diff options
-rw-r--r-- | main/ca-certificates/APKBUILD | 8 | ||||
-rwxr-xr-x | main/ca-certificates/update-ca-certificates | 59 |
2 files changed, 35 insertions, 32 deletions
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD index 98685a5979..402a7c0ba3 100644 --- a/main/ca-certificates/APKBUILD +++ b/main/ca-certificates/APKBUILD @@ -7,7 +7,7 @@ _nmu="+nmu${pkgver#*_p}" [ "$_nmu" = "+nmu${pkgver}" ] && _nmu="" _ver=${_date}${_nmu} -pkgrel=1 +pkgrel=2 pkgdesc="Common CA certificates PEM files" url="http://packages.debian.org/sid/ca-certificates" arch="noarch" @@ -60,8 +60,8 @@ EOF } md5sums="0436aba482091da310bd762e1deca8b4 ca-certificates_20140325.tar.xz -b582c6dfa38edcc0ad324736282ff497 update-ca-certificates" +5af8def40602960071115709b05edeb6 update-ca-certificates" sha256sums="c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a ca-certificates_20140325.tar.xz -2ea92ac6b35446ddbcd6381a1a2932178e3819125052456a25b0bbc4c36870f0 update-ca-certificates" +f27d2cb35ec172f9678a3c98f3f778aac375eb36d47378cdec97608d47672cf4 update-ca-certificates" sha512sums="6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 ca-certificates_20140325.tar.xz -9c4c25ce8a667089ad73c3e494fea1a997bd1a2415c4865dd1a761e103ded44f9b4cd412b9027b28d70b6bf896e7e9ec6f2010c3e059e46b3ddf34f23b5e0815 update-ca-certificates" +b793f3f7dc41b5088d6febadc6a5e46368b0b9f8f82cedd13b3b0cd31696294cb14ac0afcd952fc49167afa3dbd69010cecf6de6e0b886d765300405b6934516 update-ca-certificates" diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates index cbd37779a7..15adf6ee40 100755 --- a/main/ca-certificates/update-ca-certificates +++ b/main/ca-certificates/update-ca-certificates @@ -7,30 +7,39 @@ local CERTBUNDLE='ca-certificates.crt' local CERTSCONF='/etc/ca-certificates.conf' local posix = require 'posix' -local calinks = {} -local cacerts = {} - function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end -local function add(fn) +local function add(fn, out, links) -- Map fn to file in etc local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem" - calinks[pem] = fn + links[pem] = fn -- Read the certificate for the bundle local f = io.open(fn, "rb") if f ~= nil then local content = f:read("*all") f:close() - table.insert(cacerts, content) - if content:sub(-1) ~= '\n' then table.insert(cacerts, '\n') end + out:write(content) + if content:sub(-1) ~= '\n' then out:write('\n') end end end +local calinks = {} +local cacerts = {} + +local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') +if not fd then + print("Failed to open temporary file for ca bundle") + return 1 +end +posix.close(fd) +posix.chmod(tmpfile, 0644) +local bundle = io.open(tmpfile, "wb") + -- Handle global CA certs from config file for l in io.lines(CERTSCONF) do local firstchar = l:sub(1,1) if firstchar ~= "#" and firstchar ~= "!" then - add(CERTSDIR..l) + add(CERTSDIR..l, bundle, calinks) end end @@ -41,7 +50,7 @@ if certlist ~= nil then for f in pairs(certlist) do local fn = LOCALCERTSDIR..f if posix.stat(fn, 'type') == 'regular' then - add(fn) + add(fn, bundle, calinks) end end end @@ -51,19 +60,20 @@ local f, target for f in posix.files(ETCCERTSDIR) do local fn = ETCCERTSDIR..f if posix.stat(fn, 'type') == 'link' then - local target = calinks[f] local curtgt = posix.readlink(fn) - if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then - if target == nil then - -- Symlink exists but is unwanted + local target = calinks[f] + if target == nil then + -- Symlink exists but is not wanted + -- Delete it if it points to 'our' directory + if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then os.remove(fn) - elseif current_target ~= wanted_target then - -- Symlink exists but points wrong - posix.link(target, ETCCERTSDIR..f, true) - else - -- Symlink exists and is ok - calinks[f] = nil end + elseif curtgt ~= target then + -- Symlink exists but points wrong + posix.link(target, ETCCERTSDIR..f, true) + else + -- Symlink exists and is ok + calinks[f] = nil end end end @@ -72,13 +82,6 @@ for f, target in pairs(calinks) do end -- Update hashes and the bundle +bundle:close() +os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null") -local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') -if fd >= 0 then - posix.close(fd) - posix.chmod(tmpfile, "a+r") - local file = io.open(tmpfile, "wb") - file:write(table.concat(cacerts)) - file:close() - os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) -end |