[arch-commits] Commit in ca-certificates/trunk (PKGBUILD update-ca-trust)

Jan Steffens heftig at archlinux.org
Mon Dec 1 02:14:08 UTC 2014


    Date: Monday, December 1, 2014 @ 03:14:08
  Author: heftig
Revision: 227205

Version with /etc/ssl/certs as symlink, see https://bugs.archlinux.org/task/41909

Modified:
  ca-certificates/trunk/PKGBUILD
  ca-certificates/trunk/update-ca-trust

-----------------+
 PKGBUILD        |   19 ++++++++-----------
 update-ca-trust |   13 ++++++++-----
 2 files changed, 16 insertions(+), 16 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-12-01 01:41:21 UTC (rev 227204)
+++ PKGBUILD	2014-12-01 02:14:08 UTC (rev 227205)
@@ -4,7 +4,7 @@
 pkgbase=ca-certificates
 pkgname=(ca-certificates-utils ca-certificates)
 pkgver=20140923
-pkgrel=5
+pkgrel=6.1
 pkgdesc='Common CA certificates'
 arch=('any')
 url='http://pkgs.fedoraproject.org/cgit/ca-certificates.git'
@@ -12,7 +12,7 @@
 depends=('sh' 'p11-kit')
 makedepends=('asciidoc')
 source=(update-ca-trust update-ca-trust.8.txt)
-sha256sums=('3387eb3e03088cfddc3fbb8cfacd3da0307f795a9387f31b69cd02764287399a'
+sha256sums=('2f83a69890b3c7af0dca3d5dbc1eea67d4e6be68029a0977b34cec3bd2c1f56b'
             '52f7067ced3771bfa315e4b2a4d078ba0502b663ed4d87a9a18558e14d4ed99e')
 
 _confdir=/etc/$pkgbase
@@ -33,18 +33,15 @@
 	install -D update-ca-trust "${pkgdir}/usr/bin/update-ca-trust"
 	install -Dm644 update-ca-trust.8 "${pkgdir}/usr/share/man/man8/update-ca-trust.8"
 
+	# Trust source directories
 	install -d "${pkgdir}"{${_confdir},${_datadir}}/trust-source/{anchors,blacklist}
 
-	_extractdir="${pkgdir}${_confdir}/extracted"
-	_ssldir="${pkgdir}/etc/ssl"
+	# Directories used by update-ca-trust (aka "trust extract-compat")
+	install -d "${pkgdir}"/etc/{ssl,${pkgbase}/extracted/{openssl,pem,java}}
 
-	install -d "${_ssldir}/certs/java" "${_extractdir}"/{openssl,pem,java}
-	ln -sr "${_extractdir}/openssl/ca-bundle.trust.crt" "${_ssldir}/certs/ca-bundle.trust.crt"
-	ln -sr "${_extractdir}/pem/tls-ca-bundle.pem" "${_ssldir}/cert.pem"
-
-	# These are inverted (for now?) to ease upgrading
-	ln -sr "${_ssldir}/certs/ca-certificates.crt" "${_extractdir}/pem/tls-ca-bundle.pem"
-	ln -sr "${_ssldir}/certs/java/cacerts" "${_extractdir}/java/cacerts" 
+	# Contrary to Fedora, the entire /etc/ssl/certs dir is generated
+	ln -srT "${pkgdir}"/etc/{${pkgbase}/extracted/openssl,ssl}/certs
+	ln -srT "${pkgdir}"/etc/ssl/{certs/ca-certificates.crt,cert.pem}
 }
 
 package_ca-certificates() {

Modified: update-ca-trust
===================================================================
--- update-ca-trust	2014-12-01 01:41:21 UTC (rev 227204)
+++ update-ca-trust	2014-12-01 02:14:08 UTC (rev 227205)
@@ -12,11 +12,14 @@
 # OpenSSL PEM bundle that includes trust flags
 # (BEGIN TRUSTED CERTIFICATE)
 trust extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
-#trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
+trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
 trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
 trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
-#trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
+trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
 
-# Make upgrade on Arch smooth, by inverting some locations
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth /etc/ssl/certs/ca-certificates.crt
-trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth /etc/ssl/certs/java/cacerts
+# Arch uses openssl-directory, too
+rm -rf $DEST/openssl/certs
+trust extract --format=openssl-directory --filter=certificates $DEST/openssl/certs
+ln -srT $DEST/openssl/ca-bundle.trust.crt $DEST/openssl/certs/ca-bundle.trust.crt  
+ln -srT $DEST/pem/tls-ca-bundle.pem $DEST/openssl/certs/ca-certificates.crt
+ln -srT $DEST/java $DEST/openssl/certs/java



More information about the arch-commits mailing list