From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
From: Bruno Thomsen <bth@kamstrup.com>
Date: Fri, 16 Jan 2015 11:10:43 +0000
Message-ID: <915054555B5659448ACF8A70E114824D0186C007DE@Exchange2010.kamstrup.dk>
References: <1418198663-9539-1-git-send-email-bth@kamstrup.dk>
	<20150112162108.GM26436@pengutronix.de>
In-Reply-To: <20150112162108.GM26436@pengutronix.de>
Content-Language: en-US
MIME-Version: 1.0
Subject: Re: [ptxdist] [PATCH] curl: install root CA certificates option
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: "m.olbrich@pengutronix.de" <m.olbrich@pengutronix.de>
Cc: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>


Hi Michael

Thanks for feedback. I have created 2 new patches that address the issues you have found.

> > +$(STATEDIR)/libcurl.extract:
> > +	@$(call targetinfo)
> > +	@$(call clean, $(LIBCURL_DIR))
> > +	@$(call extract, LIBCURL, $(BUILDDIR))
> > +	@$(call patchin, LIBCURL, $(LIBCURL_DIR))
> > +ifdef PTXCONF_LIBCURL_CA_BUNDLE
> > +	@$(LIBCURL_DIR)/lib/mk-ca-bundle.pl -i -d$(MOZ_CA_TREE) -v $(LIBCURL_DIR)/ca-bundle.crt
> > +endif
>
> No, not like this. Downloading an undefined version of a file during the
> build process is not acceptable.
>
> Add a second file to download (see rules/host-tz-database.make) how to do
> this) and use a URL that does not change, maybe the last tag:
> http://hg.mozilla.org/releases/mozilla-release/raw-file/FIREFOX_35_0_RELEASE/security/nss/lib/ckfw/builtins/certdata.txt

I have create a new host "certificate bundle downloader"-package (rules/host-certdata.make).

> Also, you need to 'select HOST_SYSTEM_PERL' in the .in file and running
> mk-ca-bundle.pl should be in the compile stage. Otherwise the dependencies
> are not handled correctly.

I have add dependency on HOST_SYSTEM_PERL and HOST_CERTDATA if LIBCURL_CA_BUNDLE is selected.
Moved mk-ca-bundle.pl call from extract to compile stage.

Bruno



-- 
ptxdist mailing list
ptxdist@pengutronix.de