xref: /OK3568_Linux_fs/yocto/poky/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunSUMMARY = "Common CA certificates"
2*4882a593SmuzhiyunDESCRIPTION = "This package includes PEM files of CA certificates to allow \
3*4882a593SmuzhiyunSSL-based applications to check for the authenticity of SSL connections. \
4*4882a593SmuzhiyunThis derived from Debian's CA Certificates."
5*4882a593SmuzhiyunHOMEPAGE = "http://packages.debian.org/sid/ca-certificates"
6*4882a593SmuzhiyunSECTION = "misc"
7*4882a593SmuzhiyunLICENSE = "GPL-2.0-or-later & MPL-2.0"
8*4882a593SmuzhiyunLIC_FILES_CHKSUM = "file://debian/copyright;md5=ae5b36b514e3f12ce1aa8e2ee67f3d7e"
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun# This is needed to ensure we can run the postinst at image creation time
11*4882a593SmuzhiyunDEPENDS = ""
12*4882a593SmuzhiyunDEPENDS:class-native = "openssl-native"
13*4882a593SmuzhiyunDEPENDS:class-nativesdk = "openssl-native"
14*4882a593Smuzhiyun# Need rehash from openssl and run-parts from debianutils
15*4882a593SmuzhiyunPACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
16*4882a593Smuzhiyun
17*4882a593SmuzhiyunSRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
18*4882a593Smuzhiyun
19*4882a593SmuzhiyunSRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
20*4882a593Smuzhiyun           file://0002-update-ca-certificates-use-SYSROOT.patch \
21*4882a593Smuzhiyun           file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
22*4882a593Smuzhiyun           file://default-sysroot.patch \
23*4882a593Smuzhiyun           file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
24*4882a593Smuzhiyun           file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
25*4882a593Smuzhiyun           "
26*4882a593SmuzhiyunUPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
27*4882a593Smuzhiyun
28*4882a593SmuzhiyunS = "${WORKDIR}/git"
29*4882a593Smuzhiyun
30*4882a593Smuzhiyuninherit allarch
31*4882a593Smuzhiyun
32*4882a593SmuzhiyunEXTRA_OEMAKE = "\
33*4882a593Smuzhiyun    'CERTSDIR=${datadir}/ca-certificates' \
34*4882a593Smuzhiyun    'SBINDIR=${sbindir}' \
35*4882a593Smuzhiyun"
36*4882a593Smuzhiyun
37*4882a593Smuzhiyundo_compile:prepend() {
38*4882a593Smuzhiyun    oe_runmake clean
39*4882a593Smuzhiyun}
40*4882a593Smuzhiyun
41*4882a593Smuzhiyundo_install () {
42*4882a593Smuzhiyun    install -d ${D}${datadir}/ca-certificates \
43*4882a593Smuzhiyun               ${D}${sysconfdir}/ssl/certs \
44*4882a593Smuzhiyun               ${D}${sysconfdir}/ca-certificates/update.d
45*4882a593Smuzhiyun    oe_runmake 'DESTDIR=${D}' install
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun    install -d ${D}${mandir}/man8
48*4882a593Smuzhiyun    install -m 0644 sbin/update-ca-certificates.8 ${D}${mandir}/man8/
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun    install -d ${D}${sysconfdir}
51*4882a593Smuzhiyun    {
52*4882a593Smuzhiyun        echo "# Lines starting with # will be ignored"
53*4882a593Smuzhiyun        echo "# Lines starting with ! will remove certificate on next update"
54*4882a593Smuzhiyun        echo "#"
55*4882a593Smuzhiyun        find ${D}${datadir}/ca-certificates -type f -name '*.crt' | \
56*4882a593Smuzhiyun            sed 's,^${D}${datadir}/ca-certificates/,,' | sort
57*4882a593Smuzhiyun    } >${D}${sysconfdir}/ca-certificates.conf
58*4882a593Smuzhiyun}
59*4882a593Smuzhiyun
60*4882a593Smuzhiyundo_install:append:class-target () {
61*4882a593Smuzhiyun    sed -i -e 's,/etc/,${sysconfdir}/,' \
62*4882a593Smuzhiyun           -e 's,/usr/share/,${datadir}/,' \
63*4882a593Smuzhiyun           -e 's,/usr/local,${prefix}/local,' \
64*4882a593Smuzhiyun        ${D}${sbindir}/update-ca-certificates \
65*4882a593Smuzhiyun        ${D}${mandir}/man8/update-ca-certificates.8
66*4882a593Smuzhiyun}
67*4882a593Smuzhiyun
68*4882a593Smuzhiyunpkg_postinst:${PN}:class-target () {
69*4882a593Smuzhiyun    SYSROOT="$D" $D${sbindir}/update-ca-certificates
70*4882a593Smuzhiyun}
71*4882a593Smuzhiyun
72*4882a593SmuzhiyunCONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun# Rather than make a postinst script that works for both target and nativesdk,
75*4882a593Smuzhiyun# we just run update-ca-certificate from do_install() for nativesdk.
76*4882a593SmuzhiyunCONFFILES:${PN}:append:class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
77*4882a593Smuzhiyundo_install:append:class-nativesdk () {
78*4882a593Smuzhiyun    SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
79*4882a593Smuzhiyun}
80*4882a593Smuzhiyun
81*4882a593Smuzhiyundo_install:append:class-native () {
82*4882a593Smuzhiyun    SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
83*4882a593Smuzhiyun}
84*4882a593Smuzhiyun
85*4882a593SmuzhiyunRDEPENDS:${PN}:append:class-target = " openssl-bin openssl"
86*4882a593SmuzhiyunRDEPENDS:${PN}:append:class-native = " openssl-native"
87*4882a593SmuzhiyunRDEPENDS:${PN}:append:class-nativesdk = " nativesdk-openssl-bin nativesdk-openssl"
88*4882a593Smuzhiyun
89*4882a593SmuzhiyunBBCLASSEXTEND = "native nativesdk"
90