From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WrPBp-0003h6-Ut for ptxdist@pengutronix.de; Mon, 02 Jun 2014 12:10:01 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1WrPBz-0002lu-8U for ptxdist@pengutronix.de; Mon, 02 Jun 2014 12:10:11 +0200 Date: Mon, 2 Jun 2014 12:10:11 +0200 From: Michael Olbrich Message-ID: <20140602101011.GO26228@pengutronix.de> References: <1400268737-5408-1-git-send-email-jon@ringle.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1400268737-5408-1-git-send-email-jon@ringle.org> Subject: Re: [ptxdist] [PATCH] libcurl: install /etc/ssl/certs/ca-bundle.crt Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Fri, May 16, 2014 at 03:32:17PM -0400, jon@ringle.org wrote: > From: Jon Ringle > > This will generate a ca-bundle.crt using mk-ca-bundle.pl and install it if > selected > > Signed-off-by: Jon Ringle > --- > rules/libcurl.in | 3 +++ > rules/libcurl.make | 33 ++++++++++++++++++++++++++++++++- > 2 files changed, 35 insertions(+), 1 deletion(-) > > diff --git a/rules/libcurl.in b/rules/libcurl.in > index 4ab928d..4be2416 100644 > --- a/rules/libcurl.in > +++ b/rules/libcurl.in > @@ -44,4 +44,7 @@ config LIBCURL_CRYPTO_AUTH > config LIBCURL_LIBSSH2 > bool "scp/sftp (via libssh2)" > > +config LIBCURL_CA_BUNDLE > + bool "install /etc/ssl/certs/ca-bundle.crt" > + > endif > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 1f2b566..0d07e3b 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -25,6 +25,28 @@ LIBCURL_URL := http://curl.haxx.se/download/$(LIBCURL).$(LIBCURL_SUFFIX) > LIBCURL_SOURCE := $(SRCDIR)/$(LIBCURL).$(LIBCURL_SUFFIX) > LIBCURL_DIR := $(BUILDDIR)/$(LIBCURL) > > +CERTDATA := certdata.txt > +CERTDATA_URL := http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/$(CERTDATA)?raw=1 This file is over 2 years old. I'm not a expert when it comes to certificates, but this seems rather outdated. If we add certificate support, then I want to be able to keep it up to date. Michael > +CERTDATA_SOURCE := $(SRCDIR)/$(CERTDATA) > +$(CERTDATA_SOURCE) := CERTDATA > + > +# ---------------------------------------------------------------------------- > +# Extract > +# ---------------------------------------------------------------------------- > + > +$(STATEDIR)/libcurl.extract: > + @$(call targetinfo) > + @$(call clean, $(LIBCURL_DIR)) > + @$(call extract, LIBCURL, $(BUILDDIR)) > + @$(call patchin, LIBCURL, $(LIBCURL_DIR)) > +ifdef PTXCONF_LIBCURL_CA_BUNDLE > + @$(call get, CERTDATA) > + @cd $(LIBCURL_DIR); \ > + ln -s $(CERTDATA_SOURCE) ; \ > + $(LIBCURL_DIR)/lib/mk-ca-bundle.pl -n -u $(LIBCURL_DIR)/ca-bundle.crt > +endif > + @$(call touch) > + > # ---------------------------------------------------------------------------- > # Prepare > # ---------------------------------------------------------------------------- > @@ -62,7 +84,6 @@ LIBCURL_AUTOCONF := \ > --without-gssapi \ > --without-gnutls \ > --without-nss \ > - --without-ca-bundle \ > --without-ca-path \ > --without-libidn \ > --without-axtls \ > @@ -75,6 +96,12 @@ LIBCURL_AUTOCONF := \ > --$(call ptx/endis, PTXCONF_LIBCURL_CRYPTO_AUTH)-crypto-auth \ > --$(call ptx/endis, PTXCONF_LIBCURL_LIBSSH2)-libssh2 > > +ifdef PTXCONF_LIBCURL_CA_BUNDLE > +LIBCURL_AUTOCONF += --with-ca-bundle=/etc/ssl/certs/ca-bundle.crt > +else > +LIBCURL_AUTOCONF += --without-ca-bundle > +endif > + > ifdef PTXCONF_LIBCURL_SSL > LIBCURL_AUTOCONF += --with-ssl=$(SYSROOT) > else > @@ -97,6 +124,10 @@ $(STATEDIR)/libcurl.targetinstall: > ifdef PTXCONF_LIBCURL_CURL > @$(call install_copy, libcurl, 0, 0, 0755, -, /usr/bin/curl) > endif > + > +ifdef PTXCONF_LIBCURL_CA_BUNDLE > + @$(call install_copy, libcurl, 0, 0, 0444, $(LIBCURL_DIR)/ca-bundle.crt, /etc/ssl/certs/ca-bundle.crt) > +endif > @$(call install_lib, libcurl, 0, 0, 0644, libcurl) > > @$(call install_finish, libcurl) > -- > 1.8.5.4 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de