mirror of
https://github.com/chromebrew/chromebrew.git
synced 2026-01-09 15:37:56 -05:00
f6dc1d8d4e
* Add binary_compression value to each package * Remove binary_url values and arrays * Handle packages with empty binary_sha256 arrays (either missing binaries or not compiled by us)
129 lines
5.4 KiB
Ruby
129 lines
5.4 KiB
Ruby
require 'package'
|
|
|
|
class Ca_certificates < Package
|
|
description 'Common CA Certificates PEM files'
|
|
homepage 'https://salsa.debian.org/debian/ca-certificates'
|
|
version '20230311' # Do not replace version with @_ver, the install will break.
|
|
license 'MPL-1.1'
|
|
compatibility 'all'
|
|
source_url 'https://salsa.debian.org/debian/ca-certificates.git'
|
|
git_hashtag '2c507f8c5aac8b50e35291739ffd40676ab08993'
|
|
binary_compression 'tar.zst'
|
|
|
|
binary_sha256({
|
|
aarch64: 'd2bdc9b48ea268489f2c3ef9ec7a1e2bdca4af60c355463a83bd66714d6cba72',
|
|
armv7l: 'd2bdc9b48ea268489f2c3ef9ec7a1e2bdca4af60c355463a83bd66714d6cba72',
|
|
i686: '7c8814ec22eef600c82ef5247df63d3d3a488976c9d7fbeed18bdbe287423079',
|
|
x86_64: 'ef0260e6c237ee2e23d1571973026a39f37aefb342fa68653777ca97466629e6'
|
|
})
|
|
|
|
depends_on 'py3_cryptography' => :build
|
|
|
|
no_patchelf
|
|
|
|
def self.patch
|
|
# Patch from:
|
|
# https://gitweb.gentoo.org/repo/gentoo.git/plain/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch
|
|
@gentoo_patch = <<~GENTOO_CA_CERT_HEREDOC
|
|
add a --root option so we can generate with DESTDIR installs
|
|
#{' '}
|
|
--- a/image/usr/sbin/update-ca-certificates
|
|
+++ b/image/usr/sbin/update-ca-certificates
|
|
@@ -30,6 +30,8 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
|
|
CERTBUNDLE=ca-certificates.crt
|
|
ETCCERTSDIR=/etc/ssl/certs
|
|
HOOKSDIR=/etc/ca-certificates/update.d
|
|
+ROOT=""
|
|
+RELPATH=""
|
|
#{' '}
|
|
while [ $# -gt 0 ];
|
|
do
|
|
@@ -59,13 +61,25 @@ do
|
|
--hooksdir)
|
|
shift
|
|
HOOKSDIR="$1";;
|
|
+ --root|-r)
|
|
+ shift
|
|
+ # Needed as c_rehash wants to read the files directly.
|
|
+ # This gets us from $CERTSCONF to $CERTSDIR.
|
|
+ RELPATH="../../.."
|
|
+ ROOT=$(readlink -f "$1");;
|
|
--help|-h|*)
|
|
- echo "$0: [--verbose] [--fresh]"
|
|
+ echo "$0: [--verbose] [--fresh] [--root <dir>]"
|
|
exit;;
|
|
esac
|
|
shift
|
|
done
|
|
#{' '}
|
|
+CERTSCONF="$ROOT$CERTSCONF"
|
|
+CERTSDIR="$ROOT$CERTSDIR"
|
|
+LOCALCERTSDIR="$ROOT$LOCALCERTSDIR"
|
|
+ETCCERTSDIR="$ROOT$ETCCERTSDIR"
|
|
+HOOKSDIR="$ROOT$HOOKSDIR"
|
|
+
|
|
if [ ! -s "$CERTSCONF" ]
|
|
then
|
|
fresh=1
|
|
@@ -94,7 +107,7 @@ add() {
|
|
-e 's/,/_/g').pem"
|
|
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
|
|
then
|
|
- ln -sf "$CERT" "$PEM"
|
|
+ ln -sf "${RELPATH}${CERT#{$ROOT}}" "$PEM"
|
|
echo "+$PEM" >> "$ADDED"
|
|
fi
|
|
# Add trailing newline to certificate, if it is missing (#635570)
|
|
GENTOO_CA_CERT_HEREDOC
|
|
File.write('ca-certificates-20150426-root.patch', @gentoo_patch)
|
|
system 'patch -p 3 < ca-certificates-20150426-root.patch'
|
|
|
|
system "sed -i 's,/usr/share/ca-certificates,#{CREW_PREFIX}/share/ca-certificates,g' \
|
|
Makefile"
|
|
system "sed -i 's,/usr/share/ca-certificates,#{CREW_PREFIX}/share/ca-certificates,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i 's,CERTSCONF=/etc/ca-certificates.conf,CERTSCONF=#{CREW_PREFIX}/etc/ca-certificates.conf,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i 's,ETCCERTSDIR=/etc/ssl/certs,ETCCERTSDIR=#{CREW_PREFIX}/etc/ssl/certs,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i 's,HOOKSDIR=/etc/ca-certificates/update.d,HOOKSDIR=#{CREW_PREFIX}/etc/ca-certificates/update.d,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i '/restorecon/d' sbin/update-ca-certificates"
|
|
system "sed -i 's,/usr/sbin,#{CREW_PREFIX}/bin,g' sbin/Makefile"
|
|
end
|
|
|
|
def self.build
|
|
system 'make'
|
|
end
|
|
|
|
def self.install
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/etc/ssl/certs/")
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/bin")
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/share/ca-certificates/")
|
|
system "make DESTDIR=#{CREW_DEST_DIR} install"
|
|
@date_temp = `date -u`.chomp
|
|
@ca_cert_conf = <<~CA_CERT_CONF_HEREDOC
|
|
# Automatically generated by Chromebrew package #{Module.nesting.first}
|
|
# from ca-certificates-debian-#{version}
|
|
# #{@date_temp}
|
|
# Do not edit.
|
|
CA_CERT_CONF_HEREDOC
|
|
File.write("#{CREW_DEST_PREFIX}/etc/ca-certificates.conf", @ca_cert_conf)
|
|
Dir.chdir "#{CREW_DEST_PREFIX}/share/ca-certificates" do
|
|
system "find * -name '*.crt' | LC_ALL=C sort | sed '/examples/d' >> #{CREW_DEST_PREFIX}/etc/ca-certificates.conf"
|
|
end
|
|
system "sbin/update-ca-certificates --hooksdir '' --root #{CREW_DEST_DIR} --certsconf #{CREW_PREFIX}/etc/ca-certificates.conf"
|
|
Dir.glob("#{CREW_DEST_PREFIX}/share/ca-certificates/mozilla/*.crt") do |cert_file|
|
|
@cert_basename = File.basename(cert_file, '.crt')
|
|
FileUtils.ln_sf "#{CREW_PREFIX}/share/ca-certificates/mozilla/#{@cert_basename}.crt",
|
|
"#{CREW_DEST_PREFIX}/etc/ssl/certs/#{@cert_basename}.pem"
|
|
end
|
|
end
|
|
|
|
# This isn't run from install.sh, but that's ok. This is for cleanup if updated after an install.
|
|
def self.postinstall
|
|
# Do not call system update-ca-certificates as that tries to update certs in /etc .
|
|
system "#{CREW_PREFIX}/bin/update-ca-certificates --fresh --certsconf #{CREW_PREFIX}/etc/ca-certificates.conf"
|
|
end
|
|
end
|