[arch-commits] Commit in ca-certificates/trunk (PKGBUILD update-ca-trust)
Jan Steffens
heftig at archlinux.org
Mon Dec 1 02:31:07 UTC 2014
Date: Monday, December 1, 2014 @ 03:31:07
Author: heftig
Revision: 227206
Simplify directory layout and make upgrade painless again
Modified:
ca-certificates/trunk/PKGBUILD
ca-certificates/trunk/update-ca-trust
-----------------+
PKGBUILD | 14 +++++---------
update-ca-trust | 22 +++++++++-------------
2 files changed, 14 insertions(+), 22 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-12-01 02:14:08 UTC (rev 227205)
+++ PKGBUILD 2014-12-01 02:31:07 UTC (rev 227206)
@@ -4,7 +4,7 @@
pkgbase=ca-certificates
pkgname=(ca-certificates-utils ca-certificates)
pkgver=20140923
-pkgrel=6.1
+pkgrel=7
pkgdesc='Common CA certificates'
arch=('any')
url='http://pkgs.fedoraproject.org/cgit/ca-certificates.git'
@@ -12,12 +12,9 @@
depends=('sh' 'p11-kit')
makedepends=('asciidoc')
source=(update-ca-trust update-ca-trust.8.txt)
-sha256sums=('2f83a69890b3c7af0dca3d5dbc1eea67d4e6be68029a0977b34cec3bd2c1f56b'
+sha256sums=('a06d6bc3cb7021e7d414f899e481c86f7994fbed3861d3dff184ff516a86157c'
'52f7067ced3771bfa315e4b2a4d078ba0502b663ed4d87a9a18558e14d4ed99e')
-_confdir=/etc/$pkgbase
-_datadir=/usr/share/$pkgbase
-
build() {
asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
@@ -34,13 +31,12 @@
install -Dm644 update-ca-trust.8 "${pkgdir}/usr/share/man/man8/update-ca-trust.8"
# Trust source directories
- install -d "${pkgdir}"{${_confdir},${_datadir}}/trust-source/{anchors,blacklist}
+ install -d "${pkgdir}"/{etc,usr/share}/${pkgbase}/trust-source/{anchors,blacklist}
# Directories used by update-ca-trust (aka "trust extract-compat")
- install -d "${pkgdir}"/etc/{ssl,${pkgbase}/extracted/{openssl,pem,java}}
+ install -d "${pkgdir}"/etc/{ssl/certs/java,${pkgbase}/extracted}
- # Contrary to Fedora, the entire /etc/ssl/certs dir is generated
- ln -srT "${pkgdir}"/etc/{${pkgbase}/extracted/openssl,ssl}/certs
+ # Contrary to Fedora, the /etc/ssl/certs dir is generated
ln -srT "${pkgdir}"/etc/ssl/{certs/ca-certificates.crt,cert.pem}
}
Modified: update-ca-trust
===================================================================
--- update-ca-trust 2014-12-01 02:14:08 UTC (rev 227205)
+++ update-ca-trust 2014-12-01 02:31:07 UTC (rev 227206)
@@ -8,18 +8,14 @@
# files in $DEST.
DEST=/etc/ca-certificates/extracted
+SSL=/etc/ssl/certs
-# OpenSSL PEM bundle that includes trust flags
-# (BEGIN TRUSTED CERTIFICATE)
-trust extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
-trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose server-auth $DEST/tls-ca-bundle.pem
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose email $DEST/email-ca-bundle.pem
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose code-signing $DEST/objsign-ca-bundle.pem
-# Arch uses openssl-directory, too
-rm -rf $DEST/openssl/certs
-trust extract --format=openssl-directory --filter=certificates $DEST/openssl/certs
-ln -srT $DEST/openssl/ca-bundle.trust.crt $DEST/openssl/certs/ca-bundle.trust.crt
-ln -srT $DEST/pem/tls-ca-bundle.pem $DEST/openssl/certs/ca-certificates.crt
-ln -srT $DEST/java $DEST/openssl/certs/java
+# Removes all files in /etc/ssl/certs, but not directories or files therein
+trust extract --overwrite --format=openssl-directory --filter=certificates $SSL
+trust extract --overwrite --format=openssl-bundle --filter=certificates $SSL/ca-bundle.trust.crt
+trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose server-auth $SSL/java/cacerts
+ln -fsrT $DEST/tls-ca-bundle.pem $SSL/ca-certificates.crt
More information about the arch-commits
mailing list