diff options
-rw-r--r-- | main/ca-certificates/APKBUILD | 29 | ||||
-rw-r--r-- | main/ca-certificates/fix-manpage.patch | 13 | ||||
-rwxr-xr-x | main/ca-certificates/update-ca-certificates | 86 | ||||
-rw-r--r-- | main/ca-certificates/update-ca.c | 11 |
4 files changed, 41 insertions, 98 deletions
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD index 8d04d4fd52..ed7118ca4a 100644 --- a/main/ca-certificates/APKBUILD +++ b/main/ca-certificates/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=ca-certificates pkgver=20160104 -pkgrel=0 +pkgrel=1 pkgdesc="Common CA certificates PEM files" url="http://packages.debian.org/sid/ca-certificates" arch="all" @@ -11,12 +11,22 @@ depends="openssl" makedepends="python" subpackages="$pkgname-doc" options="!fhs" -triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs" +triggers="ca-certificates.trigger=/usr/share/ca-certificates:/usr/local/share/ca-certificates:/etc/ssl/certs:/etc/ca-certificates/update.d" source="http://ftp.no.debian.org/debian/pool/main/c/$pkgname/${pkgname}_${pkgver}.tar.xz + fix-manpage.patch update-ca.c " _builddir="$srcdir"/$pkgname +prepare() { + cd "$_builddir" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done +} + build () { cd "$_builddir" make || return 1 @@ -58,11 +68,20 @@ package() { -etc/ssl/certs/ca-cert-*.pem -etc/ssl/certs/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].[r0-9]* EOF + + cat > "$pkgdir"/etc/ca-certificates/update.d/c_rehash <<EOF +#!/bin/sh +exec /usr/bin/c_rehash /etc/ssl/certs +EOF + chmod +x "$pkgdir"/etc/ca-certificates/update.d/c_rehash || return 1 } md5sums="d9665a83d0d3ef8176a38e6aa20458e9 ca-certificates_20160104.tar.xz -a4d6874d07ecee797b4c0f6a76f663bd update-ca.c" +0c3d9f5d795c7475b997e18498b7aec8 fix-manpage.patch +755477aff09e1b5909e4e6ef49671992 update-ca.c" sha256sums="09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd ca-certificates_20160104.tar.xz -ee01326ae155ae4f31fc6eb3e53ce667dce1eb4150d74e96f0d4f1eea3faf085 update-ca.c" +60b36c4881bb367891df038a0736456c2d170496de8c339026671008b1caa09b fix-manpage.patch +e6b4a05a363f131f3dab1d3c41c315b61be3de91a77aef8b98ea2ef8f28cadc4 update-ca.c" sha512sums="4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a ca-certificates_20160104.tar.xz -97fc20703cca75418e38721b45020f9aec9e3e32ed2bc6e1c6632f5755a46602502291b5c780d8da371525f4ee2e74f94e8573f159cb8023591f23e6759d8afc update-ca.c" +690d6bb434fb3ccce931d7ee6a167124f9c2d2e7e7a016d85f7b72a5f7f7c34db8c6133f3575e962a91981a32a88f8961776fe5fd907e57f59c03a32f2fcced3 fix-manpage.patch +c8e14636b238fb5c2c50125530219425e23c7e78fca6e2de56a0057f8d86511ce2d95f6ced326d3395a574a2872ce09dea6d6b0651fd5b78e75e5f8aa404b378 update-ca.c" diff --git a/main/ca-certificates/fix-manpage.patch b/main/ca-certificates/fix-manpage.patch new file mode 100644 index 0000000000..c4c1290c59 --- /dev/null +++ b/main/ca-certificates/fix-manpage.patch @@ -0,0 +1,13 @@ +--- ./sbin/update-ca-certificates.8.orig 2016-01-14 10:56:42.084504796 +0100 ++++ ./sbin/update-ca-certificates.8 2016-01-14 10:57:21.685102125 +0100 +@@ -40,9 +40,7 @@ + /usr/local/share/ca-certificates are also included as implicitly trusted. + .PP + Before terminating, \fBupdate-ca-certificates\fP invokes +-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with +-a list of certificates: those added are prefixed with a +, those removed are +-prefixed with a -. ++\fBrun-parts\fP on /etc/ca-certificates/update.d. + .SH OPTIONS + A summary of options is included below. + .TP diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates deleted file mode 100755 index 1780ce5d93..0000000000 --- a/main/ca-certificates/update-ca-certificates +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/lua5.2 - -local CERTSDIR='/usr/share/ca-certificates/' -local LOCALCERTSDIR='/usr/local/share/ca-certificates/' -local ETCCERTSDIR='/etc/ssl/certs/' -local CERTBUNDLE='ca-certificates.crt' -local CERTSCONF='/etc/ca-certificates.conf' - -local posix = require 'posix' -function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end - -local function add(fn, out, links) - -- Map fn to file in etc - local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem" - links[pem] = fn - -- Read the certificate for the bundle - local f = io.open(fn, "rb") - if f ~= nil then - local content = f:read("*all") - f:close() - out:write(content) - if content:sub(-1) ~= '\n' then out:write('\n') end - end -end - -local calinks = {} -local cacerts = {} - -local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX') -if not fd then - print("Failed to open temporary file for ca bundle") - return 1 -end -posix.close(fd) -posix.chmod(tmpfile, "rw-r--r--") -local bundle = io.open(tmpfile, "wb") - --- Handle global CA certs from config file -for l in io.lines(CERTSCONF) do - local firstchar = l:sub(1,1) - if firstchar ~= "#" and firstchar ~= "!" then - add(CERTSDIR..l, bundle, calinks) - end -end - --- Handle local CA certificates -local certlist = posix.glob(LOCALCERTSDIR..'*.crt') -if certlist ~= nil then - table.sort(certlist) - for _, fn in ipairs(certlist) do - if posix.stat(fn, 'type') == 'regular' then - add(fn, bundle, calinks) - end - end -end - --- Update etc cert dir for additions and deletions -local f, target -for f in posix.files(ETCCERTSDIR) do - local fn = ETCCERTSDIR..f - if posix.stat(fn, 'type') == 'link' then - local curtgt = posix.readlink(fn) - local target = calinks[f] - if target == nil then - -- Symlink exists but is not wanted - -- Delete it if it points to 'our' directory - if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then - os.remove(fn) - end - elseif curtgt ~= target then - -- Symlink exists but points wrong - posix.link(target, ETCCERTSDIR..f, true) - else - -- Symlink exists and is ok - calinks[f] = nil - end - end -end -for f, target in pairs(calinks) do - posix.link(target, ETCCERTSDIR..f, true) -end - --- Update hashes and the bundle -bundle:close() -os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE) -os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null") diff --git a/main/ca-certificates/update-ca.c b/main/ca-certificates/update-ca.c index f13da69fb2..bcdd4270f8 100644 --- a/main/ca-certificates/update-ca.c +++ b/main/ca-certificates/update-ca.c @@ -15,6 +15,7 @@ #define CERTSDIR "/usr/share/ca-certificates/" #define LOCALCERTSDIR "/usr/local/share/ca-certificates/" #define ETCCERTSDIR "/etc/ssl/certs/" +#define RUNPARTSDIR "/etc/ca-certificates/update.d/" #define CERTBUNDLE "ca-certificates.crt" #define CERTSCONF "/etc/ca-certificates.conf" @@ -316,13 +317,9 @@ int main(int a, char **v) free(tmpfile); - /* Execute c_rehash */ - int nullfd = open("/dev/null", O_WRONLY); - if (nullfd == -1) - return 1; - dup2(nullfd, STDOUT_FILENO); - char* c_rehash_args[] = { "/usr/bin/c_rehash", ETCCERTSDIR, 0 }; - execve(c_rehash_args[0], c_rehash_args, NULL); + /* Execute run-parts */ + char* run_parts_args[] = { "run-parts", RUNPARTSDIR, 0 }; + execvpe(run_parts_args[0], run_parts_args, NULL); return 0; } |