aboutsummaryrefslogtreecommitdiffstats
path: root/main/ca-certificates
diff options
context:
space:
mode:
Diffstat (limited to 'main/ca-certificates')
-rw-r--r--main/ca-certificates/APKBUILD8
-rwxr-xr-xmain/ca-certificates/update-ca-certificates59
2 files changed, 35 insertions, 32 deletions
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
index 98685a5979..402a7c0ba3 100644
--- a/main/ca-certificates/APKBUILD
+++ b/main/ca-certificates/APKBUILD
@@ -7,7 +7,7 @@ _nmu="+nmu${pkgver#*_p}"
[ "$_nmu" = "+nmu${pkgver}" ] && _nmu=""
_ver=${_date}${_nmu}
-pkgrel=1
+pkgrel=2
pkgdesc="Common CA certificates PEM files"
url="http://packages.debian.org/sid/ca-certificates"
arch="noarch"
@@ -60,8 +60,8 @@ EOF
}
md5sums="0436aba482091da310bd762e1deca8b4 ca-certificates_20140325.tar.xz
-b582c6dfa38edcc0ad324736282ff497 update-ca-certificates"
+5af8def40602960071115709b05edeb6 update-ca-certificates"
sha256sums="c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a ca-certificates_20140325.tar.xz
-2ea92ac6b35446ddbcd6381a1a2932178e3819125052456a25b0bbc4c36870f0 update-ca-certificates"
+f27d2cb35ec172f9678a3c98f3f778aac375eb36d47378cdec97608d47672cf4 update-ca-certificates"
sha512sums="6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 ca-certificates_20140325.tar.xz
-9c4c25ce8a667089ad73c3e494fea1a997bd1a2415c4865dd1a761e103ded44f9b4cd412b9027b28d70b6bf896e7e9ec6f2010c3e059e46b3ddf34f23b5e0815 update-ca-certificates"
+b793f3f7dc41b5088d6febadc6a5e46368b0b9f8f82cedd13b3b0cd31696294cb14ac0afcd952fc49167afa3dbd69010cecf6de6e0b886d765300405b6934516 update-ca-certificates"
diff --git a/main/ca-certificates/update-ca-certificates b/main/ca-certificates/update-ca-certificates
index cbd37779a7..15adf6ee40 100755
--- a/main/ca-certificates/update-ca-certificates
+++ b/main/ca-certificates/update-ca-certificates
@@ -7,30 +7,39 @@ local CERTBUNDLE='ca-certificates.crt'
local CERTSCONF='/etc/ca-certificates.conf'
local posix = require 'posix'
-local calinks = {}
-local cacerts = {}
-
function string.begins(str, prefix) return str:sub(1,#prefix)==prefix end
-local function add(fn)
+local function add(fn, out, links)
-- Map fn to file in etc
local pem = "ca-cert-"..fn:gsub('.*/', ''):gsub('.crt$',''):gsub('[, ]','_'):gsub('[()]','=')..".pem"
- calinks[pem] = fn
+ links[pem] = fn
-- Read the certificate for the bundle
local f = io.open(fn, "rb")
if f ~= nil then
local content = f:read("*all")
f:close()
- table.insert(cacerts, content)
- if content:sub(-1) ~= '\n' then table.insert(cacerts, '\n') end
+ out:write(content)
+ if content:sub(-1) ~= '\n' then out:write('\n') end
end
end
+local calinks = {}
+local cacerts = {}
+
+local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX')
+if not fd then
+ print("Failed to open temporary file for ca bundle")
+ return 1
+end
+posix.close(fd)
+posix.chmod(tmpfile, 0644)
+local bundle = io.open(tmpfile, "wb")
+
-- Handle global CA certs from config file
for l in io.lines(CERTSCONF) do
local firstchar = l:sub(1,1)
if firstchar ~= "#" and firstchar ~= "!" then
- add(CERTSDIR..l)
+ add(CERTSDIR..l, bundle, calinks)
end
end
@@ -41,7 +50,7 @@ if certlist ~= nil then
for f in pairs(certlist) do
local fn = LOCALCERTSDIR..f
if posix.stat(fn, 'type') == 'regular' then
- add(fn)
+ add(fn, bundle, calinks)
end
end
end
@@ -51,19 +60,20 @@ local f, target
for f in posix.files(ETCCERTSDIR) do
local fn = ETCCERTSDIR..f
if posix.stat(fn, 'type') == 'link' then
- local target = calinks[f]
local curtgt = posix.readlink(fn)
- if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then
- if target == nil then
- -- Symlink exists but is unwanted
+ local target = calinks[f]
+ if target == nil then
+ -- Symlink exists but is not wanted
+ -- Delete it if it points to 'our' directory
+ if curtgt:begins(CERTSDIR) or curtgt:begins(LOCALCERTSDIR) then
os.remove(fn)
- elseif current_target ~= wanted_target then
- -- Symlink exists but points wrong
- posix.link(target, ETCCERTSDIR..f, true)
- else
- -- Symlink exists and is ok
- calinks[f] = nil
end
+ elseif curtgt ~= target then
+ -- Symlink exists but points wrong
+ posix.link(target, ETCCERTSDIR..f, true)
+ else
+ -- Symlink exists and is ok
+ calinks[f] = nil
end
end
end
@@ -72,13 +82,6 @@ for f, target in pairs(calinks) do
end
-- Update hashes and the bundle
+bundle:close()
+os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE)
os.execute("c_rehash "..ETCCERTSDIR.." > /dev/null")
-local fd, tmpfile = posix.mkstemp(ETCCERTSDIR..'bundleXXXXXX')
-if fd >= 0 then
- posix.close(fd)
- posix.chmod(tmpfile, "a+r")
- local file = io.open(tmpfile, "wb")
- file:write(table.concat(cacerts))
- file:close()
- os.rename(tmpfile, ETCCERTSDIR..CERTBUNDLE)
-end