diff options
author | Martin Bark <martin@barkynet.com> | 2018-06-16 23:05:59 +0100 |
---|---|---|
committer | Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> | 2018-10-21 14:33:31 +0100 |
commit | d07ddd8e4ed576dbce4c33ab006f342e24d3bd6b (patch) | |
tree | 48668d47ce9171e3b59f943fdad540b384cafa0d | |
parent | 26034b8663f8c084ec9100f429d8ff6c046a9fa3 (diff) | |
download | buildroot-d07ddd8e4ed576dbce4c33ab006f342e24d3bd6b.tar.gz buildroot-d07ddd8e4ed576dbce4c33ab006f342e24d3bd6b.zip |
package/ca-certificates: don't hash certificates.crt
c_rehash looks at all files in /etc/ssl/certs, generates the hash for
the certificates in them, and makes a symlink from the hash to the
certificate file.
However, ca-certificates.crt is also installed in /etc/ssl/certs and
it contains all the certificates. c_rehash will take one of them (the
first?) and create a symlink from that hash to ca-certificates.crt.
Usually, this results in an error like:
WARNING: Skipping duplicate certificate ca-certificates.crt
and all is well. However, depending on filesystem order,
ca-certificates.crt may come first, and the actual certificate is
not symlinked.
To fix this install certificates.crt to /etc/ssl/certs *after* we run
c_rehash to prevent it getting hashed by mistake.
Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so
this fix also works for rebuilds.
Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
-rw-r--r-- | package/ca-certificates/ca-certificates.mk | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk index c19d37788b..9685d0e6f0 100644 --- a/package/ca-certificates/ca-certificates.mk +++ b/package/ca-certificates/ca-certificates.mk @@ -33,11 +33,15 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS cd $(TARGET_DIR) ;\ for i in `find usr/share/ca-certificates -name "*.crt"` ; do \ ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\ - cat $$i >>etc/ssl/certs/ca-certificates.crt ;\ - done + cat $$i ;\ + done >$(@D)/ca-certificates.crt # Create symlinks to the certificates by their hash values $(HOST_DIR)/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs + + # Install the certificates bundle + $(INSTALL) -D -m 644 $(@D)/ca-certificates.crt \ + $(TARGET_DIR)/etc/ssl/certs/ca-certificates.crt endef $(eval $(generic-package)) |