mirror of
https://github.com/chromebrew/chromebrew.git
synced 2026-01-08 23:18:10 -05:00
126888df5e
* Fix false positive status in version.rb Strip off only leading non-numeric characters when extracting the version * Change gsub to sub
136 lines
5.5 KiB
Ruby
136 lines
5.5 KiB
Ruby
require 'package'
|
|
|
|
class Ca_certificates < Package
|
|
description 'Common CA Certificates PEM files'
|
|
homepage 'https://packages.debian.org/sid/ca-certificates'
|
|
version '20250419-ba3830f' # Do not replace version with @_ver, the install will break.
|
|
license 'MPL-1.1'
|
|
compatibility 'all'
|
|
source_url 'https://salsa.debian.org/debian/ca-certificates.git'
|
|
git_hashtag 'ba3830faf6207f6444827209915dcfc4ce44b272'
|
|
binary_compression 'tar.zst'
|
|
|
|
binary_sha256({
|
|
aarch64: 'db750e4fbb8ab23b7eabd9b5d651c4a4f178b9292b4ed7f7cae67ad58ae0a73a',
|
|
armv7l: 'db750e4fbb8ab23b7eabd9b5d651c4a4f178b9292b4ed7f7cae67ad58ae0a73a',
|
|
i686: 'c0d7694d19c6ebc510cccb009cedd194a167d93b0349304bad421d3c6ef1703b',
|
|
x86_64: '64d1ed4c1141089e835f141ba90017df1a3c631d44f9e86b62d9a93f7b5a55c1'
|
|
})
|
|
|
|
depends_on 'py3_cryptography' => :build
|
|
|
|
print_source_bashrc
|
|
|
|
def self.patch
|
|
# Patch from:
|
|
# https://gitweb.gentoo.org/repo/gentoo.git/plain/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch
|
|
File.write 'ca-certificates-20150426-root.patch', <<~'GENTOO_CA_CERT_HEREDOC'
|
|
--- a/sbin/update-ca-certificates 2025-05-01 00:06:58.282420314 +0800
|
|
+++ b/sbin/update-ca-certificates 2025-05-01 00:07:00.752420448 +0800
|
|
@@ -30,6 +30,8 @@
|
|
CERTBUNDLE=ca-certificates.crt
|
|
ETCCERTSDIR=/etc/ssl/certs
|
|
HOOKSDIR=/etc/ca-certificates/update.d
|
|
+ROOT=""
|
|
+RELPATH=""
|
|
|
|
while [ $# -gt 0 ];
|
|
do
|
|
@@ -67,13 +69,25 @@
|
|
LOCALCERTSDIR="$1/${LOCALCERTSDIR}"
|
|
ETCCERTSDIR="$1/${ETCCERTSDIR}"
|
|
HOOKSDIR="$1/${HOOKSDIR}";;
|
|
+ --root|-r)
|
|
+ shift
|
|
+ # Needed as c_rehash wants to read the files directly.
|
|
+ # This gets us from $CERTSCONF to $CERTSDIR.
|
|
+ RELPATH="../../.."
|
|
+ ROOT=$(readlink -f "$1");;
|
|
--help|-h|*)
|
|
- echo "$0: [--verbose] [--fresh]"
|
|
+ echo "$0: [--verbose] [--fresh] [--root <dir>]"
|
|
exit;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
+CERTSCONF="$ROOT$CERTSCONF"
|
|
+CERTSDIR="$ROOT$CERTSDIR"
|
|
+LOCALCERTSDIR="$ROOT$LOCALCERTSDIR"
|
|
+ETCCERTSDIR="$ROOT$ETCCERTSDIR"
|
|
+HOOKSDIR="$ROOT$HOOKSDIR"
|
|
+
|
|
if [ ! -s "$CERTSCONF" ]
|
|
then
|
|
fresh=1
|
|
@@ -102,7 +116,7 @@
|
|
-e 's/,/_/g').pem"
|
|
if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
|
|
then
|
|
- ln -sf "$CERT" "$PEM"
|
|
+ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM"
|
|
echo "+$PEM" >> "$ADDED"
|
|
fi
|
|
# Add trailing newline to certificate, if it is missing (#635570)
|
|
GENTOO_CA_CERT_HEREDOC
|
|
|
|
system 'patch -p1 -i ca-certificates-20150426-root.patch'
|
|
|
|
system "sed -i 's,/usr/share/ca-certificates,#{CREW_PREFIX}/share/ca-certificates,g' \
|
|
Makefile sbin/update-ca-certificates"
|
|
system "sed -i 's,CERTSCONF=/etc/ca-certificates.conf,CERTSCONF=#{CREW_PREFIX}/etc/ca-certificates.conf,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i 's,ETCCERTSDIR=/etc/ssl/certs,ETCCERTSDIR=#{CREW_PREFIX}/etc/ssl/certs,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i 's,HOOKSDIR=/etc/ca-certificates/update.d,HOOKSDIR=#{CREW_PREFIX}/etc/ca-certificates/update.d,g' \
|
|
sbin/update-ca-certificates"
|
|
system "sed -i '/restorecon/d' sbin/update-ca-certificates"
|
|
system "sed -i 's,/usr/sbin,#{CREW_PREFIX}/bin,g' sbin/Makefile"
|
|
end
|
|
|
|
def self.build
|
|
system 'make'
|
|
end
|
|
|
|
def self.install
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/etc/ssl/certs/")
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/bin")
|
|
FileUtils.mkdir_p("#{CREW_DEST_PREFIX}/share/ca-certificates/")
|
|
system "make DESTDIR=#{CREW_DEST_DIR} install"
|
|
|
|
File.write "#{CREW_DEST_PREFIX}/etc/ca-certificates.conf", <<~CA_CERT_CONF_HEREDOC
|
|
# Automatically generated by Chromebrew package #{Module.nesting.first}
|
|
# from ca-certificates-debian-#{version.split('-').first}
|
|
# and from https://hg.mozilla.org/releases/mozilla-beta/rev/#{@mozilla_git_tag}
|
|
# #{Time.now}
|
|
# Do not edit.
|
|
CA_CERT_CONF_HEREDOC
|
|
|
|
File.write '08-ca-certificates', <<~CA_CERT_ENVD_HEREDOC
|
|
# Set the ssl certificates path for ruby.
|
|
SSL_CERT_DIR="${CREW_PREFIX}/etc/ssl/certs"
|
|
SSL_CERT_FILE="${CREW_PREFIX}/etc/ssl/certs/ca-certificates.crt"
|
|
CA_CERT_ENVD_HEREDOC
|
|
FileUtils.install '08-ca-certificates', "#{CREW_DEST_PREFIX}/etc/env.d/08-ca-certificates", mode: 0o644
|
|
|
|
system "find * -name '*.crt' | LC_ALL=C sort | sed '/examples/d' >> #{CREW_DEST_PREFIX}/etc/ca-certificates.conf", chdir: "#{CREW_DEST_PREFIX}/share/ca-certificates"
|
|
|
|
system "sbin/update-ca-certificates --hooksdir '' --root #{CREW_DEST_DIR} --certsconf #{CREW_PREFIX}/etc/ca-certificates.conf"
|
|
Dir.glob("#{CREW_DEST_PREFIX}/share/ca-certificates/mozilla/*.crt") do |cert_file|
|
|
cert_basename = File.basename(cert_file, '.crt')
|
|
FileUtils.ln_sf "#{CREW_PREFIX}/share/ca-certificates/mozilla/#{cert_basename}.crt",
|
|
"#{CREW_DEST_PREFIX}/etc/ssl/certs/#{cert_basename}.pem"
|
|
end
|
|
end
|
|
|
|
# This isn't run from install.sh, but that's ok. This is for cleanup if updated after an install.
|
|
def self.postinstall
|
|
# Do not call system update-ca-certificates as that tries to update certs in /etc .
|
|
if File.file?("#{CREW_PREFIX}/bin/update-ca-certificates")
|
|
system "#{CREW_PREFIX}/bin/update-ca-certificates --fresh --certsconf #{CREW_PREFIX}/etc/ca-certificates.conf"
|
|
else
|
|
puts "#{CREW_PREFIX}/bin/update-ca-certificates is missing!".lightred
|
|
end
|
|
end
|
|
end
|