From 96726cd07c77038efda5dca04eb186379467d1ca Mon Sep 17 00:00:00 2001
From: Simon Busch <morphis@gravedo.de>
Date: Tue, 8 Jan 2013 07:47:11 +0100
Subject: [PATCH] ca-certificates: populate runtime configuration for
 pmcertificatemgr

To be able to use certificate storage with the pmcertificatemgr library there has to be a
specific configuration for it available below /var/ssl. With this a special upstart job
takes care about creating the needed configuration bits.

Open-webOS-DCO-1.0-Signed-off-by: Simon Busch <morphis@gravedo.de>
---
 .../ca-certificates/certstoreinit             | 25 +++++++++++++++++++
 .../ca-certificates_20120623.bbappend         | 19 ++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 recipes-support/ca-certificates/ca-certificates/certstoreinit
 create mode 100644 recipes-support/ca-certificates/ca-certificates_20120623.bbappend

diff --git a/recipes-support/ca-certificates/ca-certificates/certstoreinit b/recipes-support/ca-certificates/ca-certificates/certstoreinit
new file mode 100644
index 00000000..c4e4a063
--- /dev/null
+++ b/recipes-support/ca-certificates/ca-certificates/certstoreinit
@@ -0,0 +1,25 @@
+description "Check for missing SSL configuration bits and create them if needed"
+
+start on stopped finish
+
+console output
+
+script
+    if [ ! -d /var/ssl/trustedcerts ] ; then
+        mkdir -p /var/ssl/
+        # We're creating a symlink here to the real certificate storage as it's correctly
+        # updated on every package upgrade by the update-ca-certificates script.
+        ln -sf /etc/ssl/certs /var/ssl/trustedcerts
+    fi
+
+    if [ ! -f /var/ssl/serial ] ; then
+        mkdir -p /var/ssl/public
+        echo '01' > /var/ssl/serial
+    fi
+
+    if [ ! -f /var/ssl/index.txt ] ; then
+        mkdir -p /var/ssl/certs
+        mkdir -p /var/ssl/private
+        touch /var/ssl/index.txt
+    fi
+end script
diff --git a/recipes-support/ca-certificates/ca-certificates_20120623.bbappend b/recipes-support/ca-certificates/ca-certificates_20120623.bbappend
new file mode 100644
index 00000000..8a57fed5
--- /dev/null
+++ b/recipes-support/ca-certificates/ca-certificates_20120623.bbappend
@@ -0,0 +1,19 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+PRINC := "${@int(PRINC) + 1}"
+
+# NOTE: we have to rewrite the SRC_URI here as we don't want the
+# 0001-update-ca-certificates-remove-c-rehash.patch patch
+SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/ca-certificates_${PV}.tar.gz \
+           file://certstoreinit"
+
+do_install_append() {
+    install -d ${D}${webos_upstartconfdir}
+    install -m 0644 ${WORKDIR}/certstoreinit ${D}${webos_upstartconfdir}/certstoreinit
+}
+
+FILES_${PN} += " ${webos_upstartconfdir}/certstoreinit"
+
+pkg_postrm_${PN}() {
+    # Remove possible installed certificates by the update-ca-certificates script
+    rm -rf ${sysconfdir}/ssl/certs
+}