diff options
| author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-03-25 20:13:56 +0300 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-03-25 20:14:34 +0300 |
| commit | f8caae304a2fa94cf2770b72a313ee843b2f177b (patch) | |
| tree | 019dd9bf04c554e796e3ec9fc04c311adcf3c93a /poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb | |
| parent | 2ef13c18a8b076d2a34e9e40d765f687b72ef195 (diff) | |
| download | openbmc-f8caae304a2fa94cf2770b72a313ee843b2f177b.tar.xz | |
poky: refresh thud: 506ec088e5..e4c0a8a7cb
Update poky to thud HEAD.
Alexander Kanavin (1):
ca-certificates: upgrade 20180409 -> 20190110
André Draszik (1):
systemd: RDEPENDS on util-linux-umount
Changqing Li (1):
libsndfile1: Security fix CVE-2018-19432
Chen Qi (1):
target-sdk-provides-dummy: add more perl modules to avoid populate_sdk failure
Douglas Royds (1):
libpam: libpamc is licensed under its own BSD-style licence
George McCollister (1):
systemd: fix CVE-2019-6454
Jonathan Rajotte-Julien (3):
lttng-ust: update to 2.10.3
lttng-modules: update to 2.10.9
lttng-tools: update to 2.9.11
Mark Hatle (10):
bitbake: gitsm.py: Fix when a submodule is defined, but not initialized
bitbake: gitsm.py: Add support for alternative URL formats from submodule files
bitbake: tests/fetch.py: Add alternative gitsm test case
bitbake: gitsm.py: Optimize code and attempt to resolve locking issue
bitbake: gitsm.py: revise unpack
bitbake: gitsm.py: Rework the shallow fetcher and test case
bitbake: gitsm.py: Refactor the functions and simplify the class
bitbake: gitsm.py: Fix relative URLs
bitbake: gitsmy.py: Fix unpack of submodules of submodules
bitbake: gitsm: The fetcher did not process some recursive submodules properly.
Ming Liu (1):
rm_work: sort the value of do_build dependencies
Oleksandr Kravchuk (1):
target-sdk-provides-dummy: add perl-module-overload
Richard Purdie (3):
target-sdk-provides-dummy: Extend to -dev and -src packages
systemd: Update recent CVE patches
kernel: Ensure an initramfs is added if configured
Robert Yang (1):
send-error-report: Add --no-ssl to use http protocol
Ross Burton (1):
libpng: fix CVE-2019-7317
Change-Id: I3e03c837688d49703b4989a561f3728d616abbec
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb')
| -rw-r--r-- | poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb b/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb new file mode 100644 index 000000000..b9f57900c --- /dev/null +++ b/poky/meta/recipes-support/ca-certificates/ca-certificates_20190110.bb @@ -0,0 +1,87 @@ +SUMMARY = "Common CA certificates" +DESCRIPTION = "This package includes PEM files of CA certificates to allow \ +SSL-based applications to check for the authenticity of SSL connections. \ +This derived from Debian's CA Certificates." +HOMEPAGE = "http://packages.debian.org/sid/ca-certificates" +SECTION = "misc" +LICENSE = "GPL-2.0+ & MPL-2.0" +LIC_FILES_CHKSUM = "file://debian/copyright;md5=aeb420429b1659507e0a5a1b123e8308" + +# This is needed to ensure we can run the postinst at image creation time +DEPENDS = "" +DEPENDS_class-native = "openssl-native" +DEPENDS_class-nativesdk = "openssl-native" +# Need c_rehash from openssl and run-parts from debianutils +PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" + +SRCREV = "c28799b138b044c963d24c4a69659b6e5486e3be" + +SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https \ + file://0002-update-ca-certificates-use-SYSROOT.patch \ + file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \ + file://update-ca-certificates-support-Toybox.patch \ + file://default-sysroot.patch \ + file://sbindir.patch \ + file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \ + " + +S = "${WORKDIR}/git" + +inherit allarch + +EXTRA_OEMAKE = "\ + 'CERTSDIR=${datadir}/ca-certificates' \ + 'SBINDIR=${sbindir}' \ +" + +do_compile_prepend() { + oe_runmake clean +} + +do_install () { + install -d ${D}${datadir}/ca-certificates \ + ${D}${sysconfdir}/ssl/certs \ + ${D}${sysconfdir}/ca-certificates/update.d + oe_runmake 'DESTDIR=${D}' install + + install -d ${D}${mandir}/man8 + install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/ + + install -d ${D}${sysconfdir} + { + echo "# Lines starting with # will be ignored" + echo "# Lines starting with ! will remove certificate on next update" + echo "#" + find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \ + sed 's,^${D}${datadir}/ca-certificates/,,' + } >${D}${sysconfdir}/ca-certificates.conf +} + +do_install_append_class-target () { + sed -i -e 's,/etc/,${sysconfdir}/,' \ + -e 's,/usr/share/,${datadir}/,' \ + -e 's,/usr/local,${prefix}/local,' \ + ${D}${sbindir}/update-ca-certificates \ + ${D}${mandir}/man8/update-ca-certificates.8 +} + +pkg_postinst_${PN}_class-target () { + SYSROOT="$D" $D${sbindir}/update-ca-certificates +} + +CONFFILES_${PN} += "${sysconfdir}/ca-certificates.conf" + +# Rather than make a postinst script that works for both target and nativesdk, +# we just run update-ca-certificate from do_install() for nativesdk. +CONFFILES_${PN}_append_class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt" +do_install_append_class-nativesdk () { + SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates +} + +do_install_append_class-native () { + SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates +} + +RDEPENDS_${PN} += "openssl" + +BBCLASSEXTEND = "native nativesdk" |