Commit
To be able to use certificate storage with the pmcertificatemgr library there has to be a specific configuration for it available below /var/ssl. With this a special upstart job takes care about creating the needed configuration bits. Open-webOS-DCO-1.0-Signed-off-by: Simon Busch <morphis@gravedo.de>
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
description "Check for missing SSL configuration bits and create them if needed" | ||
|
||
start on stopped finish | ||
|
||
console output | ||
|
||
script | ||
if [ ! -d /var/ssl/trustedcerts ] ; then | ||
mkdir -p /var/ssl/ | ||
# We're creating a symlink here to the real certificate storage as it's correctly | ||
# updated on every package upgrade by the update-ca-certificates script. | ||
ln -sf /etc/ssl/certs /var/ssl/trustedcerts | ||
fi | ||
|
||
if [ ! -f /var/ssl/serial ] ; then | ||
mkdir -p /var/ssl/public | ||
echo '01' > /var/ssl/serial | ||
fi | ||
|
||
if [ ! -f /var/ssl/index.txt ] ; then | ||
mkdir -p /var/ssl/certs | ||
mkdir -p /var/ssl/private | ||
touch /var/ssl/index.txt | ||
fi | ||
end script |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
PRINC := "${@int(PRINC) + 1}" | ||
|
||
# NOTE: we have to rewrite the SRC_URI here as we don't want the | ||
# 0001-update-ca-certificates-remove-c-rehash.patch patch | ||
SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/ca-certificates_${PV}.tar.gz \ | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
lloydchang
|
||
file://certstoreinit" | ||
|
||
do_install_append() { | ||
install -d ${D}${webos_upstartconfdir} | ||
install -m 0644 ${WORKDIR}/certstoreinit ${D}${webos_upstartconfdir}/certstoreinit | ||
} | ||
|
||
FILES_${PN} += " ${webos_upstartconfdir}/certstoreinit" | ||
|
||
pkg_postrm_${PN}() { | ||
# Remove possible installed certificates by the update-ca-certificates script | ||
rm -rf ${sysconfdir}/ssl/certs | ||
} |
Hello @morphis @kdopen @susan-montooth @juhakurki-owo @kuta42
Regarding this line failing as of 2013-Feb-08, my recommendations are to:
ftp://archive.ubuntu.com/ubuntu/pool/main/c/ca-certificates/ca-certificates_20120623.tar.gz
and described at http://packages.ubuntu.com/quantal/ca-certificates
ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20130119.tar.gz
and described at http://packages.debian.org/source/testing/ca-certificates
Why: ca-certificates 20120623 is now obsolete in Debian testing release http://www.debian.org/releases/ and superseded by ca-certificates 20130119. Hence ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20120623.tar.gz no longer exists as of 2013-Feb-08.
Here's my analysis: On 2013-Feb-04, Debian ca-certificates 20130119 migrated to testing per news at http://packages.qa.debian.org/c/ca-certificates.html Meanwhile, Debian ftp-master team runs a tool periodically searching for packages to remove, and Debian ca-certificates 20120623 and 20130119 would fall into the case of "Source packages which have had all their binary packages taken over by another source packages ('obsolete source packages')." Subsequently as of 2013-Feb-08, ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20120623.tar.gz no longer exists.