diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /app-misc/ca-certificates | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'app-misc/ca-certificates')
26 files changed, 2913 insertions, 0 deletions
diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest new file mode 100644 index 000000000000..a479f3e79c09 --- /dev/null +++ b/app-misc/ca-certificates/Manifest @@ -0,0 +1,23 @@ +DIST ca-certificates_20090709_all.deb 154620 SHA256 de1e35997eb39c7ba5713f206aba034ff8ce8aa3aebebfc7eb1823de9968d767 SHA512 2237f03c6794f33e5dde2acc05c04447daf2b8a41fc4182297d971cf4bc1eb2ae1abdf21561fb8fdf9dad27465e63c17b8bd2060d3b270edcfdf22c5c5cb094d WHIRLPOOL 174facc0da0677baae403a0e9234692768d6a6342a1894116561a2c41878850cdc603c3556961641ba743fe347c436adef1d914060b23767549dd40041c4120c +DIST ca-certificates_20110421_all.deb 176778 SHA256 a60a9c0faf1847df4553ce13ffe337412b88dd1b9d502741ac1760204c0bdda3 SHA512 11c9ba3f483cd17ca964f19e6ec394a2239fd74187f57224d7b13d1c0bf5dc55bb6c66217c1dd8273695ff92710617a897f7a40be6e4ec9960276f1bfe6b2bbb WHIRLPOOL 67dee5217526d5abec740f367fe28ce0f823d3c21b99fc988b73e75859e47beb00cb76e3d83572e704c3924e45bd9f6a7c818a1a1b2dd3bf7594864c9d9b2c5f +DIST ca-certificates_20110502+nmu1_all.deb 174242 SHA256 d44284ee9b733b9890a54516f66b68a382ac5fb2c0bdceafed4cf229aa3b05a1 SHA512 2ba33346689d21846632390ad55f2a6102a333cc32019a6e00d85c00970a6f744b4a4d548b68bf9b6369d0cfc2b06009db4b4be4ffafd3629bf05737fdc096d2 WHIRLPOOL 88ffbbc68e1299a2b3cc243e1b17160f9862c469279e8dca03841c45defb238c034c8d81abe811a3d32f9968d7754f6d8c64a697cbcba0c2eb4be9d513d527e9 +DIST ca-certificates_20110502_all.deb 175556 SHA256 fa14c729b48ed58f5c048b8721f09fded9824c1f450a656fb2cc396195935a98 SHA512 12b148987c292320e90b7124bf5d0194a3b7d8f1807b13b05461b18798e6a5346e205b065256d0bbdce7bf13d5db2b9c756b0f5a63a309d9164eff973179a363 WHIRLPOOL 79a8dd9c27f094dbe687d61f41d39c26229a21d02713134c71dd0878927eefcbe325cf801b63caf4421a6c97dd21731dd49862e931cef7a5895734039ad877b2 +DIST ca-certificates_20111025_all.deb 185800 SHA256 7d743b307ab31138176d6da4fff1f4c7f6bd246b42698662894bfb1b74e55647 SHA512 4be682158891110d32e8f065af64c597da09476263fdebb860d08387c873e7839b106b6f9ad6be7acfb4e0eb568274e2196377b4e0bbb61aafaeaecaeef88284 WHIRLPOOL 78568cc1b4f21ef7ca747dd9c60d43a98b15da9236c76ce928d416ad0875bd5ec2a1096d7e0551fada838d6ffbfe30366080f698ea4a35ef4748b9833c1550f8 +DIST ca-certificates_20120212_all.deb 176812 SHA256 7e4277a0a5a0ac42c370a93f986839b4e3ff82646581caa8c5135ad0a41d01d7 SHA512 c22cb3b3472deb7819bae6518b136a5af27e4cb29610b12713908ce7effbe5e39f9f1856efd75d071d70016462e66b34d5800ab061a2b3a213e4f2969330f8f0 WHIRLPOOL 306cbafa408ddb0444d5cb547ff201ca5709527db0ca5f4798db751d8ef8df147ef8ffe382adda3cefadd110197104af9bc8e45a6276a2d7739d59ffccd498c5 +DIST ca-certificates_20120623_all.deb 183022 SHA256 41f719a63b8cace12a6cd69dce3fea9720c2702511205c2bab20c5d05528ede7 SHA512 970478971f545919e15f1af7e774043113fee725c7dba89bff27969814d60e1187219fb7f87e250261c54bc0cb03098b69748c33b625f5e5061df65c6bbe019a WHIRLPOOL 07b693dabae839bde3c31548e11d8cb8b0940de6aa1838eab3834ad3a5206f4a32a3cd7d134c9722ce244ac5ed21c5a222b74899972be9f5ae59876c4b61fc22 +DIST ca-certificates_20121114_all.deb 192630 SHA256 f6991820d1c6431a7db42e92efa51f4058e921bdcc491a906dc1309e9ba35286 SHA512 b2810d1b728c71189100352706fda17c6d87f53b5c6fc2dfb78be13fcfb5758ddd7f5a4bb69742c18241bd05809cbbe67b7a4c179e678b8cf46e277b54d77869 WHIRLPOOL a75ef6c7cbb12ab24070ef7cc016dbd03509dc1cee95634281210fc45bd4a620b5854a76349e060f46f1f0844d774a5f53aeac5c34f73e025b890364b70be1ee +DIST ca-certificates_20130119_all.deb 185428 SHA256 08f8e5a1fab74a365c284ed4e353b4f14596f5ef533fced6395ead81fb3a76f7 SHA512 b93621e578dfa5ea224b3528839ca250fd9470dc28b17dd82e8669d64a631cb62218f1c53ebdb165ea3fffcaa8717210132215b5407ea0185e76ac2a11c0d157 WHIRLPOOL 9cedaba913d90f9f10ce7c97bcd248400b17c4fc3016e2fc3fca81333094f33ce60997da49144763fe86d705c458a273fd1e279a0237a1e855ae8ffe6d1e4c51 +DIST ca-certificates_20130610_all.deb 184342 SHA256 ab20ee409012c980725a6392d71ac0464bb87edd1645221d0eb4ecb32c2e00bd SHA512 6f5f3523d4f70b1a5f2ec45ee36ae2bd706fc713edfdcddab4bafe27c42c2c169f87852abfc7e9daf4d597b633bfcaea08cb0a36ea3a88b770a45c62c134e248 WHIRLPOOL 7dd5e5a0dc0c8a3bc1556aefea5d5544183af68fce234899e56678fcdba4ac988c07f8a76a4f05e4861ed086cc3c1d1c15601d3372bbc4431c8d8e7bb54f1c4a +DIST ca-certificates_20130906_all.deb 185064 SHA256 b2326834479192de2298c607bc020715c949cbd4dc5dd6be28a1b3f348eb9b76 SHA512 0410d11843e36fb488698a5ce7e1eda473b91d476c99d8e3bd006705167c9f2ac9a554e7fce1595f3717f1781a1390af345b3e7e4bc1e58c055e0a11321ececa WHIRLPOOL b9cf04b0e080752567a82c8fecffd033d10f19e41c0ecb1e676246947a34d1380002f9860539611dd79b04c47d19f6631a126c5887cff7ee52ff866b36c50109 +DIST ca-certificates_20140223.tar.xz 274768 SHA256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c SHA512 14855eba51f90ab062b53a0d1986889de9ad7db4cb52bd4d764872b7c90eaaee62920543a4670ab45329469f76365d1e902219397b660034689159f13b8668d8 WHIRLPOOL f841d9a5fa2d4b3d46d06a2de947108ccb8bf7f19c99979822e22f043624656e789ba0340657b21a15560fd6593efa4256efc9f317974bdca8088a3647836e49 +DIST ca-certificates_20140223_all.deb 190226 SHA256 13cb11144a97d95a8be130e4bcdd6c9ffc3df269bb194699bcd21ca377e01df2 SHA512 003b6fd2301eee3ca2119781ee75a1b195f142678d4570b598c4b93847de23c4f659152f834db1f0c8866767324d02b27807260cf43f6ae16207538fa419aa31 WHIRLPOOL 179a0bcf341e7de07d02f6574850614ef221851379945db00018d25f485cee6c11915322ee370e72321d81464d7d6bb96401b41029b8f7215a68e46971671deb +DIST ca-certificates_20140325.tar.xz 278816 SHA256 c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a SHA512 6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 WHIRLPOOL 93d4ff1ac74c6961612ffa0e4da35228636698940fd0a66e4e6842de4e48f5ded74885bfb330f6d106ae267124309d51d49f646959bbae1ef9fa7a55dbb2085a +DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270 +DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f +DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43 +DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 SHA512 4db27ea98f17f1a5bc6f513455497945fc35957f573b3ac7e730b166fbe0e8fd741c188187c578faf361d969db63d83ff8ccf15ac2b8ca72a367f33a018695ca WHIRLPOOL c3c687ac53dca571d1c45bdf4a80e192ca58da07e06ef56de7ac9736480c97689dd12d14351860764b70a1d823092a1ddbc471328c4bae4a899edd0e331c8aee +DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3 +DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e +DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859 +DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf +DIST nss-3.19.tar.gz 6951461 SHA256 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14 WHIRLPOOL 3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c diff --git a/app-misc/ca-certificates/ca-certificates-20090709.ebuild b/app-misc/ca-certificates/ca-certificates-20090709.ebuild new file mode 100644 index 000000000000..b56979597665 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20090709.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f /etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_install() { + cp -pPR * "${D}"/ || die "installing data failed" + + ( + echo "# Automatically generated by ${CAT}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${D}"/usr/share/ca-certificates + find . -name '*.crt' | sort | cut -b3- + ) > "${D}"/etc/ca-certificates.conf + + mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ "${ROOT}" = "/" ] ; then + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + update-ca-certificates + fi + + local badcerts=0 + for c in $(find -L "${ROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110421.ebuild b/app-misc/ca-certificates/ca-certificates-20110421.ebuild new file mode 100644 index 000000000000..1e074c085562 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110421.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f /etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_install() { + cp -pPR * "${D}"/ || die + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${D}"/usr/share/ca-certificates + find . -name '*.crt' | sort | cut -b3- + ) > "${D}"/etc/ca-certificates.conf + + mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ "${ROOT}" = "/" ] ; then + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + update-ca-certificates + fi + + local c badcerts=0 + for c in $(find -L "${ROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110502-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20110502-r1.ebuild new file mode 100644 index 000000000000..a38aae8366f8 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502-r1.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f /etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_install() { + cp -pPR * "${D}"/ || die + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${D}"/usr/share/ca-certificates + find . -name '*.crt' | sort | cut -b3- + ) > "${D}"/etc/ca-certificates.conf + + mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ "${ROOT}" = "/" ] ; then + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + update-ca-certificates + fi + + local c badcerts=0 + for c in $(find -L "${ROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110502-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20110502-r2.ebuild new file mode 100644 index 000000000000..deb91a980a9d --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502-r2.ebuild @@ -0,0 +1,87 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils + kernel_AIX? ( app-arch/deb2targz )" # platforms like AIX don't have a good ar + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + epatch "${FILESDIR}"/${PN}-20090709-root.patch +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}"/etc/ca-certificates.conf + + sed -i "/^ROOT=""/s:=.*:='${EPREFIX}':" "${S}"/usr/sbin/update-ca-certificates || die + "${S}"/usr/sbin/update-ca-certificates --root "${S}" +} + +src_install() { + mkdir -p "${ED}" + cp -pPR * "${ED}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110502-r3.ebuild b/app-misc/ca-certificates/ca-certificates-20110502-r3.ebuild new file mode 100644 index 000000000000..4e47b1e95568 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502-r3.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz )" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20090709-root.patch + sed -i -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild b/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild new file mode 100644 index 000000000000..3aaa519e4ca9 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502-r4.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}+nmu1_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz )" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20110502.ebuild b/app-misc/ca-certificates/ca-certificates-20110502.ebuild new file mode 100644 index 000000000000..1e074c085562 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20110502.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f /etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_install() { + cp -pPR * "${D}"/ || die + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${D}"/usr/share/ca-certificates + find . -name '*.crt' | sort | cut -b3- + ) > "${D}"/etc/ca-certificates.conf + + mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ "${ROOT}" = "/" ] ; then + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + update-ca-certificates + fi + + local c badcerts=0 + for c in $(find -L "${ROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${ROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20111025.ebuild b/app-misc/ca-certificates/ca-certificates-20111025.ebuild new file mode 100644 index 000000000000..6934f8ccc450 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20111025.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20120212.ebuild b/app-misc/ca-certificates/ca-certificates-20120212.ebuild new file mode 100644 index 000000000000..9b55707ce50a --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20120212.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20120623.ebuild b/app-misc/ca-certificates/ca-certificates-20120623.ebuild new file mode 100644 index 000000000000..9b55707ce50a --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20120623.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20121114.ebuild b/app-misc/ca-certificates/ca-certificates-20121114.ebuild new file mode 100644 index 000000000000..6c0e2c46f19a --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20121114.ebuild @@ -0,0 +1,100 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR * "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20130119.ebuild b/app-misc/ca-certificates/ca-certificates-20130119.ebuild new file mode 100644 index 000000000000..8e6e4f18b3c7 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20130119.ebuild @@ -0,0 +1,98 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="3" + +inherit eutils unpacker + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack_deb ${A} +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR . "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20130610.ebuild b/app-misc/ca-certificates/ca-certificates-20130610.ebuild new file mode 100644 index 000000000000..8142937e118e --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20130610.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils unpacker + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack_deb ${A} +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR . "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + ewarn "To batch-remove them, run:" + ewarn "find -L ${EROOT}etc/ssl/certs/ -type l -exec rm {} +" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild new file mode 100644 index 000000000000..1147230ac23c --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils unpacker + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +#NMU_PR="1" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" + +# platforms like AIX don't have a good ar +DEPEND="kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + if [[ -n ${EPREFIX} ]] ; then + # need to perform everything in the offset, #381937 + mkdir -p "./${EPREFIX}" + cd "./${EPREFIX}" || die + fi + unpack_deb ${A} +} + +src_prepare() { + cd "./${EPREFIX}" || die + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${S}${EPREFIX}"/usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > "${S}${EPREFIX}"/etc/ca-certificates.conf + + sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die +} + +src_install() { + cp -pPR . "${D}"/ || die + + mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild new file mode 100644 index 000000000000..586020504363 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild @@ -0,0 +1,178 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" + +inherit eutils + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +if ${PRECOMPILED} ; then + #NMU_PR="1" + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild new file mode 100644 index 000000000000..c76cfef8083d --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +if ${PRECOMPILED} ; then + #NMU_PR="1" + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild new file mode 100644 index 000000000000..c76cfef8083d --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +if ${PRECOMPILED} ; then + #NMU_PR="1" + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild b/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild new file mode 100644 index 000000000000..34568af1490e --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild @@ -0,0 +1,184 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +NMU_PR="" +if ${PRECOMPILED} ; then + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20140927.3.17.2.ebuild b/app-misc/ca-certificates/ca-certificates-20140927.3.17.2.ebuild new file mode 100644 index 000000000000..98847059e374 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20140927.3.17.2.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +NMU_PR="" +if ${PRECOMPILED} ; then + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash` +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + mv ${PN}-*/ ${PN} || die + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20110502-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild b/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild new file mode 100644 index 000000000000..d11df9859787 --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +NMU_PR="" +if ${PRECOMPILED} ; then + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash`; newer version for alt-cert-paths #552540 +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + >=dev-libs/openssl-1.0.1o + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + mv ${PN}-*/ ${PN} || die + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20141019-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/ca-certificates-20141019.3.19.ebuild b/app-misc/ca-certificates/ca-certificates-20141019.3.19.ebuild new file mode 100644 index 000000000000..2217e0827cdf --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20141019.3.19.ebuild @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# The Debian ca-certificates package merely takes the CA database as it exists +# in the nss package and repackages it for use by openssl. +# +# The issue with using the compiled debs directly is two fold: +# - they do not update frequently enough for us to rely on them +# - they pull the CA database from nss tip of tree rather than the release +# +# So we take the Debian source tools and combine them with the latest nss +# release to produce (largely) the same end result. The difference is that +# now we know our cert database is kept in sync with nss and, if need be, +# can be sync with nss tip of tree more frequently to respond to bugs. + +# When triaging bugs from users, here's some handy tips: +# - To see what cert is hitting errors, use openssl: +# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME +# Focus on the errors written to stderr. +# +# - Look at the upstream log as to why certs were added/removed: +# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt +# +# - If people want to add/remove certs, tell them to file w/mozilla: +# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk + +EAPI="4" +PYTHON_COMPAT=( python2_7 ) + +inherit eutils python-any-r1 + +if [[ ${PV} == *.* ]] ; then + # Compile from source ourselves. + PRECOMPILED=false + inherit versionator + + DEB_VER=$(get_version_component_range 1) + NSS_VER=$(get_version_component_range 2-) + RTM_NAME="NSS_${NSS_VER//./_}_RTM" +else + # Debian precompiled version. + PRECOMPILED=true + inherit unpacker +fi + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +NMU_PR="" +if ${PRECOMPILED} ; then + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb" +else + SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz + ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz + cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )" +fi + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +IUSE="" +${PRECOMPILED} || IUSE+=" +cacert" + +DEPEND="" +if ${PRECOMPILED} ; then + # platforms like AIX don't have a good ar + DEPEND+=" + kernel_AIX? ( app-arch/deb2targz ) + !<sys-apps/portage-2.1.10.41" +fi +# openssl: we run `c_rehash`; newer version for alt-cert-paths #552540 +# debianutils: we run `run-parts` +RDEPEND="${DEPEND} + >=dev-libs/openssl-1.0.1o + sys-apps/debianutils" + +if ! ${PRECOMPILED}; then + DEPEND+=" ${PYTHON_DEPS}" +fi + +S=${WORKDIR} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_unpack() { + ${PRECOMPILED} || default + + mv ${PN}-*/ ${PN} || die + + # Do all the work in the image subdir to avoid conflicting with source + # dirs in $WORKDIR. Need to perform everything in the offset #381937 + mkdir -p "image/${EPREFIX}" + cd "image/${EPREFIX}" || die + + ${PRECOMPILED} && unpacker_src_unpack +} + +src_prepare() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + mkdir -p usr/sbin + cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die + + if use cacert ; then + pushd "${S}"/nss-${NSS_VER} >/dev/null + epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch + popd >/dev/null + fi + fi + + epatch "${FILESDIR}"/${PN}-20141019-root.patch + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') + sed -i \ + -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \ + -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \ + usr/sbin/update-ca-certificates || die +} + +src_compile() { + cd "image/${EPREFIX}" || die + if ! ${PRECOMPILED} ; then + python_setup + local d="${S}/${PN}/mozilla" + # Grab the database from the nss sources. + cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die + emake -C "${d}" + + # Now move the files to the same places that the precompiled would. + mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla + if use cacert ; then + mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org} + mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die + mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die + fi + mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die + else + mv usr/share/doc/{ca-certificates,${PF}} || die + fi + + ( + echo "# Automatically generated by ${CATEGORY}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd usr/share/ca-certificates + find * -name '*.crt' | LC_ALL=C sort + ) > etc/ca-certificates.conf + + sh usr/sbin/update-ca-certificates --root "${S}/image" || die +} + +src_install() { + cp -pPR image/* "${D}"/ || die + if ! ${PRECOMPILED} ; then + cd ca-certificates + doman sbin/*.8 + dodoc debian/README.* examples/ca-certificates-local/README + fi + + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates + doenvd 98ca-certificates +} + +pkg_postinst() { + if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then + # if the user has local certs, we need to rebuild again + # to include their stuff in the db. + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}" + fi + + local c badcerts=0 + for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [ $badcerts -eq 1 ]; then + ewarn "Removing the following broken symlinks:" + ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)" + fi +} diff --git a/app-misc/ca-certificates/files/ca-certificates-20090709-root.patch b/app-misc/ca-certificates/files/ca-certificates-20090709-root.patch new file mode 100644 index 000000000000..72a4ba1a6ddb --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20090709-root.patch @@ -0,0 +1,107 @@ +--- a/usr/sbin/update-ca-certificates ++++ b/usr/sbin/update-ca-certificates +@@ -23,6 +23,7 @@ + + verbose=0 + fresh=0 ++ROOT="" + while [ $# -gt 0 ]; + do + case $1 in +@@ -30,6 +31,9 @@ + verbose=1;; + --fresh|-f) + fresh=1;; ++ --root|-r) ++ ROOT=$(readlink -f "$2") ++ shift;; + --help|-h|*) +- echo "$0: [--verbose] [--fresh]" ++ echo "$0: [--verbose] [--fresh] [--root <dir>]" + exit;; +@@ -37,11 +41,11 @@ + shift + done + +-CERTSCONF=/etc/ca-certificates.conf +-CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates ++CERTSCONF="$ROOT/etc/ca-certificates.conf" ++CERTSDIR="$ROOT/usr/share/ca-certificates" ++LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates" + CERTBUNDLE=ca-certificates.crt +-ETCCERTSDIR=/etc/ssl/certs ++ETCCERTSDIR="$ROOT/etc/ssl/certs" + + cleanup() { + rm -f "$TEMPBUNDLE" +@@ -66,7 +70,7 @@ + -e 's/,/_/g').pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] + then +- ln -sf "$CERT" "$PEM" ++ ln -sf "${CERT#$ROOT}" "$PEM" + echo +$PEM >> "$ADDED" + fi + cat "$CERT" >> "$TEMPBUNDLE" +@@ -78,22 +82,22 @@ + if test -L "$PEM" + then + rm -f "$PEM" +- echo -$PEM >> "$REMOVED" ++ echo "-$PEM" >> "$REMOVED" + fi + } + +-cd $ETCCERTSDIR ++cd "$ETCCERTSDIR" + if [ "$fresh" = 1 ]; then + echo -n "Clearing symlinks in $ETCCERTSDIR..." + find . -type l -print | while read symlink + do +- case $(readlink $symlink) in +- $CERTSDIR*) rm -f $symlink;; ++ case $(readlink "$symlink") in ++ "$CERTSDIR"*) rm -f "$symlink";; + esac + done + find . -type l -print | while read symlink + do +- test -f $symlink || rm -f $symlink ++ test -f "$symlink" || rm -f "$symlink" + done + echo "done." + fi +@@ -102,12 +106,12 @@ + + # Handle certificates that should be removed. This is an explicit act + # by prefixing lines in the configuration files with exclamation marks (!). +-sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt ++sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt + do + remove "$CERTSDIR/$crt" + done + +-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt ++sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt + do + if ! test -f "$CERTSDIR/$crt" + then +@@ -146,14 +150,14 @@ + + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + +-HOOKSDIR=/etc/ca-certificates/update.d ++HOOKSDIR="$ROOT/etc/ca-certificates/update.d" + echo -n "Running hooks in $HOOKSDIR...." + VERBOSE_ARG= + [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook ++eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook + do + ( cat $ADDED +- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. ++ cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?. + done + echo "done." + diff --git a/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch b/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch new file mode 100644 index 000000000000..f3fcf5d593d4 --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20110502-root.patch @@ -0,0 +1,110 @@ +--- a/usr/sbin/update-ca-certificates ++++ b/usr/sbin/update-ca-certificates +@@ -23,6 +23,8 @@ + + verbose=0 + fresh=0 ++ROOT="" ++RELPATH="" + while [ $# -gt 0 ]; + do + case $1 in +@@ -30,6 +31,11 @@ + verbose=1;; + --fresh|-f) + fresh=1;; ++ --root|-r) ++ ROOT=$(readlink -f "$2") ++ # needed as c_rehash wants to read the files directly ++ RELPATH="../../.." ++ shift;; + --help|-h|*) +- echo "$0: [--verbose] [--fresh]" ++ echo "$0: [--verbose] [--fresh] [--root <dir>]" + exit;; +@@ -37,11 +41,11 @@ + shift + done + +-CERTSCONF=/etc/ca-certificates.conf +-CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates ++CERTSCONF="$ROOT/etc/ca-certificates.conf" ++CERTSDIR="$ROOT/usr/share/ca-certificates" ++LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates" + CERTBUNDLE=ca-certificates.crt +-ETCCERTSDIR=/etc/ssl/certs ++ETCCERTSDIR="$ROOT/etc/ssl/certs" + + cleanup() { + rm -f "$TEMPBUNDLE" +@@ -66,7 +70,7 @@ + -e 's/,/_/g').pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] + then +- ln -sf "$CERT" "$PEM" ++ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM" + echo +$PEM >> "$ADDED" + fi + cat "$CERT" >> "$TEMPBUNDLE" +@@ -78,22 +82,22 @@ + if test -L "$PEM" + then + rm -f "$PEM" +- echo -$PEM >> "$REMOVED" ++ echo "-$PEM" >> "$REMOVED" + fi + } + +-cd $ETCCERTSDIR ++cd "$ETCCERTSDIR" + if [ "$fresh" = 1 ]; then + echo -n "Clearing symlinks in $ETCCERTSDIR..." + find . -type l -print | while read symlink + do +- case $(readlink $symlink) in +- $CERTSDIR*) rm -f $symlink;; ++ case $(readlink "$symlink") in ++ "$CERTSDIR"*) rm -f "$symlink";; + esac + done + find . -type l -print | while read symlink + do +- test -f $symlink || rm -f $symlink ++ test -f "$symlink" || rm -f "$symlink" + done + echo "done." + fi +@@ -102,12 +106,12 @@ + + # Handle certificates that should be removed. This is an explicit act + # by prefixing lines in the configuration files with exclamation marks (!). +-sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt ++sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt + do + remove "$CERTSDIR/$crt" + done + +-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt ++sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt + do + if ! test -f "$CERTSDIR/$crt" + then +@@ -146,14 +150,14 @@ + + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + +-HOOKSDIR=/etc/ca-certificates/update.d ++HOOKSDIR="$ROOT/etc/ca-certificates/update.d" + echo -n "Running hooks in $HOOKSDIR...." + VERBOSE_ARG= + [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook ++eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook + do + ( cat $ADDED +- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. ++ cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?. + done + echo "done." + diff --git a/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch b/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch new file mode 100644 index 000000000000..2b2a42c58ec5 --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch @@ -0,0 +1,116 @@ +add a --root option so we can generate with DESTDIR installs + +--- a/usr/sbin/update-ca-certificates ++++ b/usr/sbin/update-ca-certificates +@@ -23,6 +23,8 @@ + + verbose=0 + fresh=0 ++ROOT="" ++RELPATH="" + while [ $# -gt 0 ]; + do + case $1 in +@@ -30,18 +32,23 @@ do + verbose=1;; + --fresh|-f) + fresh=1;; ++ --root|-r) ++ ROOT=$(readlink -f "$2") ++ # needed as c_rehash wants to read the files directly ++ RELPATH="../../.." ++ shift;; + --help|-h|*) +- echo "$0: [--verbose] [--fresh]" ++ echo "$0: [--verbose] [--fresh] [--root <dir>]" + exit;; + esac + shift + done + +-CERTSCONF=/etc/ca-certificates.conf +-CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates ++CERTSCONF="$ROOT/etc/ca-certificates.conf" ++CERTSDIR="$ROOT/usr/share/ca-certificates" ++LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates" + CERTBUNDLE=ca-certificates.crt +-ETCCERTSDIR=/etc/ssl/certs ++ETCCERTSDIR="$ROOT/etc/ssl/certs" + + cleanup() { + rm -f "$TEMPBUNDLE" +@@ -66,7 +73,7 @@ add() { + -e 's/,/_/g').pem" + if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ] + then +- ln -sf "$CERT" "$PEM" ++ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM" + echo +$PEM >> "$ADDED" + fi + # Add trailing newline to certificate, if it is missing (#635570) +@@ -79,36 +86,36 @@ remove() { + if test -L "$PEM" + then + rm -f "$PEM" +- echo -$PEM >> "$REMOVED" ++ echo "-$PEM" >> "$REMOVED" + fi + } + +-cd $ETCCERTSDIR ++cd "$ETCCERTSDIR" + if [ "$fresh" = 1 ]; then +- echo -n "Clearing symlinks in $ETCCERTSDIR..." ++ printf "Clearing symlinks in $ETCCERTSDIR..." + find . -type l -print | while read symlink + do +- case $(readlink $symlink) in +- $CERTSDIR*) rm -f $symlink;; ++ case $(readlink "$symlink") in ++ "$CERTSDIR"*) rm -f "$symlink";; + esac + done + find . -type l -print | while read symlink + do +- test -f $symlink || rm -f $symlink ++ test -f "$symlink" || rm -f "$symlink" + done + echo "done." + fi + +-echo -n "Updating certificates in $ETCCERTSDIR... " ++printf "Updating certificates in $ETCCERTSDIR... " + + # Handle certificates that should be removed. This is an explicit act + # by prefixing lines in the configuration files with exclamation marks (!). +-sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt ++sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt + do + remove "$CERTSDIR/$crt" + done + +-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt ++sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt + do + if ! test -f "$CERTSDIR/$crt" + then +@@ -151,14 +158,14 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE" + + echo "$ADDED_CNT added, $REMOVED_CNT removed; done." + +-HOOKSDIR=/etc/ca-certificates/update.d +-echo -n "Running hooks in $HOOKSDIR...." ++HOOKSDIR="$ROOT/etc/ca-certificates/update.d" ++printf "Running hooks in $HOOKSDIR...." + VERBOSE_ARG= + [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose +-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook ++eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook + do + ( cat $ADDED +- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. ++ cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?. + done + echo "done." + diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml new file mode 100644 index 000000000000..9f0fc84b6680 --- /dev/null +++ b/app-misc/ca-certificates/metadata.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>base-system</herd> +<use> + <flag name='cacert'> + Include root certs from CAcert (http://www.cacert.org/) and + Software in the Public Interest (http://www.spi-inc.org/) + </flag> +</use> +</pkgmetadata> |