[arch-commits] Commit in ca-certificates/trunk (PKGBUILD update-ca-trust)

Jan Steffens heftig at archlinux.org
Mon Dec 1 02:31:07 UTC 2014


    Date: Monday, December 1, 2014 @ 03:31:07
  Author: heftig
Revision: 227206

Simplify directory layout and make upgrade painless again

Modified:
  ca-certificates/trunk/PKGBUILD
  ca-certificates/trunk/update-ca-trust

-----------------+
 PKGBUILD        |   14 +++++---------
 update-ca-trust |   22 +++++++++-------------
 2 files changed, 14 insertions(+), 22 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-12-01 02:14:08 UTC (rev 227205)
+++ PKGBUILD	2014-12-01 02:31:07 UTC (rev 227206)
@@ -4,7 +4,7 @@
 pkgbase=ca-certificates
 pkgname=(ca-certificates-utils ca-certificates)
 pkgver=20140923
-pkgrel=6.1
+pkgrel=7
 pkgdesc='Common CA certificates'
 arch=('any')
 url='http://pkgs.fedoraproject.org/cgit/ca-certificates.git'
@@ -12,12 +12,9 @@
 depends=('sh' 'p11-kit')
 makedepends=('asciidoc')
 source=(update-ca-trust update-ca-trust.8.txt)
-sha256sums=('2f83a69890b3c7af0dca3d5dbc1eea67d4e6be68029a0977b34cec3bd2c1f56b'
+sha256sums=('a06d6bc3cb7021e7d414f899e481c86f7994fbed3861d3dff184ff516a86157c'
             '52f7067ced3771bfa315e4b2a4d078ba0502b663ed4d87a9a18558e14d4ed99e')
 
-_confdir=/etc/$pkgbase
-_datadir=/usr/share/$pkgbase
-
 build() {
 	asciidoc.py -v -d manpage -b docbook update-ca-trust.8.txt
 	xsltproc --nonet -o update-ca-trust.8 /etc/asciidoc/docbook-xsl/manpage.xsl update-ca-trust.8.xml
@@ -34,13 +31,12 @@
 	install -Dm644 update-ca-trust.8 "${pkgdir}/usr/share/man/man8/update-ca-trust.8"
 
 	# Trust source directories
-	install -d "${pkgdir}"{${_confdir},${_datadir}}/trust-source/{anchors,blacklist}
+	install -d "${pkgdir}"/{etc,usr/share}/${pkgbase}/trust-source/{anchors,blacklist}
 
 	# Directories used by update-ca-trust (aka "trust extract-compat")
-	install -d "${pkgdir}"/etc/{ssl,${pkgbase}/extracted/{openssl,pem,java}}
+	install -d "${pkgdir}"/etc/{ssl/certs/java,${pkgbase}/extracted}
 
-	# Contrary to Fedora, the entire /etc/ssl/certs dir is generated
-	ln -srT "${pkgdir}"/etc/{${pkgbase}/extracted/openssl,ssl}/certs
+	# Contrary to Fedora, the /etc/ssl/certs dir is generated
 	ln -srT "${pkgdir}"/etc/ssl/{certs/ca-certificates.crt,cert.pem}
 }
 

Modified: update-ca-trust
===================================================================
--- update-ca-trust	2014-12-01 02:14:08 UTC (rev 227205)
+++ update-ca-trust	2014-12-01 02:31:07 UTC (rev 227206)
@@ -8,18 +8,14 @@
 # files in $DEST.
 
 DEST=/etc/ca-certificates/extracted
+SSL=/etc/ssl/certs
 
-# OpenSSL PEM bundle that includes trust flags
-# (BEGIN TRUSTED CERTIFICATE)
-trust extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem
-trust extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem
-trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose server-auth  $DEST/tls-ca-bundle.pem
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose email        $DEST/email-ca-bundle.pem
+trust extract --overwrite --format=pem-bundle --filter=ca-anchors --purpose code-signing $DEST/objsign-ca-bundle.pem
 
-# Arch uses openssl-directory, too
-rm -rf $DEST/openssl/certs
-trust extract --format=openssl-directory --filter=certificates $DEST/openssl/certs
-ln -srT $DEST/openssl/ca-bundle.trust.crt $DEST/openssl/certs/ca-bundle.trust.crt  
-ln -srT $DEST/pem/tls-ca-bundle.pem $DEST/openssl/certs/ca-certificates.crt
-ln -srT $DEST/java $DEST/openssl/certs/java
+# Removes all files in /etc/ssl/certs, but not directories or files therein
+trust extract --overwrite --format=openssl-directory --filter=certificates $SSL
+trust extract --overwrite --format=openssl-bundle    --filter=certificates $SSL/ca-bundle.trust.crt
+trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose server-auth $SSL/java/cacerts
+ln -fsrT $DEST/tls-ca-bundle.pem $SSL/ca-certificates.crt



More information about the arch-commits mailing list