blob: dbee7dc6166b161cbad54fbca99b5c2794bf8f7a [file] [log] [blame]
Andrew Geisslereff27472021-10-29 15:35:00 -05001SUMMARY = "Common CA certificates"
2DESCRIPTION = "This package includes PEM files of CA certificates to allow \
3SSL-based applications to check for the authenticity of SSL connections. \
4This derived from Debian's CA Certificates."
5HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
6SECTION = "misc"
7LICENSE = "GPL-2.0+ & MPL-2.0"
8LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
9
10# This is needed to ensure we can run the postinst at image creation time
11DEPENDS = ""
12DEPENDS:class-native = "openssl-native"
13DEPENDS:class-nativesdk = "openssl-native"
14# Need rehash from openssl and run-parts from debianutils
15PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16
17SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
18
Andrew Geissler595f6302022-01-24 19:11:47 +000019SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
Andrew Geisslereff27472021-10-29 15:35:00 -050020 file://0002-update-ca-certificates-use-SYSROOT.patch \
21 file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
22 file://default-sysroot.patch \
23 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
24 file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
25 "
26UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
27
28S = "${WORKDIR}/git"
29
30inherit allarch
31
32EXTRA_OEMAKE = "\
33 'CERTSDIR=${datadir}/ca-certificates' \
34 'SBINDIR=${sbindir}' \
35"
36
37do_compile:prepend() {
38 oe_runmake clean
39}
40
41do_install () {
42 install -d ${D}${datadir}/ca-certificates \
43 ${D}${sysconfdir}/ssl/certs \
44 ${D}${sysconfdir}/ca-certificates/update.d
45 oe_runmake 'DESTDIR=${D}' install
46
47 install -d ${D}${mandir}/man8
48 install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
49
50 install -d ${D}${sysconfdir}
51 {
52 echo "# Lines starting with # will be ignored"
53 echo "# Lines starting with ! will remove certificate on next update"
54 echo "#"
55 find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
56 sed 's,^${D}${datadir}/ca-certificates/,,' | sort
57 } >${D}${sysconfdir}/ca-certificates.conf
58}
59
60do_install:append:class-target () {
61 sed -i -e 's,/etc/,${sysconfdir}/,' \
62 -e 's,/usr/share/,${datadir}/,' \
63 -e 's,/usr/local,${prefix}/local,' \
64 ${D}${sbindir}/update-ca-certificates \
65 ${D}${mandir}/man8/update-ca-certificates.8
66}
67
68pkg_postinst:${PN}:class-target () {
69 SYSROOT="$D" $D${sbindir}/update-ca-certificates
70}
71
72CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
73
74# Rather than make a postinst script that works for both target and nativesdk,
75# we just run update-ca-certificate from do_install() for nativesdk.
76CONFFILES:${PN}:append:class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
77do_install:append:class-nativesdk () {
78 SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
79}
80
81do_install:append:class-native () {
82 SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
83}
84
85RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
86RDEPENDS:${PN}:append:class-native = " openssl-native"
87RDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
88
89BBCLASSEXTEND = "native nativesdk"