summaryrefslogtreecommitdiffstats
path: root/package/ca-certificates
Commit message (Collapse)AuthorAgeFilesLines
* package/ca-certificates: create ca-certificates.crt reproduciblyMartin Bark2018-10-211-1/+1
| | | | | | | | | | | Sort the certificates into alphabetical order so the contents of ca-certificates.crt can be built reproducibly. Note: The certificates are sorted uppercase then lowercase filenames so the contents of ca-certificates.crt matches the source debian package. Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/ca-certificates: fix rebuildsMartin Bark2018-10-211-1/+1
| | | | | | | | | | | | | | Rebuilding ca-certificates using make ca-certificates-rebuild caused duplicate certificates to be installed in the target. Its build system is broken: it doesn't detect that the output file already exists, and instead of overwriting it, a duplicate is generated under a different name. The net effect is that all certificates are installed twice after rebuild. Fix this by cleaning the build directory before building the package. Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/ca-certificates: don't hash certificates.crtMartin Bark2018-10-211-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | c_rehash looks at all files in /etc/ssl/certs, generates the hash for the certificates in them, and makes a symlink from the hash to the certificate file. However, ca-certificates.crt is also installed in /etc/ssl/certs and it contains all the certificates. c_rehash will take one of them (the first?) and create a symlink from that hash to ca-certificates.crt. Usually, this results in an error like: WARNING: Skipping duplicate certificate ca-certificates.crt and all is well. However, depending on filesystem order, ca-certificates.crt may come first, and the actual certificate is not symlinked. To fix this install certificates.crt to /etc/ssl/certs *after* we run c_rehash to prevent it getting hashed by mistake. Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so this fix also works for rebuilds. Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/ca-certificates: bump version to 20180409Martin Bark2018-05-292-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update Mozilla certificate authority bundle to version 2.22. The following certificate authorities were added (+): + "GDCA TrustAUTH R5 ROOT" + "SSL.com EV Root Certification Authority ECC" + "SSL.com EV Root Certification Authority RSA R2" + "SSL.com Root Certification Authority ECC" + "SSL.com Root Certification Authority RSA" + "TrustCor ECA-1" + "TrustCor RootCert CA-1" + "TrustCor RootCert CA-2" The following certificate authorities were removed (-): - "ACEDICOM Root" - "AddTrust Low-Value Services Root" - "AddTrust Public Services Root" - "AddTrust Qualified Certificates Root" - "CA Disig Root R1" - "CNNIC ROOT" - "Camerfirma Chambers of Commerce Root" - "Camerfirma Global Chambersign Root" - "Certinomis - Autorité Racine" - "Certum Root CA" - "China Internet Network Information Center EV Certificates Root" - "Comodo Secure Services root" - "Comodo Trusted Services root" - "DST ACES CA X6" - "GeoTrust Global CA 2" - "PSCProcert" - "Security Communication EV RootCA1" - "Swisscom Root CA 1" - "Swisscom Root CA 2" - "Swisscom Root EV CA 2" - "TURKTRUST Certificate Services Provider Root 2007" - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3" - "UTN USERFirst Hardware Root CA" Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ca-certificates: bump to version 20170717Martin Bark2018-01-302-4/+4
| | | | | Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Globally replace $(HOST_DIR)/usr/bin with $(HOST_DIR)/binArnout Vandecappelle2017-07-051-1/+1
| | | | | | | | | | | Since things are no longer installed in $(HOST_DIR)/usr, the callers should also not refer to it. This is a mechanical change with git grep -l '$(HOST_DIR)/usr/bin' | xargs sed -i 's%$(HOST_DIR)/usr/bin%$(HOST_DIR)/bin%g' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/c*/Config.in: fix help text wrappingAdam Duskett2017-05-111-1/+2
| | | | | | | | | | | | | | The check-package script when ran gives warnings on text wrapping on all of these Config files. This patch cleans up all warnings related to the text wrapping for the Config files starting with the letter c in the package directory. The appropriate indentation is: <tab><2 spaces><62 chars> See http://nightly.buildroot.org/#writing-rules-config-in for more information. Signed-off-by: Adam Duskett <aduskett@codeblue.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: use SPDX short identifier for MPL family licensesRahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for MPLv1.0/MPLv1.1/MPLv2.0 is MPL-1.0/MPL-1.1/ MPL-2.0. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/MPLv([1-2]\.[0-1])/MPL-\1/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, linux, package: use SPDX short identifier for GPLv2/GPLv2+Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license strings as much as possible. SPDX short identifier for GPLv2/GPLv2+ is GPL-2.0/GPL-2.0+. This change is done by using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/\<GPLv2\>/GPL-2.0/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* ca-certificates: bump to version 20161130Gustavo Zacarias2017-01-042-4/+4
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ca-certificates: use $(TARGET_MAKE_ENV) when calling $(MAKE)Gustavo Zacarias2016-10-221-1/+1
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo.zacarias@free-electrons.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ca-certificates: depend on host-python or host-python3Martin Bark2016-05-051-1/+5
| | | | | | | | | | | | | | | | | | | | | | The ca-certificates build process runs a Python script that needs at least Python 2.7. While Buildroot requires Python as a hard dependency on the build system, we don't require Python >= 2.7. So in order to ensure that a Python >= 2.7 is installed, this commit makes the ca-certificates package depend either on host-python or host-python3. Fixes: http://autobuild.buildroot.net/results/a2a4fed293c836b9cf63ff2aaa463b0704dec07e/ http://autobuild.buildroot.net/results/bbed4afa8e30382b8892062f31ba64cbb0ea14e4/ http://autobuild.buildroot.net/results/1af5562be3c0d233cea81834a898f7ac6ae48271/ Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Martin Bark <martin@barkynet.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> [Thomas: rewrite commit log.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ca-certificates: bump version to 20160104Martin Bark2016-02-252-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | The following certificate authorities were added (+): + "CA WoSign ECC Root" + "Certification Authority of WoSign G2" + "Certinomis - Root CA" + "OISTE WISeKey Global Root GB CA" + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5" + "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6" The following certificate authorities were removed (-): - "A-Trust-nQual-03" - "Buypass Class 3 CA 1" - "ComSign Secured CA" - "Digital Signature Trust Co. Global CA 1" - "Digital Signature Trust Co. Global CA 3" - "SG TRUST SERVICES RACINE" - "TC TrustCenter Class 2 CA II" - "TC TrustCenter Universal CA I" - "TURKTRUST Certificate Services Provider Root 1" - "TURKTRUST Certificate Services Provider Root 2" - "UTN DATACorp SGC Root CA" - "Verisign Class 4 Public Primary Certification Authority - G3" Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ca-certificates: bump version to 20150426Martin Bark2015-06-092-4/+4
| | | | | Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ca-certificates: generate the bundle of certsYann E. MORIN2015-04-031-0/+2
| | | | | | | | | | | | | | | | | | | | | | | glib-networking wants to use the certificates bundle, not the individual certificates. Generating the bundle is usually done with update-ca-certificates, but that does not support running out-of-tree. Fortiunately, and as Gustavo put it, update-ca-certificates is jsut a glorified 'cat'. It is supposed to be fed a config file stating which certificate to add/remove to/from the bundle, otherwise nothing fancy (Oh, yes, running hooks after updating the bundle). Since we do not need any of this in Buidlroot, we jsut generate a bundle with all certificates unconditionally. Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ca-certificates: bump to 20141019, update snapshot date & hashKaroly Kasza2014-10-252-4/+4
| | | | | Signed-off-by: Karoly Kasza <kaszak@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: remove the trailing slash sign from <PKG>_SITE variableJerzy Grzegorek2014-07-311-1/+1
| | | | | | | | | | | | Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk: $(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE)) so it is redundant. This patch removes it from $(PKG)_SITE variable for BR consistency. Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/ca-certificates: add tarball's hashesYann E. MORIN2014-07-041-0/+3
| | | | | | | | | | | | | ca-certificates contains sensitive security-related information, and we want to ensure the archive that we download has not been compromised. Add the sha1 and sha256 hashes from Debian's packaging. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Martin Bark <martin@barkynet.com> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/ca-certificates: security bump to 20140223Yann E. MORIN2014-03-261-3/+3
| | | | | | | | | Some new CA added, some removed. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Cc: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* ca-certificates: new packageMartin Bark2014-01-122-0/+48
CA certificates used for SSL based applications. The package installs CA certificates to /usr/share/ca-certificates and creates symbolic links under /etc/ssl/certs. For example, the existing libcurl package will use these certificates for https urls. Based on the debian ca-certifcates package. [Peter: fixup comments as pointed out by Yann] Signed-off-by: Martin Bark <martin@barkynet.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud