pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2017Q1]: pkgsrc/security/mozilla-rootcerts Pullup ticket #5488...
details: https://anonhg.NetBSD.org/pkgsrc/rev/521c12a80de5
branches: pkgsrc-2017Q1
changeset: 360430:521c12a80de5
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Wed Jun 21 18:45:27 2017 +0000
description:
Pullup ticket #5488 - requested by sevan
security/mozilla-rootcerts: build fix
Revisions pulled up:
- security/mozilla-rootcerts/Makefile 1.27-1.29
- security/mozilla-rootcerts/files/mozilla-rootcerts.sh 1.14-1.18
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:10:21 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Substitute path to openssl more thoroughly
This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded. Be more
thorough about using builtin vs pkgsrc paths. This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.
Based on a report to pkgsrc-users by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:20:15 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Add comments questioning many things
Describe issues with touching the config file and the spurious
directory check surrounding ca-certificates.crt.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:32:38 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Rationalize directory handling around ca-certificates.crt
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths. So the directory
must exist (because it was checked earlier). Instead, check for the
ca-certificates.crt file existing. Add more questioning comments.
Based on a patch by J. Lewis Muir.
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:37:48 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts: Makefile
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Revert touching of openssl config file
Earlier, code was added to "touch $conffile" to work around openssl
issuing a warning if openssl.conf was not present. This is
problematic because if the warning is appropriate, 1) we have no way
of knowing that an empty config file is correct and 2) we should not
silence it. If the warning is buggy, then openssl and/or the base
system should be fixed. Further, this code changes the modification
date of the config file on every run, even when there is a valid
config file.
(There was no discussion prior, three objections and no concurrences,
and no response, so reverting seems ok.)
---
Module Name: pkgsrc
Committed By: gdt
Date: Mon Jun 19 00:39:53 UTC 2017
Modified Files:
pkgsrc/security/mozilla-rootcerts/files: mozilla-rootcerts.sh
Log Message:
Adjust comments around ca-certificates.crt
(Ride earlier PKGREVISION.)
diffstat:
security/mozilla-rootcerts/Makefile | 9 ++--
security/mozilla-rootcerts/files/mozilla-rootcerts.sh | 36 +++++++++++-------
2 files changed, 26 insertions(+), 19 deletions(-)
diffs (100 lines):
diff -r e6a82f14beef -r 521c12a80de5 security/mozilla-rootcerts/Makefile
--- a/security/mozilla-rootcerts/Makefile Wed Jun 21 18:39:02 2017 +0000
+++ b/security/mozilla-rootcerts/Makefile Wed Jun 21 18:45:27 2017 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.26 2017/03/15 18:52:55 jperkin Exp $
+# $NetBSD: Makefile,v 1.26.2.1 2017/06/21 18:45:27 bsiegert Exp $
DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE}
-PKGREVISION= 2
+PKGREVISION= 5
CATEGORIES= security
MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt
DISTFILES= ${CERTDATA}
@@ -21,13 +21,14 @@
WRKSRC= ${WRKDIR}
DATADIR= ${PREFIX}/share/${PKGBASE}
+# Set paths depending on whether we depend on builtin or pkgsrc openssl.
CHECK_BUILTIN.openssl= yes
.include "../../security/openssl/builtin.mk"
CHECK_BUILTIN.openssl= no
.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
-SSLDIR= /etc/openssl/certs
+SSLDIR= /etc/openssl
.else
-SSLDIR= ${PKG_SYSCONFDIR}/openssl/certs
+SSLDIR= ${PKG_SYSCONFDIR}/openssl
.endif
CERT_SCRIPT= mozilla-rootcerts.sh
diff -r e6a82f14beef -r 521c12a80de5 security/mozilla-rootcerts/files/mozilla-rootcerts.sh
--- a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh Wed Jun 21 18:39:02 2017 +0000
+++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh Wed Jun 21 18:45:27 2017 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: mozilla-rootcerts.sh,v 1.13 2017/03/15 18:52:56 jperkin Exp $
+# $NetBSD: mozilla-rootcerts.sh,v 1.13.2.1 2017/06/21 18:45:27 bsiegert Exp $
#
# This script is meant to be used as follows:
#
@@ -21,9 +21,8 @@
self="@LOCALBASE@/sbin/mozilla-rootcerts"
certfile="@DATADIR@/certdata.txt"
-certdir="/etc/ssl/certs"
+certdir=${SSLDIR}/certs
destdir=
-conffile="/etc/openssl/openssl.cnf"
usage()
{
@@ -188,28 +187,35 @@
}'
;;
install)
- if [ `uname -s` = "NetBSD" ]; then
- # quell warnings for a missing config file
- touch $destdir$conffile
- fi
- if [ ! -d $destdir$SSLDIR ]; then
- ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR does not exist, aborting."
+ # Insist on e.g. /etc/openssl/certs existing.
+ if [ ! -d $destdir$certdir ]; then
+ ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting."
exit 1
fi
- cd $destdir$SSLDIR
+ cd $destdir$certdir
if [ -n "`${LS}`" ]; then
- ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR already contains certificates, aborting."
+ # \todo Explain why this must fail if the user has
+ # installed certificates from other than the mozilla
+ # default root set.
+ ${ECHO} 1>&2 "ERROR: $destdir$certdir already contains certificates, aborting."
exit 1
fi
set -e
$self extract
$self rehash
set +e
- if [ -d $destdir$certdir ]; then
- ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting."
+ # \todo Explain why if we are willing to write
+ # ca-certificates.crt, we are not willing to remove and
+ # re-create it. Arguably install should be idempotent without
+ # error.
+ if [ -e $destdir$certdir/ca-certificates.crt ]; then
+ ${ECHO} 1>&2 "ERROR: $destdir$certdir/ca-certificates.crt already exists, aborting."
exit 1
fi
set -e
- $MKDIR $destdir$certdir
- cat $destdir$SSLDIR/*.pem > $destdir$certdir/ca-certificates.crt
+ # \todo This is appparently for users of gnutls, but it is not
+ # clear where it should be and why. In particular, this file
+ # should perhaps be created at package build time and be
+ # managed by pkgsrc.
+ cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt
esac
Home |
Main Index |
Thread Index |
Old Index