Mon Jun 19 00:10:21 2017 UTC ()
Substitute path to openssl more thoroughly

This package can depend on builtin openssl or pkgsrc openssl.
However, it had paths from the base system hardcoded.  Be more
thorough about using builtin vs pkgsrc paths.  This is a minimal
change to use builtin/pkgsrc paths; future commits will note latent
issues uncovered in the process.

Based on a report to pkgsrc-users by J. Lewis Muir.


(gdt)
diff -r1.26 -r1.27 pkgsrc/security/mozilla-rootcerts/Makefile
diff -r1.13 -r1.14 pkgsrc/security/mozilla-rootcerts/files/mozilla-rootcerts.sh
cvs diff -r1.26 -r1.27 pkgsrc/security/mozilla-rootcerts/Makefile (expand / switch to unified diff)

--- pkgsrc/security/mozilla-rootcerts/Makefile 2017/03/15 18:52:55 1.26
+++ pkgsrc/security/mozilla-rootcerts/Makefile 2017/06/19 00:10:21 1.27
@@ -1,43 +1,44 @@ @@ -1,43 +1,44 @@
1# $NetBSD: Makefile,v 1.26 2017/03/15 18:52:55 jperkin Exp $ 1# $NetBSD: Makefile,v 1.27 2017/06/19 00:10:21 gdt Exp $
2 2
3DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} 3DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE}
4PKGREVISION= 2 4PKGREVISION= 3
5CATEGORIES= security 5CATEGORIES= security
6MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt 6MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt
7DISTFILES= ${CERTDATA} 7DISTFILES= ${CERTDATA}
8EXTRACT_SUFX= # empty 8EXTRACT_SUFX= # empty
9 9
10MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
11HOMEPAGE= https://hg.mozilla.org/mozilla-central/log/tip/security/nss/lib/ckfw/builtins/certdata.txt 11HOMEPAGE= https://hg.mozilla.org/mozilla-central/log/tip/security/nss/lib/ckfw/builtins/certdata.txt
12COMMENT= Root CA certificates from the Mozilla Project 12COMMENT= Root CA certificates from the Mozilla Project
13LICENSE= mpl-2.0 13LICENSE= mpl-2.0
14 14
15USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run 15USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run
16 16
17# This must be kept in sync with security/mozilla-rootcerts-openssl 17# This must be kept in sync with security/mozilla-rootcerts-openssl
18CERTDATA_DATE= 20170121 18CERTDATA_DATE= 20170121
19CERTDATA= certdata-${CERTDATA_DATE}.txt 19CERTDATA= certdata-${CERTDATA_DATE}.txt
20 20
21WRKSRC= ${WRKDIR} 21WRKSRC= ${WRKDIR}
22DATADIR= ${PREFIX}/share/${PKGBASE} 22DATADIR= ${PREFIX}/share/${PKGBASE}
23 23
 24# Set paths depending on whether we depend on builtin or pkgsrc openssl.
24CHECK_BUILTIN.openssl= yes 25CHECK_BUILTIN.openssl= yes
25.include "../../security/openssl/builtin.mk" 26.include "../../security/openssl/builtin.mk"
26CHECK_BUILTIN.openssl= no 27CHECK_BUILTIN.openssl= no
27.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) 28.if !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
28SSLDIR= /etc/openssl/certs 29SSLDIR= /etc/openssl
29.else 30.else
30SSLDIR= ${PKG_SYSCONFDIR}/openssl/certs 31SSLDIR= ${PKG_SYSCONFDIR}/openssl
31.endif 32.endif
32 33
33CERT_SCRIPT= mozilla-rootcerts.sh 34CERT_SCRIPT= mozilla-rootcerts.sh
34 35
35SUBST_CLASSES= paths 36SUBST_CLASSES= paths
36SUBST_MESSAGE.paths= Replacing hard-coded paths. 37SUBST_MESSAGE.paths= Replacing hard-coded paths.
37SUBST_STAGE.paths= post-configure 38SUBST_STAGE.paths= post-configure
38SUBST_FILES.paths= ${CERT_SCRIPT} 39SUBST_FILES.paths= ${CERT_SCRIPT}
39SUBST_VARS.paths= AWK ECHO EXPR LN LOCALBASE LS RM DATADIR MKDIR SSLDIR 40SUBST_VARS.paths= AWK ECHO EXPR LN LOCALBASE LS RM DATADIR MKDIR SSLDIR
40SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g' 41SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g'
41 42
42INSTALLATION_DIRS= sbin ${DATADIR} 43INSTALLATION_DIRS= sbin ${DATADIR}
43 44
cvs diff -r1.13 -r1.14 pkgsrc/security/mozilla-rootcerts/files/mozilla-rootcerts.sh (expand / switch to unified diff)

--- pkgsrc/security/mozilla-rootcerts/files/mozilla-rootcerts.sh 2017/03/15 18:52:56 1.13
+++ pkgsrc/security/mozilla-rootcerts/files/mozilla-rootcerts.sh 2017/06/19 00:10:21 1.14
@@ -1,39 +1,39 @@ @@ -1,39 +1,39 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $NetBSD: mozilla-rootcerts.sh,v 1.13 2017/03/15 18:52:56 jperkin Exp $ 3# $NetBSD: mozilla-rootcerts.sh,v 1.14 2017/06/19 00:10:21 gdt Exp $
4# 4#
5# This script is meant to be used as follows: 5# This script is meant to be used as follows:
6# 6#
7# # cd /etc/openssl/certs 7# # cd /etc/openssl/certs
8# # mozilla-rootcerts extract 8# # mozilla-rootcerts extract
9# # mozilla-rootcerts rehash 9# # mozilla-rootcerts rehash
10# 10#
11 11
12: ${AWK=@AWK@} 12: ${AWK=@AWK@}
13: ${ECHO=@ECHO@} 13: ${ECHO=@ECHO@}
14: ${EXPR=@EXPR@} 14: ${EXPR=@EXPR@}
15: ${LN=@LN@} 15: ${LN=@LN@}
16: ${LS=@LS@} 16: ${LS=@LS@}
17: ${MKDIR=@MKDIR@} 17: ${MKDIR=@MKDIR@}
18: ${OPENSSL=@OPENSSL@} 18: ${OPENSSL=@OPENSSL@}
19: ${SSLDIR=@SSLDIR@} 19: ${SSLDIR=@SSLDIR@}
20: ${RM=@RM@} 20: ${RM=@RM@}
21 21
22self="@LOCALBASE@/sbin/mozilla-rootcerts" 22self="@LOCALBASE@/sbin/mozilla-rootcerts"
23certfile="@DATADIR@/certdata.txt" 23certfile="@DATADIR@/certdata.txt"
24certdir="/etc/ssl/certs" 24certdir=${SSLDIR}/certs
25destdir= 25destdir=
26conffile="/etc/openssl/openssl.cnf" 26conffile="@SSLDIR@/openssl.cnf"
27 27
28usage() 28usage()
29{ 29{
30 ${ECHO} 1>&2 "usage: $self [-d destdir] [-f certfile] extract|rehash|install" 30 ${ECHO} 1>&2 "usage: $self [-d destdir] [-f certfile] extract|rehash|install"
31 exit $1 31 exit $1
32} 32}
33 33
34while [ $# -gt 0 ]; do 34while [ $# -gt 0 ]; do
35 case "$1" in 35 case "$1" in
36 -d) destdir="$2"; shift 2;; 36 -d) destdir="$2"; shift 2;;
37 -f) certfile="$2"; shift 2 ;; 37 -f) certfile="$2"; shift 2 ;;
38 --) shift; break ;; 38 --) shift; break ;;
39 -*) ${ECHO} 1>&2 "$self: unknown option -- $1" 39 -*) ${ECHO} 1>&2 "$self: unknown option -- $1"
@@ -182,34 +182,34 @@ extract) @@ -182,34 +182,34 @@ extract)
182 182
183 if (untrusted) { 183 if (untrusted) {
184 print filename " untrusted" 184 print filename " untrusted"
185 system("rm -f " filename) 185 system("rm -f " filename)
186 } 186 }
187 } 187 }
188 }' 188 }'
189 ;; 189 ;;
190install) 190install)
191 if [ `uname -s` = "NetBSD" ]; then 191 if [ `uname -s` = "NetBSD" ]; then
192 # quell warnings for a missing config file 192 # quell warnings for a missing config file
193 touch $destdir$conffile 193 touch $destdir$conffile
194 fi 194 fi
195 if [ ! -d $destdir$SSLDIR ]; then 195 if [ ! -d $destdir$certdir ]; then
196 ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR does not exist, aborting." 196 ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting."
197 exit 1 197 exit 1
198 fi 198 fi
199 cd $destdir$SSLDIR 199 cd $destdir$certdir
200 if [ -n "`${LS}`" ]; then 200 if [ -n "`${LS}`" ]; then
201 ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR already contains certificates, aborting." 201 ${ECHO} 1>&2 "ERROR: $destdir$certdir already contains certificates, aborting."
202 exit 1 202 exit 1
203 fi 203 fi
204 set -e 204 set -e
205 $self extract 205 $self extract
206 $self rehash 206 $self rehash
207 set +e 207 set +e
208 if [ -d $destdir$certdir ]; then 208 if [ -d $destdir$certdir ]; then
209 ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." 209 ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting."
210 exit 1 210 exit 1
211 fi 211 fi
212 set -e 212 set -e
213 $MKDIR $destdir$certdir 213 $MKDIR $destdir$certdir
214 cat $destdir$SSLDIR/*.pem > $destdir$certdir/ca-certificates.crt 214 cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt
215esac 215esac