diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest index ab6b2d0876..be3aa68ad2 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/Manifest @@ -1 +1 @@ -DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e +DIST nss-3.19.1.tar.gz 6953537 SHA256 b7be709551ec13206d8e3e8c065b894fa981c11573115e9478fa051029c52fff SHA512 8938fff8d819f5a223f99b3ee55734b624609dd87d9035c3bb4ca22db707da709f43d6e56610860ff99e4d2271405ad0efb762ba3f6d9e6cd586415e31412107 WHIRLPOOL d5ba4abaa29c28c19f18314427c581b1356ab4edaeb818433000dd63281340de7db5cf98700c80d781cb26e6989b222113e927eb2e890592ae8691fe8dcb4eb9 diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.16-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.19.1.ebuild similarity index 55% rename from sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.16-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.19.1.ebuild index 064bac08a7..0f70a006f7 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.16-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.19.1.ebuild @@ -26,40 +26,62 @@ RDEPEND="dev-libs/openssl DEPEND="${RDEPEND} ${PYTHON_DEPS}" -sym_to_usr() { - local l="/etc/ssl/certs/${1##*/}" - local p="../../../usr/share/${PN}/${1}" - echo "L ${l} - - - - ${p}" +pkg_setup() { + python-any-r1_pkg_setup + + # Deal with the case where older ca-certificates installed a + # dir here, but newer one installs symlinks. Portage will + # barf when you try to transition file types. + # This trick is stolen from sys-libs/timezone-data + if cd "${EROOT}"/usr/share/${PN} 2>/dev/null ; then + # In case of a failed upgrade, clean up the symlinks #506570 + if [ -L .gentoo-upgrade ] ; then + rm -rf mozilla .gentoo-upgrade + fi + if [ -d mozilla ] ; then + rm -rf .gentoo-upgrade #487192 + mv mozilla .gentoo-upgrade || die + ln -s .gentoo-upgrade mozilla || die + fi + fi +} + +gen_hash_links() { + local certfile certhash + for certfile in "$@"; do + certhash=$(openssl x509 -hash -noout -in "${certfile}") || die + # This assumes the hashes have no collisions + ln -s "${certfile}" "${certhash}.0" || die + done } gen_tmpfiles() { local certfile echo "d /etc/ssl - - - - -" echo "d /etc/ssl/certs - - - - -" - sym_to_usr ca-certificates.crt for certfile in "$@"; do - sym_to_usr "${certfile}" - done - for certfile in "$@"; do - local certhash=$(openssl x509 -hash -noout -in "${certfile}") - # This assumes the hashes have no collisions - local l="/etc/ssl/certs/${certhash}.0" - local p="${certfile##*/}" + local l="/etc/ssl/certs/${certfile}" + local p="../../../usr/share/${PN}/${certfile}" echo "L ${l} - - - - ${p}" done } src_compile() { local certdata="${MY_P}/nss/lib/ckfw/builtins/certdata.txt" - ${PYTHON} "${FILESDIR}/certdata2pem.py" "${certdata}" mozilla || die - cat mozilla/*.pem > ca-certificates.crt || die - gen_tmpfiles mozilla/*.pem > ${PN}.conf || die + ${PYTHON} "${FILESDIR}/certdata2pem.py" "${certdata}" certs || die + + cd certs || die + gen_hash_links *.pem + cat *.pem > ca-certificates.crt || die + gen_tmpfiles * > "${S}/${PN}.conf" || die } src_install() { insinto /usr/share/${PN} - doins ca-certificates.crt - doins -r mozilla + doins certs/* + + # for compatibility with older directory structure + dosym . /usr/share/${PN}/mozilla dosbin "${FILESDIR}/update-ca-certificates" systemd_dounit "${FILESDIR}/clean-ca-certificates.service" @@ -72,3 +94,7 @@ src_install() { dodir /etc/ssl/certs systemd-tmpfiles --root="${D}" --create } + +pkg_postinst() { + rm -rf "${EROOT}"/usr/share/${PN}/.gentoo-upgrade +}