blob: 6f39df79853ad3c461c48cbd274b035d4d6917ca [file] [log] [blame]
Brad Bishop1a4b7ee2018-12-16 17:11:34 -08001SUMMARY = "Common CA certificates"
2DESCRIPTION = "This package includes PEM files of CA certificates to allow \
3SSL-based applications to check for the authenticity of SSL connections. \
4This derived from Debian's CA Certificates."
5HOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
6SECTION = "misc"
7LICENSE = "GPL-2.0+ & MPL-2.0"
Andrew Geissler4ed12e12020-06-05 18:00:41 -05008LIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -08009
10# This is needed to ensure we can run the postinst at image creation time
11DEPENDS = ""
12DEPENDS_class-native = "openssl-native"
13DEPENDS_class-nativesdk = "openssl-native"
Brad Bishop19323692019-04-05 15:28:33 -040014# Need rehash from openssl and run-parts from debianutils
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080015PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16
Andrew Geissler4ed12e12020-06-05 18:00:41 -050017SRCREV = "b3a8980b781bc9a370e42714a605cd4191bb6c0b"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080018
19SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \
20 file://0002-update-ca-certificates-use-SYSROOT.patch \
21 file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
22 file://update-ca-certificates-support-Toybox.patch \
23 file://default-sysroot.patch \
24 file://sbindir.patch \
25 file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
Brad Bishop79641f22019-09-10 07:20:22 -040026 file://0001-certdata2pem.py-use-python3.patch \
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080027 "
Andrew Geissler5a43b432020-06-13 10:46:56 -050028UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080029
30S = "${WORKDIR}/git"
31
32inherit allarch
33
34EXTRA_OEMAKE = "\
35 'CERTSDIR=${datadir}/ca-certificates' \
36 'SBINDIR=${sbindir}' \
37"
38
39do_compile_prepend() {
40 oe_runmake clean
41}
42
43do_install () {
44 install -d ${D}${datadir}/ca-certificates \
45 ${D}${sysconfdir}/ssl/certs \
46 ${D}${sysconfdir}/ca-certificates/update.d
47 oe_runmake 'DESTDIR=${D}' install
48
49 install -d ${D}${mandir}/man8
50 install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
51
52 install -d ${D}${sysconfdir}
53 {
54 echo "# Lines starting with # will be ignored"
55 echo "# Lines starting with ! will remove certificate on next update"
56 echo "#"
57 find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
Brad Bishop79641f22019-09-10 07:20:22 -040058 sed 's,^${D}${datadir}/ca-certificates/,,' | sort
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080059 } >${D}${sysconfdir}/ca-certificates.conf
60}
61
62do_install_append_class-target () {
63 sed -i -e 's,/etc/,${sysconfdir}/,' \
64 -e 's,/usr/share/,${datadir}/,' \
65 -e 's,/usr/local,${prefix}/local,' \
66 ${D}${sbindir}/update-ca-certificates \
67 ${D}${mandir}/man8/update-ca-certificates.8
68}
69
70pkg_postinst_${PN}_class-target () {
71 SYSROOT="$D" $D${sbindir}/update-ca-certificates
72}
73
74CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf"
75
76# Rather than make a postinst script that works for both target and nativesdk,
77# we just run update-ca-certificate from do_install() for nativesdk.
78CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
79do_install_append_class-nativesdk () {
80 SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
81}
82
83do_install_append_class-native () {
84 SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
85}
86
Brad Bishop15ae2502019-06-18 21:44:24 -040087RDEPENDS_${PN}_class-target = "openssl-bin"
88RDEPENDS_${PN}_class-native = "openssl-native"
89RDEPENDS_${PN}_class-nativesdk = "nativesdk-openssl-bin"
Brad Bishop1a4b7ee2018-12-16 17:11:34 -080090
91BBCLASSEXTEND = "native nativesdk"