[arch-commits] Commit in ca-certificates/trunk (PKGBUILD update-ca-trust)
Jan Steffens
heftig at archlinux.org
Mon Dec 1 02:14:08 UTC 2014
Date: Monday, December 1, 2014 @ 03:14:08
Author: heftig
Revision: 227205
Version with /etc/ssl/certs as symlink, see https://bugs.archlinux.org/task/41909
Modified:
ca-certificates/trunk/PKGBUILD
ca-certificates/trunk/update-ca-trust
-----------------+
PKGBUILD | 19 ++++++++-----------
update-ca-trust | 13 ++++++++-----
2 files changed, 16 insertions(+), 16 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-12-01 01:41:21 UTC (rev 227204)
+++ PKGBUILD 2014-12-01 02:14:08 UTC (rev 227205)
@@ -4,7 +4,7 @@
pkgbase=ca-certificates
pkgname=(ca-certificates-utils ca-certificates)
pkgver=20140923
-pkgrel=5
+pkgrel=6.1
pkgdesc='Common CA certificates'
arch=('any')
url='http://pkgs.fedoraproject.org/cgit/ca-certificates.git'
@@ -12,7 +12,7 @@
depends=('sh' 'p11-kit')
makedepends=('asciidoc')
source=(update-ca-trust update-ca-trust.8.txt)
-sha256sums=('3387eb3e03088cfddc3fbb8cfacd3da0307f795a9387f31b69cd02764287399a'
+sha256sums=('2f83a69890b3c7af0dca3d5dbc1eea67d4e6be68029a0977b34cec3bd2c1f56b'
'52f7067ced3771bfa315e4b2a4d078ba0502b663ed4d87a9a18558e14d4ed99e')
_confdir=/etc/$pkgbase
@@ -33,18 +33,15 @@
install -D update-ca-trust "${pkgdir}/usr/bin/update-ca-trust"
install -Dm644 update-ca-trust.8 "${pkgdir}/usr/share/man/man8/update-ca-trust.8"
+ # Trust source directories
install -d "${pkgdir}"{${_confdir},${_datadir}}/trust-source/{anchors,blacklist}
- _extractdir="${pkgdir}${_confdir}/extracted"
- _ssldir="${pkgdir}/etc/ssl"
+ # Directories used by update-ca-trust (aka "trust extract-compat")
+ install -d "${pkgdir}"/etc/{ssl,${pkgbase}/extracted/{openssl,pem,java}}
- install -d "${_ssldir}/certs/java" "${_extractdir}"/{openssl,pem,java}
- ln -sr "${_extractdir}/openssl/ca-bundle.trust.crt" "${_ssldir}/certs/ca-bundle.trust.crt"
- ln -sr "${_extractdir}/pem/tls-ca-bundle.pem" "${_ssldir}/cert.pem"
-
- # These are inverted (for now?) to ease upgrading
- ln -sr "${_ssldir}/certs/ca-certificates.crt" "${_extractdir}/pem/tls-ca-bundle.pem"
- ln -sr "${_ssldir}/certs/java/cacerts" "${_extractdir}/java/cacerts"
+ # Contrary to Fedora, the entire /etc/ssl/certs dir is generated
+ ln -srT "${pkgdir}"/etc/{${pkgbase}/extracted/openssl,ssl}/certs
+ ln -srT "${pkgdir}"/etc/ssl/{certs/ca-certificates.crt,cert.pem}
}
package_ca-certificates() {
Modified: update-ca-trust
===================================================================
--- update-ca-trust 2014-12-01 01:41:21 UTC (rev 227204)
+++ update-ca-trust 2014-12-01 02:14:08 UTC (rev 227205)
@@ -12,11 +12,14 @@
# OpenSSL PEM bundle that includes trust flags
# (BEGIN TRUSTED CERTIFICATE)
trust extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
-#trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
+trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
-#trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
+trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
-# Make upgrade on Arch smooth, by inverting some locations
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth /etc/ssl/certs/ca-certificates.crt
-trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth /etc/ssl/certs/java/cacerts
+# Arch uses openssl-directory, too
+rm -rf $DEST/openssl/certs
+trust extract --format=openssl-directory --filter=certificates $DEST/openssl/certs
+ln -srT $DEST/openssl/ca-bundle.trust.crt $DEST/openssl/certs/ca-bundle.trust.crt
+ln -srT $DEST/pem/tls-ca-bundle.pem $DEST/openssl/certs/ca-certificates.crt
+ln -srT $DEST/java $DEST/openssl/certs/java
More information about the arch-commits
mailing list