Commit Graph

20 Commits

Author SHA1 Message Date
Martin Bark
c61b49e5b5 package/ca-certificates: create ca-certificates.crt reproducibly
Sort the certificates into alphabetical order so the contents of
ca-certificates.crt can be built reproducibly.

Note: The certificates are sorted uppercase then lowercase filenames
so the contents of ca-certificates.crt matches the source debian package.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-10-21 14:36:32 +01:00
Martin Bark
42b10634c6 package/ca-certificates: fix rebuilds
Rebuilding ca-certificates using make ca-certificates-rebuild
caused duplicate certificates to be installed in the target. Its build
system is broken: it doesn't detect that the output file already exists,
and instead of overwriting it, a duplicate is generated under a
different name. The net effect is that all certificates are installed
twice after rebuild.

Fix this by cleaning the build directory before building the package.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-10-21 14:34:46 +01:00
Martin Bark
d07ddd8e4e package/ca-certificates: don't hash certificates.crt
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.

However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:

WARNING: Skipping duplicate certificate ca-certificates.crt

and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.

To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.

Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-10-21 14:33:31 +01:00
Martin Bark
8b03b2a664 package/ca-certificates: bump version to 20180409
Update Mozilla certificate authority bundle to version 2.22.

The following certificate authorities were added (+):
  + "GDCA TrustAUTH R5 ROOT"
  + "SSL.com EV Root Certification Authority ECC"
  + "SSL.com EV Root Certification Authority RSA R2"
  + "SSL.com Root Certification Authority ECC"
  + "SSL.com Root Certification Authority RSA"
  + "TrustCor ECA-1"
  + "TrustCor RootCert CA-1"
  + "TrustCor RootCert CA-2"

The following certificate authorities were removed (-):
  - "ACEDICOM Root"
  - "AddTrust Low-Value Services Root"
  - "AddTrust Public Services Root"
  - "AddTrust Qualified Certificates Root"
  - "CA Disig Root R1"
  - "CNNIC ROOT"
  - "Camerfirma Chambers of Commerce Root"
  - "Camerfirma Global Chambersign Root"
  - "Certinomis - Autorité Racine"
  - "Certum Root CA"
  - "China Internet Network Information Center EV Certificates Root"
  - "Comodo Secure Services root"
  - "Comodo Trusted Services root"
  - "DST ACES CA X6"
  - "GeoTrust Global CA 2"
  - "PSCProcert"
  - "Security Communication EV RootCA1"
  - "Swisscom Root CA 1"
  - "Swisscom Root CA 2"
  - "Swisscom Root EV CA 2"
  - "TURKTRUST Certificate Services Provider Root 2007"
  - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
  - "UTN USERFirst Hardware Root CA"

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-05-29 08:52:39 +02:00
Martin Bark
3edfb2e43d ca-certificates: bump to version 20170717
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-30 22:50:03 +01:00
Arnout Vandecappelle
0f9c0bf3d5 Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/bin
Since things are no longer installed in $(HOST_DIR)/usr, the callers
should also not refer to it.

This is a mechanical change with
git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-07-05 15:19:29 +02:00
Adam Duskett
ee71aa2375 package/c*/Config.in: fix help text wrapping
The check-package script when ran gives warnings on text wrapping
on all of these Config files.  This patch cleans up all warnings
related to the text wrapping for the Config files starting with
the letter c in the package directory.

The appropriate indentation is: <tab><2 spaces><62 chars>
See http://nightly.buildroot.org/#writing-rules-config-in for more
information.

Signed-off-by: Adam Duskett <aduskett@codeblue.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-11 23:28:01 +02:00
Rahul Bedarkar
f33fd75afc package: use SPDX short identifier for MPL family licenses
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/
MPL-2.0.

This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:27:47 +02:00
Rahul Bedarkar
af31c309e7 boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+
We want to use SPDX identifier for license strings as much as possible.
SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+.

This change is done by using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g'

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-04-01 15:16:38 +02:00
Gustavo Zacarias
9138a57357 ca-certificates: bump to version 20161130
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-04 17:02:12 +01:00
Gustavo Zacarias
a0261d3368 ca-certificates: use $(TARGET_MAKE_ENV) when calling $(MAKE)
Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-10-22 15:19:24 +02:00
Martin Bark
27f0994067 package/ca-certificates: depend on host-python or host-python3
The ca-certificates build process runs a Python script that needs at
least Python 2.7. While Buildroot requires Python as a hard dependency
on the build system, we don't require Python >= 2.7.

So in order to ensure that a Python >= 2.7 is installed, this commit
makes the ca-certificates package depend either on host-python or
host-python3.

Fixes:

 http://autobuild.buildroot.net/results/a2a4fed293c836b9cf63ff2aaa463b0704dec07e/
 http://autobuild.buildroot.net/results/bbed4afa8e30382b8892062f31ba64cbb0ea14e4/
 http://autobuild.buildroot.net/results/1af5562be3c0d233cea81834a898f7ac6ae48271/

Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Martin Bark <martin@barkynet.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: rewrite commit log.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-05-05 15:42:17 +02:00
Martin Bark
30e991a082 package/ca-certificates: bump version to 20160104
The following certificate authorities were added (+):
+ "CA WoSign ECC Root"
+ "Certification Authority of WoSign G2"
+ "Certinomis - Root CA"
+ "OISTE WISeKey Global Root GB CA"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5"
+ "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6"

The following certificate authorities were removed (-):
- "A-Trust-nQual-03"
- "Buypass Class 3 CA 1"
- "ComSign Secured CA"
- "Digital Signature Trust Co. Global CA 1"
- "Digital Signature Trust Co. Global CA 3"
- "SG TRUST SERVICES RACINE"
- "TC TrustCenter Class 2 CA II"
- "TC TrustCenter Universal CA I"
- "TURKTRUST Certificate Services Provider Root 1"
- "TURKTRUST Certificate Services Provider Root 2"
- "UTN DATACorp SGC Root CA"
- "Verisign Class 4 Public Primary Certification Authority - G3"

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-02-25 12:24:31 +01:00
Martin Bark
09071d4a03 package/ca-certificates: bump version to 20150426
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-06-09 22:42:16 +02:00
Yann E. MORIN
ea6b7bd545 package/ca-certificates: generate the bundle of certs
glib-networking wants to use the certificates bundle, not the individual
certificates.

Generating the bundle is usually done with update-ca-certificates, but
that does not support running out-of-tree.

Fortiunately, and as Gustavo put it, update-ca-certificates is jsut a
glorified 'cat'. It is supposed to be fed a config file stating which
certificate to add/remove to/from the bundle, otherwise nothing fancy
(Oh, yes, running hooks after updating the bundle).

Since we do not need any of this in Buidlroot, we jsut generate a bundle
with all certificates unconditionally.

Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-03 15:39:39 +02:00
Karoly Kasza
ac09a36c70 package/ca-certificates: bump to 20141019, update snapshot date & hash
Signed-off-by: Karoly Kasza <kaszak@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-25 11:26:30 +02:00
Jerzy Grzegorek
c7f4b96471 package: remove the trailing slash sign from <PKG>_SITE variable
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:

$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))

so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.

Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 23:17:46 +02:00
Yann E. MORIN
0b2264d3d4 package/ca-certificates: add tarball's hashes
ca-certificates contains sensitive security-related information,
and we want to ensure the archive that we download has not been
compromised.

Add the sha1 and sha256 hashes from Debian's packaging.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Martin Bark <martin@barkynet.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-07-04 23:40:55 +02:00
Yann E. MORIN
1015a2e1f5 package/ca-certificates: security bump to 20140223
Some new CA added, some removed.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-26 11:00:19 +01:00
Martin Bark
beb24ce2b0 ca-certificates: new package
CA certificates used for SSL based applications.  The package installs CA
certificates to /usr/share/ca-certificates and creates symbolic links under
/etc/ssl/certs.  For example, the existing libcurl package will use these
certificates for https urls.  Based on the debian ca-certifcates package.

[Peter: fixup comments as pointed out by Yann]
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-12 21:02:33 +01:00