesc="Common CA certificates PEM files"
 url="http://packages.debian.org/sid/ca-certificates"
 arch="all"
@@ -11,12 +11,22 @@ depends="openssl"
 makedepends="python"
 subpackages="$pkgname-doc"
 options="!fhs"
-triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs"
+triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
 source="http://ftp.no.debian.org/debian/pool/main/c/$pkgname/${pkgname}_${pkgver}.tar.xz
+	fix-manpage.patch
 	update-ca.c
 	"
 
 _builddir="$srcdir"/$pkgname
+prepare() {
+	cd "$_builddir"
+	for i in $source; do
+		case $i in
+		*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+		esac
+	done
+}
+
 build () {
 	cd "$_builddir"
 	make || return 1
@@ -58,11 +68,20 @@ package() {
 -etc/ssl/certs/ca-cert-*.pem
 -etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
 EOF
+
+	cat > "$pkgdir"/etc/ca-certificates/update.d/c_rehash <<EOF
+#!/bin/sh
+exec /usr/bin/c_rehash /etc/ssl/certs
+EOF
+	chmod +x "$pkgdir"/etc/ca-certificates/update.d/c_rehash || return 1
 }
 
 md5sums="d9665a83d0d3ef8176a38e6aa20458e9  ca-certificates_20160104.tar.xz
-a4d6874d07ecee797b4c0f6a76f663bd  update-ca.c"
+0c3d9f5d795c7475b997e18498b7aec8  fix-manpage.patch
+755477aff09e1b5909e4e6ef49671992  update-ca.c"
 sha256sums="09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd  ca-certificates_20160104.tar.xz
-ee01326ae155ae4f31fc6eb3e53ce667dce1eb4150d74e96f0d4f1eea3faf085  update-ca.c"
+60b36c4881bb367891df038a0736456c2d170496de8c339026671008b1caa09b  fix-manpage.patch
+e6b4a05a363f131f3dab1d3c41c315b61be3de91a77aef8b98ea2ef8f28cadc4  update-ca.c"
 sha512sums="4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a  ca-certificates_20160104.tar.xz
-97fc20703cca75418e38721b45020f9aec9e3e32ed2bc6e1c6632f5755a46602502291b5c780d8da371525f4ee2e74f94e8573f159cb8023591f23e6759d8afc  update-ca.c"
+690d6bb434fb3ccce931d7ee6a167124f9c2d2e7e7a016d85f7b72a5f7f7c34db8c6133f3575e962a91981a32a88f8961776fe5fd907e57f59c03a32f2fcced3  fix-manpage.patch
+c8e14636b238fb5c2c50125530219425e23c7e78fca6e2de56a0057f8d86511ce2d95f6ced326d3395a574a2872ce09dea6d6b0651fd5b78e75e5f8aa404b378  update-ca.c"
diff --git a/main/ca-certificates/fix-manpage.patch b/main/ca-certificates/fix-manpage.patch
new file mode 100644
index 0000000000..c4c1290c59
--- /dev/null
+++ b/main/ca-certificates/fix-manpage.patch
@@ -0,0 +1,13 @@
+--- ./sbin/update-ca-certificates.8.orig	2016-01-14 10:56:42.084504796 +0100
++++ ./sbin/update-ca-certificates.8	2016-01-14 10:57:21.685102125 +0100
+@@ -40,9 +40,7 @@
+ /usr/local/share/ca-certificates are also included as implicitly trusted.
+ .PP
+ Before terminating, \fBupdate-ca-certificates\fP invokes
+-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
+-a list of certificates: those added are prefixed with a +, those removed are
+-prefixed with a -.
++\fBrun-parts\fP on /etc/ca-certificates/update.d.
+ .SH OPTIONS
+ A summary of options is included below.
+ .TP
diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates
deleted file mode 100755
index 1780ce5d93..0000000000
--- a/main/ca-certificates/update-ca-certificates
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/lua5.2
-
-local CERTSDIR='/usr/share/ca-certificates/'
-local LOCALCERTSDIR='/usr/local/share/ca-certificates/'
-local ETCCERTSDIR='/etc/ssl/certs/'
-local CERTBUNDLE='ca-certificates.crt'
-local CERTSCONF='/etc/ca-certificates.conf'
-
-local posix = require 'posix'
-function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end
-
-local function add(fn, out, links)
-	-- Map fn to file in etc
-	local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem"
-	links[pem] = fn
-	-- Read the certificate for the bundle
-	local f = io.open(fn, "rb")
-	if f ~= nil then
-		local content = f:read("*all")
-		f:close()
-		out:write(content)
-		if content:sub(-1) ~= '\n' then out:write('\n') end
-	end
-end
-
-local calinks = {}
-local cacerts = {}
-
-local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX')
-if not fd then
-	print("Failed to open temporary file for ca bundle")
-	return 1
-end
-posix.close(fd)
-posix.chmod(tmpfile, "rw-r--r--")
-local bundle = io.open(tmpfile, "wb")
-
--- Handle global CA certs from config file
-for l in io.lines(CERTSCONF) do
-	local firstchar = l:sub(1,1)
-	if firstchar ~= "#" and firstchar ~= "!" then
-		add(CERTSDIR..l, bundle, calinks)
-	end
-end
-
--- Handle local CA certificates
-local certlist = posix.glob(LOCALCERTSDIR..'*.crt')
-if certlist ~= nil then
-	table.sort(certlist)
-	for _, fn in ipairs(certlist) do
-		if posix.stat(fn, 'type') == 'regular' then
-			add(fn, bundle, calinks)
-		end
-	end
-end
-
--- Update etc cert dir for additions and deletions
-local f, target
-for f in posix.files(ETCCERTSDIR) do
-	local fn = ETCCERTSDIR..f
-	if posix.stat(fn, 'type') == 'link' then
-		local curtgt = posix.readlink(fn)
-		local target = calinks[f]
-		if target == nil then
-			-- Symlink exists but is not wanted
-			-- Delete it if it points to 'our' directory
-			if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then
-				os.remove(fn)
-			end
-		elseif curtgt ~= target then
-			-- Symlink exists but points wrong
-			posix.link(target, ETCCERTSDIR..f, true)
-		else
-			-- Symlink exists and is ok
-			calinks[f] = nil
-		end
-	end
-end
-for f, target in pairs(calinks) do
-	posix.link(target, ETCCERTSDIR..f, true)
-end
-
--- Update hashes and the bundle
-bundle:close()
-os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE)
-os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null")
diff --git a/main/ca-certificates/update-ca.c b/main/ca-certificates/update-ca.c
index f13da69fb2..bcdd4270f8 100644
--- a/main/ca-certificates/update-ca.c
+++ b/main/ca-certificates/update-ca.c
@@ -15,6 +15,7 @@
 #define CERTSDIR "/usr/share/ca-certificates/"
 #define LOCALCERTSDIR "/usr/local/share/ca-certificates/"
 #define ETCCERTSDIR "/etc/ssl/certs/"
+#define RUNPARTSDIR "/etc/ca-certificates/update.d/"
 #define CERTBUNDLE "ca-certificates.crt"
 #define CERTSCONF "/etc/ca-certificates.conf"
 
@@ -316,13 +317,9 @@ int main(int a, char **v)
 
 	free(tmpfile);
 
-	/* Execute c_rehash */
-	int nullfd = open("/dev/null", O_WRONLY);
-	if (nullfd == -1)
-		return 1;
-	dup2(nullfd, STDOUT_FILENO);
-	char* c_rehash_args[] = { "/usr/bin/c_rehash", ETCCERTSDIR, 0 };
-	execve(c_rehash_args[0], c_rehash_args, NULL);
+	/* Execute run-parts */
+	char* run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 };
+	execvpe(run_parts_args[0], run_parts_args, NULL);
 
 	return 0;
 }