mozilla-rootcerts-openssl

To: tech-pkg%netbsd.org@localhost
Subject: mozilla-rootcerts-openssl
From: David Holland <dholland-pkgtech%netbsd.org@localhost>
Date: Mon, 23 Mar 2015 06:09:34 +0000

Being tired of the way mozilla-rootcerts works (the point of having
packages is so that if you get a bajillion files blatted somewhere the
package manager can clean them up or update them afterwards...) I have
concocted the following hack to directly manage the cert files that it
spews.

This requires a small straightforward patch to mozilla-rootcerts so
that its script accepts the -d destdir option.

It appears that openssl does not support more than one directory of
certs (sheesh) which is I guess how mozilla-rootcerts ended up the way
it is; anyway, the result is that this is an abusive package that
installs the files directly into etc/openssl/certs, and for native
openssl it's an especially abusive package because this is outside
$PREFIX.

Nonetheless it's better than not having it.

Comments?

   ------
# $NetBSD$

PKGNAME=	mozilla-rootcerts-openssl-1
CATEGORIES=	security
MASTER_SITES=	# empty
DISTFILES=	# empty

MAINTAINER=	dholland%NetBSD.org@localhost
#HOMEPAGE=	none
COMMENT=	Wedge for installing and managing mozilla-rootcerts
LICENSE=	modified-bsd

USE_TOOLS+=	openssl
WRKSRC=		${WRKDIR}
BUILD_DIRS=	# empty

BUILD_DEPENDS+=	mozilla-rootcerts>=1.0.20141117nb1:../../security/mozilla-rootcerts
SCRIPT=		${LOCALBASE}/sbin/mozilla-rootcerts

CHECK_BUILTIN.openssl=	yes
.include "../../security/openssl/builtin.mk"
CHECK_BUILTIN.openssl=	no

#
# This package needs to install directly into openssl's certs directory
# because openssl is dumb and doesn't support multiple cert directories.
# (Otherwise we'd install under ${PREFIX}/share.)
#
# For native openssl this is in /etc outside of ${PREFIX}. Beware.
#
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
PLACE=			/etc
SET_PREFIX=		yes
PLIST_SUBST+=		MYETCDIR=etc
CHECK_FILES_SUPPORTED=	no
NOT_FOR_UNPRIVILEGED=	yes

.else
PLACE=			${PKG_SYSCONFDIR}
SET_PREFIX=		no
PLIST_SUBST+=		${PKG_SYSCONFDIR:S/^${PREFIX}//}
.endif

OPENSSLDIR=		${PLACE}/openssl/certs
SSLDIR=			${PLACE}/ssl/certs

do-install:
	${INSTALL_DATA_DIR} ${DESTDIR}${OPENSSLDIR}
	#${INSTALL_DATA_DIR} ${DESTDIR}${SSLDIR} # must *not* exist
	cd ${WRKSRC} && ${SCRIPT} -d ${DESTDIR} install
	${CHMOD} go+r ${DESTDIR}${OPENSSLDIR}/*.pem
	${CHMOD} go+r ${DESTDIR}${SSLDIR}/*.crt

.include "../../mk/bsd.pkg.mk"

# This must be after bsd.pkg.mk is included to work.
.if ${SET_PREFIX} == "yes"
PREFIX=			/
.endif
   ------

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: mozilla-rootcerts-openssl
  - From: Joerg Sonnenberger
- Re: mozilla-rootcerts-openssl
  - From: Tobias Nygren

Prev by Date: daily pkgsrc CVS update output
Next by Date: Re: mozilla-rootcerts-openssl
Previous by Thread: daily pkgsrc CVS update output
Next by Thread: Re: mozilla-rootcerts-openssl
Indexes:

Home | Main Index | Thread Index | Old Index