aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/ca-certificates/ca-certificates
AgeCommit message (Collapse)Author
2018-03-30ca-certificates: use relative symlinks from $ETCCERTSDIRAndré Draszik
update-ca-certificates symlinks (trusted) certificates from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR. update-ca-certificates can call hook scripts installed into /etc/ca-certificates/update.d. Those scripts are passed the pem file in /etc/ssl/certs/ that was added or removed in this run and those pem files are absolute symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment. When running update-ca-certificates during image build time, they thusly all point into the host's file system, not into the $SYSROOT. This means: * the host's file system layout must match the one produced by OE, and * it also means that the host must have installed the same (or more) certificates as the target in $CERTSDIR and $LOCALCERTSDIR This is a problem when wanting to execute hook scripts, because they all need to be taught about $SYSROOT, and behave differently depending on whether they're called at image build time, or on the target, as otherwise they will be trying to actually read the host's certificates from $CERTSDIR or $LOCALCERTSDIR. This also is a problem when running anything else during image build time that depends on the trusted CA certificates. Changing the symlink to be relative solves all of these problems. At the same time, we have to make sure to add $CERTSDIR to SYSROOT_DIRS, so that the symlinks are still valid when somebody DEPENDS on ca-certificates-native. As a side-effect, this also fixes a problem in meta-java, where some recipes (e.g. openjdk-8-native) try to access certificates from $CERTSDIR to generate the java trustStore at build time. Do so. Upstream-Status: Inappropriate [OE-specific] Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-08-10ca-certificates: remove -- separatorMaciej Borzecki
Options and directory separator -- slipped past the patch removing Debianims, thus resulting in failures on hosts running Fedora. Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-25ca-certificates: Use c_rehash utilityOtavio Salvador
As now the c_rehash utility is available, we can use it. This removes the patch to disable its usage allowing for a standard SSL behaviour. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-04-18ca-certificates: support ToyboxPatrick Ohly
"mktemp -t" is deprecated and does not work when using Toybox. Replace with something that works also with Toybox. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-08-09ca-certificates: Update 20141019 -> 20150426Khem Raj
Older SRCREV was not fetchable which triggered this upgrade Change-Id: I85d028294ff0018f4c81c6bb81ae262b18af7a87 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-07ca-certificates: remove Debianism in run-parts invocationRoss Burton
ca-certificates comes from Debian but not all distros (i.e. Fedora) have a leaner run-parts that doesn't support the -- separator between options and paths, which causes this error: | Running hooks in [...]/rootfs/etc/ca-certificates/update.d... | [...]/usr/sbin/update-ca-certificates: line 194: Not: command not found Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-02-07ca-certificates: Upgrade to 20141019 (git based)Saul Wold
Rebase default-sysroot patch Remove backported Mozilla certdata patch License has not changed, just wording. Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-06-25ca-certificates: Update to 20140325Saul Wold
Changes to debian/copyright: Update to "Copyright: Mozilla Contributors" for mozilla/{certdata.txt,nssckbi.h} Backported on additional patch from ca-certificates tree [YOCTO #6454] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-08-26ca-certificates: add recipe (version 20130610)Christopher Larson
We need this for certain nativesdk recipes, as we can't rely on the certificate path or bundle path being the same across distros, and it's useful in many cases on the target as well. This is based on the 20130119 recipe from meta-oe, with the following changes: - use the debian git repository to avoid vanishing sources - obey our target paths - default to a sysroot relative to the script location (make relocatable) - define SUMMARY - don't inherit autotools, this isn't an autotools package - add MPL-2.0 to LICENSE, as that's the license of the certdata - install the script man page - use a native rather than cross recipe, as it's not bound in any way to the target system - add nativesdk to bbclassextend, for use in SDKs Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-23 07:27:41 +0000