From 2a558ee61a2452a209d39cd1528a309c549c0f4e Mon Sep 17 00:00:00 2001 From: zhengruoqin Date: Thu, 28 Jan 2021 18:05:52 +0800 Subject: ca-certificates: upgrade 20200601 -> 20210119 0001-certdata2pem.py-use-python3.patch removed since it is included in 20210119 Signed-off-by: Zheng Ruoqin Signed-off-by: Richard Purdie (cherry picked from commit afd86357e07f69090eaff4c5db2c517867dd4ccf) Signed-off-by: Steve Sakoman --- .../0001-certdata2pem.py-use-python3.patch | 37 --------- .../ca-certificates/ca-certificates_20200601.bb | 91 ---------------------- .../ca-certificates/ca-certificates_20210119.bb | 90 +++++++++++++++++++++ 3 files changed, 90 insertions(+), 128 deletions(-) delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates_20200601.bb create mode 100644 meta/recipes-support/ca-certificates/ca-certificates_20210119.bb diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch deleted file mode 100644 index aa2c85ff43..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates/0001-certdata2pem.py-use-python3.patch +++ /dev/null @@ -1,37 +0,0 @@ -From b6d18ca77f131cdcaa10d0eaa9d303399767edf6 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin -Date: Wed, 28 Aug 2019 19:18:14 +0200 -Subject: [PATCH] certdata2pem.py: use python3 - -Comments in that file imply it is already py3 compatible. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin ---- - mozilla/Makefile | 2 +- - mozilla/certdata2pem.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/mozilla/Makefile b/mozilla/Makefile -index 6f46118..f98877c 100644 ---- a/mozilla/Makefile -+++ b/mozilla/Makefile -@@ -3,7 +3,7 @@ - # - - all: -- python certdata2pem.py -+ python3 certdata2pem.py - - clean: - -rm -f *.crt -diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py -index 0b02b2a..7d796f1 100644 ---- a/mozilla/certdata2pem.py -+++ b/mozilla/certdata2pem.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - # vim:set et sw=4: - # - # certdata2pem.py - splits certdata.txt into multiple files diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb b/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb deleted file mode 100644 index 6f39df7985..0000000000 --- a/meta/recipes-support/ca-certificates/ca-certificates_20200601.bb +++ /dev/null @@ -1,91 +0,0 @@ -SUMMARY = "Common CA certificates" -DESCRIPTION = "This package includes PEM files of CA certificates to allow \ -SSL-based applications to check for the authenticity of SSL connections. \ -This derived from Debian's CA Certificates." -HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" -SECTION = "misc" -LICENSE = "GPL-2.0+ & MPL-2.0" -LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" - -# This is needed to ensure we can run the postinst at image creation time -DEPENDS = "" -DEPENDS_class-native = "openssl-native" -DEPENDS_class-nativesdk = "openssl-native" -# Need rehash from openssl and run-parts from debianutils -PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" - -SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b" - -SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ - file://0002-update-ca-certificates-use-SYSROOT.patch \ - file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ - file://update-ca-certificates-support-Toybox.patch \ - file://default-sysroot.patch \ - file://sbindir.patch \ - file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ - file://0001-certdata2pem.py-use-python3.patch \ - " -UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+)" - -S = "${WORKDIR}/git" - -inherit allarch - -EXTRA_OEMAKE = "\ - 'CERTSDIR=${datadir}/ca-certificates' \ - 'SBINDIR=${sbindir}' \ -" - -do_compile_prepend() { - oe_runmake clean -} - -do_install () { - install -d ${D}${datadir}/ca-certificates \ - ${D}${sysconfdir}/ssl/certs \ - ${D}${sysconfdir}/ca-certificates/update.d - oe_runmake 'DESTDIR=${D}' install - - install -d ${D}${mandir}/man8 - install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ - - install -d ${D}${sysconfdir} - { - echo "# Lines starting with # will be ignored" - echo "# Lines starting with ! will remove certificate on next update" - echo "#" - find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ - sed 's,^${D}${datadir}/ca-certificates/,,' | sort - } >${D}${sysconfdir}/ca-certificates.conf -} - -do_install_append_class-target () { - sed -i -e 's,/etc/,${sysconfdir}/,' \ - -e 's,/usr/share/,${datadir}/,' \ - -e 's,/usr/local,${prefix}/local,' \ - ${D}${sbindir}/update-ca-certificates \ - ${D}${mandir}/man8/update-ca-certificates.8 -} - -pkg_postinst_${PN}_class-target () { - SYSROOT="$D" $D${sbindir}/update-ca-certificates -} - -CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" - -# Rather than make a postinst script that works for both target and nativesdk, -# we just run update-ca-certificate from do_install() for nativesdk. -CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" -do_install_append_class-nativesdk () { - SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates -} - -do_install_append_class-native () { - SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates -} - -RDEPENDS_${PN}_class-target = "openssl-bin" -RDEPENDS_${PN}_class-native = "openssl-native" -RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb new file mode 100644 index 0000000000..888a235c1a --- /dev/null +++ b/meta/recipes-support/ca-certificates/ca-certificates_20210119.bb @@ -0,0 +1,90 @@ +SUMMARY = "Common CA certificates" +DESCRIPTION = "This package includes PEM files of CA certificates to allow \ +SSL-based applications to check for the authenticity of SSL connections. \ +This derived from Debian's CA Certificates." +HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" +SECTION = "misc" +LICENSE = "GPL-2.0+ & MPL-2.0" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e" + +# This is needed to ensure we can run the postinst at image creation time +DEPENDS = "" +DEPENDS_class-native = "openssl-native" +DEPENDS_class-nativesdk = "openssl-native" +# Need rehash from openssl and run-parts from debianutils +PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" + +SRCREV = "181be7ebd169b4a6fb5d90c3e6dc791e90534144" + +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ + file://0002-update-ca-certificates-use-SYSROOT.patch \ + file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ + file://update-ca-certificates-support-Toybox.patch \ + file://default-sysroot.patch \ + file://sbindir.patch \ + file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + " +UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+)" + +S = "${WORKDIR}/git" + +inherit allarch + +EXTRA_OEMAKE = "\ + 'CERTSDIR=${datadir}/ca-certificates' \ + 'SBINDIR=${sbindir}' \ +" + +do_compile_prepend() { + oe_runmake clean +} + +do_install () { + install -d ${D}${datadir}/ca-certificates \ + ${D}${sysconfdir}/ssl/certs \ + ${D}${sysconfdir}/ca-certificates/update.d + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${mandir}/man8 + install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ + + install -d ${D}${sysconfdir} + { + echo "# Lines starting with # will be ignored" + echo "# Lines starting with ! will remove certificate on next update" + echo "#" + find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ + sed 's,^${D}${datadir}/ca-certificates/,,' | sort + } >${D}${sysconfdir}/ca-certificates.conf +} + +do_install_append_class-target () { + sed -i -e 's,/etc/,${sysconfdir}/,' \ + -e 's,/usr/share/,${datadir}/,' \ + -e 's,/usr/local,${prefix}/local,' \ + ${D}${sbindir}/update-ca-certificates \ + ${D}${mandir}/man8/update-ca-certificates.8 +} + +pkg_postinst_${PN}_class-target () { + SYSROOT="$D" $D${sbindir}/update-ca-certificates +} + +CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" + +# Rather than make a postinst script that works for both target and nativesdk, +# we just run update-ca-certificate from do_install() for nativesdk. +CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" +do_install_append_class-nativesdk () { + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates +} + +do_install_append_class-native () { + SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates +} + +RDEPENDS_${PN}_class-target = "openssl-bin" +RDEPENDS_${PN}_class-native = "openssl-native" +RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg