aboutsummaryrefslogtreecommitdiffstats
path: root/main/ca-certificates
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-01-14 10:59:29 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2016-01-14 10:57:33 +0000
commitfebc87f0569a6cc0e688991108c60a1c7d88f81e (patch)
tree5a761b29f55831492ef1556a6e72401b0a247d7c /main/ca-certificates
parentf488459f9813001df0ab4432b7ee64e3e3dede12 (diff)
downloadaports-febc87f0569a6cc0e688991108c60a1c7d88f81e.tar.bz2
aports-febc87f0569a6cc0e688991108c60a1c7d88f81e.tar.xz
main/ca-certificates: run c_rehash as a hook from update.d
instead of running c_rehash directly we run it as a hook from update.d. We also: - update the man-page to be more correct. - remove obsolete lua script
Diffstat (limited to 'main/ca-certificates')
-rw-r--r--main/ca-certificates/APKBUILD29
-rw-r--r--main/ca-certificates/fix-manpage.patch13
-rwxr-xr-xmain/ca-certificates/update-ca-certificates86
-rw-r--r--main/ca-certificates/update-ca.c11
4 files changed, 41 insertions, 98 deletions
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 8d04d4fd52..ed7118ca4a 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=ca-certificates
pkgver=20160104
-pkgrel=0
+pkgrel=1
pkgdesc="Common CA certificates PEM files"
url="http://packages.debian.org/sid/ca-certificates"
arch="all"
@@ -11,12 +11,22 @@ depends="openssl"
makedepends="python"
subpackages="$pkgname-doc"
options="!fhs"
-triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs"
+triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d"
source="http://ftp.no.debian.org/debian/pool/main/c/$pkgname/${pkgname}_${pkgver}.tar.xz
+ fix-manpage.patch
update-ca.c
"
_builddir="$srcdir"/$pkgname
+prepare() {
+ cd "$_builddir"
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
build () {
cd "$_builddir"
make || return 1
@@ -58,11 +68,20 @@ package() {
-etc/ssl/certs/ca-cert-*.pem
-etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]*
EOF
+
+ cat > "$pkgdir"/etc/ca-certificates/update.d/c_rehash <<EOF
+#!/bin/sh
+exec /usr/bin/c_rehash /etc/ssl/certs
+EOF
+ chmod +x "$pkgdir"/etc/ca-certificates/update.d/c_rehash || return 1
}
md5sums="d9665a83d0d3ef8176a38e6aa20458e9 ca-certificates_20160104.tar.xz
-a4d6874d07ecee797b4c0f6a76f663bd update-ca.c"
+0c3d9f5d795c7475b997e18498b7aec8 fix-manpage.patch
+755477aff09e1b5909e4e6ef49671992 update-ca.c"
sha256sums="09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd ca-certificates_20160104.tar.xz
-ee01326ae155ae4f31fc6eb3e53ce667dce1eb4150d74e96f0d4f1eea3faf085 update-ca.c"
+60b36c4881bb367891df038a0736456c2d170496de8c339026671008b1caa09b fix-manpage.patch
+e6b4a05a363f131f3dab1d3c41c315b61be3de91a77aef8b98ea2ef8f28cadc4 update-ca.c"
sha512sums="4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a ca-certificates_20160104.tar.xz
-97fc20703cca75418e38721b45020f9aec9e3e32ed2bc6e1c6632f5755a46602502291b5c780d8da371525f4ee2e74f94e8573f159cb8023591f23e6759d8afc update-ca.c"
+690d6bb434fb3ccce931d7ee6a167124f9c2d2e7e7a016d85f7b72a5f7f7c34db8c6133f3575e962a91981a32a88f8961776fe5fd907e57f59c03a32f2fcced3 fix-manpage.patch
+c8e14636b238fb5c2c50125530219425e23c7e78fca6e2de56a0057f8d86511ce2d95f6ced326d3395a574a2872ce09dea6d6b0651fd5b78e75e5f8aa404b378 update-ca.c"
diff --git a/main/ca-certificates/fix-manpage.patch b/main/ca-certificates/fix-manpage.patch
new file mode 100644
index 0000000000..c4c1290c59
--- /dev/null
+++ b/main/ca-certificates/fix-manpage.patch
@@ -0,0 +1,13 @@
+--- ./sbin/update-ca-certificates.8.orig 2016-01-14 10:56:42.084504796 +0100
++++ ./sbin/update-ca-certificates.8 2016-01-14 10:57:21.685102125 +0100
+@@ -40,9 +40,7 @@
+ /usr/local/share/ca-certificates are also included as implicitly trusted.
+ .PP
+ Before terminating, \fBupdate-ca-certificates\fP invokes
+-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
+-a list of certificates: those added are prefixed with a +, those removed are
+-prefixed with a -.
++\fBrun-parts\fP on /etc/ca-certificates/update.d.
+ .SH OPTIONS
+ A summary of options is included below.
+ .TP
diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates
deleted file mode 100755
index 1780ce5d93..0000000000
--- a/main/ca-certificates/update-ca-certificates
+++ /dev/null
@@ -1,86 +0,0 @@
-#!/usr/bin/lua5.2
-
-local CERTSDIR='/usr/share/ca-certificates/'
-local LOCALCERTSDIR='/usr/local/share/ca-certificates/'
-local ETCCERTSDIR='/etc/ssl/certs/'
-local CERTBUNDLE='ca-certificates.crt'
-local CERTSCONF='/etc/ca-certificates.conf'
-
-local posix = require 'posix'
-function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end
-
-local function add(fn, out, links)
- -- Map fn to file in etc
- local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem"
- links[pem] = fn
- -- Read the certificate for the bundle
- local f = io.open(fn, "rb")
- if f ~= nil then
- local content = f:read("*all")
- f:close()
- out:write(content)
- if content:sub(-1) ~= '\n' then out:write('\n') end
- end
-end
-
-local calinks = {}
-local cacerts = {}
-
-local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX')
-if not fd then
- print("Failed to open temporary file for ca bundle")
- return 1
-end
-posix.close(fd)
-posix.chmod(tmpfile, "rw-r--r--")
-local bundle = io.open(tmpfile, "wb")
-
--- Handle global CA certs from config file
-for l in io.lines(CERTSCONF) do
- local firstchar = l:sub(1,1)
- if firstchar ~= "#" and firstchar ~= "!" then
- add(CERTSDIR..l, bundle, calinks)
- end
-end
-
--- Handle local CA certificates
-local certlist = posix.glob(LOCALCERTSDIR..'*.crt')
-if certlist ~= nil then
- table.sort(certlist)
- for _, fn in ipairs(certlist) do
- if posix.stat(fn, 'type') == 'regular' then
- add(fn, bundle, calinks)
- end
- end
-end
-
--- Update etc cert dir for additions and deletions
-local f, target
-for f in posix.files(ETCCERTSDIR) do
- local fn = ETCCERTSDIR..f
- if posix.stat(fn, 'type') == 'link' then
- local curtgt = posix.readlink(fn)
- local target = calinks[f]
- if target == nil then
- -- Symlink exists but is not wanted
- -- Delete it if it points to 'our' directory
- if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then
- os.remove(fn)
- end
- elseif curtgt ~= target then
- -- Symlink exists but points wrong
- posix.link(target, ETCCERTSDIR..f, true)
- else
- -- Symlink exists and is ok
- calinks[f] = nil
- end
- end
-end
-for f, target in pairs(calinks) do
- posix.link(target, ETCCERTSDIR..f, true)
-end
-
--- Update hashes and the bundle
-bundle:close()
-os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE)
-os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null")
diff --git a/main/ca-certificates/update-ca.c b/main/ca-certificates/update-ca.c
index f13da69fb2..bcdd4270f8 100644
--- a/main/ca-certificates/update-ca.c
+++ b/main/ca-certificates/update-ca.c
@@ -15,6 +15,7 @@
#define CERTSDIR "/usr/share/ca-certificates/"
#define LOCALCERTSDIR "/usr/local/share/ca-certificates/"
#define ETCCERTSDIR "/etc/ssl/certs/"
+#define RUNPARTSDIR "/etc/ca-certificates/update.d/"
#define CERTBUNDLE "ca-certificates.crt"
#define CERTSCONF "/etc/ca-certificates.conf"
@@ -316,13 +317,9 @@ int main(int a, char **v)
free(tmpfile);
- /* Execute c_rehash */
- int nullfd = open("/dev/null", O_WRONLY);
- if (nullfd == -1)
- return 1;
- dup2(nullfd, STDOUT_FILENO);
- char* c_rehash_args[] = { "/usr/bin/c_rehash", ETCCERTSDIR, 0 };
- execve(c_rehash_args[0], c_rehash_args, NULL);
+ /* Execute run-parts */
+ char* run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 };
+ execvpe(run_parts_args[0], run_parts_args, NULL);
return 0;
}