diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2016-05-23 17:45:27 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-25 07:50:17 +0100 |
commit | 06563e639fe089f5e836132fb1aa699a1ba156aa (patch) | |
tree | 0b5209f1060d768895589364a37c912cb3defb22 /meta/recipes-connectivity | |
parent | 0b1a03e332aedb147cda28929db22ef2e4199209 (diff) | |
download | openembedded-core-contrib-06563e639fe089f5e836132fb1aa699a1ba156aa.tar.gz |
openssl: Ensure SSL certificates are stored on sysconfdir
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl.inc | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 668e34e600..3412c66101 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '', # package RRECOMMENDS on this package. This will enable the configuration # file to be installed for both the base openssl package and the libcrypto # package since the base openssl package depends on the libcrypto package. -FILES_openssl-conf = "${libdir}/ssl/openssl.cnf" -CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf" +FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" +CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf" RRECOMMENDS_libcrypto += "openssl-conf" RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" @@ -178,6 +178,17 @@ do_install () { else rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget fi + + # Create SSL structure + install -d ${D}${sysconfdir}/ssl/ + mv ${D}${libdir}/ssl/openssl.cnf \ + ${D}${libdir}/ssl/certs \ + ${D}${libdir}/ssl/private \ + \ + ${D}${sysconfdir}/ssl/ + ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs + ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf } do_install_ptest () { @@ -191,7 +202,7 @@ do_install_ptest () { cp -r certs ${D}${PTEST_PATH} mkdir -p ${D}${PTEST_PATH}/apps ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps - ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps + ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps cp apps/server2.pem ${D}${PTEST_PATH}/apps mkdir -p ${D}${PTEST_PATH}/util |