From patchwork Fri Jan 10 15:39:44 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Bark <martin@barkynet.com>
X-Patchwork-Id: 309312
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from hemlock.osuosl.org (hemlock.osuosl.org [140.211.166.133])
	by ozlabs.org (Postfix) with ESMTP id 2D9B12C007C
	for <incoming@patchwork.ozlabs.org>;
	Sat, 11 Jan 2014 02:39:54 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id 2D8F08ABC2;
	Fri, 10 Jan 2014 15:39:52 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id FooCyESwEho3; Fri, 10 Jan 2014 15:39:50 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by hemlock.osuosl.org (Postfix) with ESMTP id 195EF8AB97;
	Fri, 10 Jan 2014 15:39:50 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from whitealder.osuosl.org (whitealder.osuosl.org
	[140.211.166.138])
	by ash.osuosl.org (Postfix) with ESMTP id 077DE1BFA0B
	for <buildroot@lists.busybox.net>;
	Fri, 10 Jan 2014 15:39:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by whitealder.osuosl.org (Postfix) with ESMTP id 030D68CA6A
	for <buildroot@lists.busybox.net>;
	Fri, 10 Jan 2014 15:39:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id r8tjKuXyWWki for <buildroot@lists.busybox.net>;
	Fri, 10 Jan 2014 15:39:48 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ie0-f177.google.com (mail-ie0-f177.google.com
	[209.85.223.177])
	by whitealder.osuosl.org (Postfix) with ESMTPS id 4B8B68CA62
	for <buildroot@busybox.net>; Fri, 10 Jan 2014 15:39:48 +0000 (UTC)
Received: by mail-ie0-f177.google.com with SMTP id ar20so1041613iec.22
	for <buildroot@busybox.net>; Fri, 10 Jan 2014 07:39:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id;
	bh=r83t79Pb/x2Cm1I6KXJZzZ7twBhNW9MH0olMzX5NvS0=;
	b=WeXRUP0/crNG9vd8v/E6Sov0y/xdziLDd2IP43OTl3aJmRegAUc730robFpMP8guZW
	95qq52d3sS6SyAOjDMgjzd2GIsynPJvVU3D+vwDQmFoGbsSJwTJLpgfylhtsasOSxaT7
	Q4vBLPyAcRWBZnHqCmXC3XswM0ObdN1OeJgzi4lJNCwW8RfmdhZoxSjc7RGOmue+Rsys
	eqI1dcwSUdxFd9MC7HyDMu7lZvvzcbyr7GMSSkZQOd7mQ7CliyrMmhbE0ZYoWVWQhe4m
	qbJPVvdOJZPBM3n6poMbMoxVVsh1U0ZJqoRlXN0/zy6c0FCp1helBtAFRYidNjiZlc7/
	/E9Q==
X-Gm-Message-State: 
 ALoCoQmjRLXIjI9nQAMM/3Rq4npXGzyEGhiSjIWao6IZJoHRkiTFzEZzJiKzPD/fLkPwkZzumL0K
X-Received: by 10.50.28.72 with SMTP id z8mr4060752igg.44.1389368387474;
	Fri, 10 Jan 2014 07:39:47 -0800 (PST)
Received: from cmb-silveradder.local.geosemi.com ([64.254.119.106])
	by mx.google.com with ESMTPSA id
	gc2sm3094257igd.6.2014.01.10.07.39.46 for <buildroot@busybox.net>
	(version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Fri, 10 Jan 2014 07:39:46 -0800 (PST)
From: Martin Bark <martin@barkynet.com>
To: buildroot@busybox.net
Date: Fri, 10 Jan 2014 15:39:44 +0000
Message-Id: <1389368384-1332-1-git-send-email-martin@barkynet.com>
X-Mailer: git-send-email 1.7.9.5
Subject: [Buildroot] [PATCH v3] ca-certificates: new package
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

CA certificates used for SSL based applications.  The package installs CA
certificates to /usr/share/ca-certificates and creates symbolic links under
/etc/ssl/certs.  For example, the existing libcurl package will use these
certificates for https urls.  Based on the debian ca-certifcates package.

Signed-off-by: Martin Bark <martin@barkynet.com>
---
Changes v2 -> v3
    - Fixed missing tabs (suggested by Thomas Petazzoni)
    - Added upstream url to Config.in (suggested by Thomas Petazzoni)
    - Changed CA_CERTIFICATES_SITE to use snapshot.debian.org (suggested by Thomas Petazzoni)
    - Changed PATH=$(HOST_PATH) to $(TARGET_MAKE_ENV) in build cmd (suggested by Thomas Petazzoni)
    - Removed parenthesis and fixed use of basename in install cmd (suggested by Yann E. MORIN)

Changes v1 -> v2
    - Change CA_CERTIFICATES_SITE to use $(BR2_DEBIAN_MIRROR) (suggested by Baruch Siach)
    - Clarify license usage in CA_CERTIFICATES_LICENSE (suggested by Baruch Siach)
---
 package/Config.in                          |    1 +
 package/ca-certificates/Config.in          |   11 +++++++++
 package/ca-certificates/ca-certificates.mk |   37 ++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 package/ca-certificates/Config.in
 create mode 100644 package/ca-certificates/ca-certificates.mk

diff --git a/package/Config.in b/package/Config.in
index 38db5de..f9739ba 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -471,6 +471,7 @@ endmenu
 
 menu "Crypto"
 source "package/beecrypt/Config.in"
+source "package/ca-certificates/Config.in"
 source "package/cryptodev/Config.in"
 source "package/gnutls/Config.in"
 source "package/libassuan/Config.in"
diff --git a/package/ca-certificates/Config.in b/package/ca-certificates/Config.in
new file mode 100644
index 0000000..a278a62
--- /dev/null
+++ b/package/ca-certificates/Config.in
@@ -0,0 +1,11 @@
+config BR2_PACKAGE_CA_CERTIFICATES
+	bool "CA Certificates"
+	help
+	  This package includes PEM files of CA certificates to allow
+	  SSL-based applications to check for the authenticity of SSL
+	  connections.
+
+	  It includes, among others, certificate authorities used by the
+	  Debian infrastructure and those shipped with Mozilla's browsers.
+
+	  http://anonscm.debian.org/gitweb/?p=collab-maint/ca-certificates.git
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
new file mode 100644
index 0000000..37ed746
--- /dev/null
+++ b/package/ca-certificates/ca-certificates.mk
@@ -0,0 +1,37 @@
+################################################################################
+#
+# ca-certificates
+#
+################################################################################
+
+CA_CERTIFICATES_VERSION = 20130906
+CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.gz
+CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20130907T154615Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python
+CA_CERTIFICATES_LICENSE = GPLv2+ (script), MPLv2.0 (data)
+CA_CERTIFICATES_LICENSE_FILES = debian/copyright
+
+define CA_CERTIFICATES_BUILD_CMDS
+	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
+endef
+
+define CA_CERTIFICATES_INSTALL_TARGET_CMDS
+	$(INSTALL) -d -m 0755 $(TARGET_DIR)/usr/share/ca-certificates
+	$(INSTALL) -d -m 0755 $(TARGET_DIR)/etc/ssl/certs
+	$(MAKE) -C $(@D) install DESTDIR=$(TARGET_DIR)
+	rm -f $(TARGET_DIR)/usr/sbin/update-ca-certificates
+
+	#remove any existing certificates under /etc/ssl/certs
+	rm -f  $(TARGET_DIR)/etc/ssl/certs/*
+
+	#create symlinks to certificates under /etc/ssl/certs
+	cd $(TARGET_DIR) ;\
+	for i in `find usr/share/ca-certificates -name "*.crt"` ; do \
+		ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\
+	done ;\
+
+	#create symlinks to the certificates by their hash values
+	$(HOST_DIR)/usr/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs
+endef
+
+$(eval $(generic-package))