{"id":2220628,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2220628/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260407-generate-cyclonedx-br-v1-3-03c45ccba2ed@cherry.de/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260407-generate-cyclonedx-br-v1-3-03c45ccba2ed@cherry.de>","date":"2026-04-07T17:37:09","name":"[3/4] package/ca-certificates: enable host package variant","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"47b2e083dc4b0d44b54b25460e8ed749438fe900","submitter":{"id":83602,"url":"http://patchwork.ozlabs.org/api/1.1/people/83602/?format=json","name":"Quentin Schulz","email":"foss+buildroot@0leil.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260407-generate-cyclonedx-br-v1-3-03c45ccba2ed@cherry.de/mbox/","series":[{"id":499014,"url":"http://patchwork.ozlabs.org/api/1.1/series/499014/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=499014","date":"2026-04-07T17:37:07","name":"make utils/generate-cyclonedx runnable with Buildroot host packages","version":1,"mbox":"http://patchwork.ozlabs.org/series/499014/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2220628/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2220628/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Dxw2HPcK;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fqtgW1sVYz1xtJ\n\tfor ;\n Wed, 08 Apr 2026 03:37:27 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id DB32360DDB;\n\tTue, 7 Apr 2026 17:37:25 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id OnULlKlnfFsC; Tue, 7 Apr 2026 17:37:24 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id DB05B60DCB;\n\tTue, 7 Apr 2026 17:37:23 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n by lists1.osuosl.org (Postfix) with ESMTP id 9EC8C237\n for ; Tue, 7 Apr 2026 17:37:19 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 84D8940C21\n for ; Tue, 7 Apr 2026 17:37:19 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id lPccKjjfCNt8 for ;\n Tue, 7 Apr 2026 17:37:18 +0000 (UTC)","from smtp-bc0a.mail.infomaniak.ch (smtp-bc0a.mail.infomaniak.ch\n [45.157.188.10])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 4804B40583\n for ; Tue, 7 Apr 2026 17:37:18 +0000 (UTC)","from smtp-3-0001.mail.infomaniak.ch (unknown\n [IPv6:2001:1600:4:17::246c])\n by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4fqtgJ2CJMz9VF;\n Tue, 7 Apr 2026 19:37:16 +0200 (CEST)","from unknown by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA\n id 4fqtgH55KGzxpd; Tue, 7 Apr 2026 19:37:15 +0200 (CEST)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org DB05B60DCB","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4804B40583"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1775583444;\n\tbh=nk3hps9IXuUfHDOJsNZR2kvQA2E2Wj+lcFqPXloTbaU=;\n\th=Date:References:In-Reply-To:To:Cc:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From:Reply-To:From;\n\tb=Dxw2HPcKGLutRs1M/eH/+l9q4LNhNoptKPJUMwrqnkm6zThhgRSwRFrg3WeJ3hHcx\n\t e0W4tAVDKAda0Ffuc/L3HZM5tVNpKTTWbe3XSrSB2ATT+z98rP4Z5bSbwDt123SEXp\n\t pBC9In17CAt9AuA7YpQLWUswZNAnz9ywuVo7NSI/ME20EqUAsmWoq4Aw3eC4dVXbqs\n\t Yg/H/YAW4t8MgMIZVDWyRubwNsFysDjDtWmdtLbL0JuCKXm4XBXqUsHYEJRr3GutFi\n\t 5n1m9ys+vcJCwUAb3PGX2Ez0prwOCr1vd7m7t19Tv8LBqWyzZAVfD5qQFEMeWgxqFC\n\t aSDTKMUh3JXgQ==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=45.157.188.10;\n helo=smtp-bc0a.mail.infomaniak.ch; envelope-from=foss+buildroot@0leil.net;\n receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 4804B40583","Date":"Tue, 07 Apr 2026 19:37:09 +0200","MIME-Version":"1.0","Message-Id":"<20260407-generate-cyclonedx-br-v1-3-03c45ccba2ed@cherry.de>","References":"<20260407-generate-cyclonedx-br-v1-0-03c45ccba2ed@cherry.de>","In-Reply-To":"<20260407-generate-cyclonedx-br-v1-0-03c45ccba2ed@cherry.de>","To":"buildroot@buildroot.org","Cc":"Thomas Perale , Martin Bark ,\n Thomas Petazzoni ,\n Quentin Schulz ","X-Mailer":"b4 0.15-dev-47773","X-Infomaniak-Routing":"alpha","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=0leil.net; s=20231125; t=1775583436;\n bh=rx+MXtVijcKc7+GL0k1pc95BUavReMmv+pTLUPfQMVk=;\n h=From:Date:Subject:References:In-Reply-To:To:Cc:From;\n b=Zq/I6sN0Ranqv2rfgLOdD1XVL/VtFEy1tSz3xFCWSCbya6r0d2NVNFzCQegx6GK+M\n +X3ALKDgY8dxRUyCWWZIK1h5G9oKmpEOkZjN7Nad+u/YVobALSXHYAFR46rXWc9nPU\n zV82Rr2IniVQdZB+J4Uzof1ft7e9v+nltdJLRVj2Yq2cq9/47TLB+REG/ltcxT8QU4\n saHzg62Hne1E5+EjeRIHJKe6sUfLAN5ZnoB+KeA707Abh6Oo6+mr/s8NzESLKif/gr\n Dx/JAFDCKnJDoB/mUKSBrj1PxRV0GA98tGrWmwNWPMt4bk0YWASuwdTE+vz8XaZNev\n 6ux2RmLZ4WDUQ==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=reject dis=none)\n header.from=0leil.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=0leil.net header.i=@0leil.net header.a=rsa-sha256\n header.s=20231125 header.b=Zq/I6sN0"],"Subject":"[Buildroot] [PATCH 3/4] package/ca-certificates: enable host\n package variant","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","From":"Quentin Schulz via buildroot ","Reply-To":"Quentin Schulz ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" "},"content":"From: Quentin Schulz \n\nThe host ca-certificates is needed to download the SPDX schema on\nCycloneDX's GitHub when using Buildroot's host Python, see\nurllib.request.urlretrieve(SPDX_SCHEMA_URL, SPDX_SCHEMA_PATH) in\nutils/generate-cyclonedx.\n\nNote that unlike the target package which uses a _TARGET_FINALIZE_HOOKS\nsince commit 2bc8e72bafed (\"package/ca-certificates: create the bundle\nas target-finalize hook\"), the host package doesn't have this option as\nthere's no such hook for host packages. Therefore, the target's\nCA_CERTIFICATES_INSTALL_TARGET_CMDS and CA_CERTIFICATES_GEN_BUNDLE are\nmerged and adapted into HOST_CA_CERTIFICATES_INSTALL_CMDS.\nThis of course has the same shortcomings as the target package had\nbefore commit 2bc8e72bafed (\"package/ca-certificates: create the bundle\nas target-finalize hook\").\nThe adaptations were:\n- replaced $(TARGET_MAKE_ENV) with $(HOST_MAKE_ENV)\n- replaced $(TARGET_DIR) to $(HOST_DIR)\n- replaced $(HOST_DIR)/usr with $(HOST_DIR)\n- replaced find usr/share/ca-certificates with find share/ca-certificates\n (since it's done from within $(HOST_DIR)\n\nSigned-off-by: Quentin Schulz \n---\n package/Config.in.host | 1 +\n package/ca-certificates/Config.in.host | 12 ++++++++++++\n package/ca-certificates/ca-certificates.mk | 30 ++++++++++++++++++++++++++++++\n 3 files changed, 43 insertions(+)","diff":"diff --git a/package/Config.in.host b/package/Config.in.host\nindex b990ce8b14..5365eddd5c 100644\n--- a/package/Config.in.host\n+++ b/package/Config.in.host\n@@ -14,6 +14,7 @@ menu \"Host utilities\"\n \tsource \"package/bmap-writer/Config.in.host\"\n \tsource \"package/bootgen/Config.in.host\"\n \tsource \"package/btrfs-progs/Config.in.host\"\n+\tsource \"package/ca-certificates/Config.in.host\"\n \tsource \"package/casync-nano/Config.in.host\"\n \tsource \"package/cbootimage/Config.in.host\"\n \tsource \"package/checkpolicy/Config.in.host\"\ndiff --git a/package/ca-certificates/Config.in.host b/package/ca-certificates/Config.in.host\nnew file mode 100644\nindex 0000000000..950f5854dc\n--- /dev/null\n+++ b/package/ca-certificates/Config.in.host\n@@ -0,0 +1,12 @@\n+config BR2_PACKAGE_HOST_CA_CERTIFICATES\n+\tbool \"Host CA Certificates\"\n+\thelp\n+\t This package includes PEM files of CA certificates to allow\n+\t SSL-based applications to check for the authenticity of SSL\n+\t connections on the host.\n+\n+\t It includes, among others, certificate authorities used by the\n+\t Debian infrastructure and those shipped with Mozilla's\n+\t browsers.\n+\n+\t https://salsa.debian.org/debian/ca-certificates\ndiff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk\nindex b1903f6166..bcf645b767 100644\n--- a/package/ca-certificates/ca-certificates.mk\n+++ b/package/ca-certificates/ca-certificates.mk\n@@ -8,6 +8,7 @@ CA_CERTIFICATES_VERSION = 20250419\n CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz\n CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20250419T084132Z/pool/main/c/ca-certificates\n CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3\n+HOST_CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3\n CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)\n CA_CERTIFICATES_LICENSE_FILES = debian/copyright\n \n@@ -43,4 +44,33 @@ define CA_CERTIFICATES_GEN_BUNDLE\n endef\n CA_CERTIFICATES_TARGET_FINALIZE_HOOKS += CA_CERTIFICATES_GEN_BUNDLE\n \n+define HOST_CA_CERTIFICATES_BUILD_CMDS\n+\t$(HOST_MAKE_ENV) $(MAKE) -C $(@D) clean all\n+endef\n+\n+define HOST_CA_CERTIFICATES_INSTALL_CMDS\n+\t$(INSTALL) -d -m 0755 $(HOST_DIR)/share/ca-certificates\n+\t$(INSTALL) -d -m 0755 $(HOST_DIR)/etc/ssl/certs\n+\t$(HOST_MAKE_ENV) $(MAKE) -C $(@D) install DESTDIR=$(HOST_DIR)\n+\trm -f $(HOST_DIR)/sbin/update-ca-certificates\n+\t# Remove any existing certificates under /etc/ssl/certs\n+\trm -f $(HOST_DIR)/etc/ssl/certs/*\n+\n+\t# Create symlinks to certificates under /etc/ssl/certs\n+\t# and generate the bundle\n+\tcd $(HOST_DIR) ;\\\n+\tfor i in `find share/ca-certificates -name \"*.crt\" | LC_COLLATE=C sort` ; do \\\n+\t\tln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\\\n+\t\tcat $$i ;\\\n+\tdone >$(BUILD_DIR)/ca-certificates.crt\n+\n+\t# Create symlinks to the certificates by their hash values\n+\t$(HOST_DIR)/bin/c_rehash $(HOST_DIR)/etc/ssl/certs\n+\n+\t# Install the certificates bundle\n+\t$(INSTALL) -D -m 644 $(BUILD_DIR)/ca-certificates.crt \\\n+\t\t$(HOST_DIR)/etc/ssl/certs/ca-certificates.crt\n+endef\n+\n $(eval $(generic-package))\n+$(eval $(host-generic-package))\n","prefixes":["3/4"]}