[pkgsrc/trunk]: pkgsrc/security/mozilla-rootcerts Rationalize directory handl...

[gdt <gdt%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c11e4db7df29
branches:  trunk
changeset: 363939:c11e4db7df29
user:      gdt <gdt%pkgsrc.org@localhost>
date:      Mon Jun 19 00:32:37 2017 +0000

description:
Rationalize directory handling around ca-certificates.crt

Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths.  So the directory
must exist (because it was checked earlier).  Instead, check for the
ca-certificates.crt file existing.  Add more questioning comments.

Based on a patch by J. Lewis Muir.

diffstat:

 security/mozilla-rootcerts/Makefile                   |   4 ++--
 security/mozilla-rootcerts/files/mozilla-rootcerts.sh |  16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diffs (57 lines):

diff -r 9cbcddc99e55 -r c11e4db7df29 security/mozilla-rootcerts/Makefile
--- a/security/mozilla-rootcerts/Makefile       Mon Jun 19 00:20:15 2017 +0000
+++ b/security/mozilla-rootcerts/Makefile       Mon Jun 19 00:32:37 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.27 2017/06/19 00:10:21 gdt Exp $
+# $NetBSD: Makefile,v 1.28 2017/06/19 00:32:37 gdt Exp $
 
 DISTNAME=      mozilla-rootcerts-1.0.${CERTDATA_DATE}
-PKGREVISION=   3
+PKGREVISION=   4
 CATEGORIES=    security
 MASTER_SITES=  -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt
 DISTFILES=     ${CERTDATA}
diff -r 9cbcddc99e55 -r c11e4db7df29 security/mozilla-rootcerts/files/mozilla-rootcerts.sh
--- a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh     Mon Jun 19 00:20:15 2017 +0000
+++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh     Mon Jun 19 00:32:37 2017 +0000
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: mozilla-rootcerts.sh,v 1.15 2017/06/19 00:20:15 gdt Exp $
+# $NetBSD: mozilla-rootcerts.sh,v 1.16 2017/06/19 00:32:37 gdt Exp $
 #
 # This script is meant to be used as follows:
 #
@@ -201,6 +201,7 @@
                # quell warnings for a missing config file
                touch $destdir$conffile
        fi
+       # Insist on e.g. /etc/openssl/certs existing.
        if [ ! -d $destdir$certdir ]; then
                ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting."
                exit 1
@@ -217,18 +218,17 @@
        $self extract
        $self rehash
        set +e
-
-       # \todo Explain the point of the next check.  After directory
-       # rationalization, it is checking the same directory that was
-       # just populated.
-       if [ -d $destdir$certdir ]; then
-               ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting."
+       # \todo Explain why if we are willing to write
+       # ca-certificates.crt, we are not willing to remove and
+       # re-create it.  Arguably install should be idempotent without
+       # error.
+       if [ -e $destdir$certdir/ca-certificates.crt ]; then
+               ${ECHO} 1>&2 "ERROR: $destdir$certdir/ca-certificates.crt already exists, aborting."
                exit 1
        fi
        set -e
        # \todo Explain the purpose of the ca-certificates file, and
        # specifically if it is for openssl itself, propgrams using
        # openssl, gnutls, or something else.
-       $MKDIR $destdir$certdir
        cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt
 esac