Substitute path to openssl more thoroughly This package can depend on builtin openssl or pkgsrc openssl. However, it had paths from the base system hardcoded. Be more thorough about using builtin vs pkgsrc paths. This is a minimal change to use builtin/pkgsrc paths; future commits will note latent issues uncovered in the process. Based on a report to pkgsrc-users by J. Lewis Muir.diff -r1.26 -r1.27 pkgsrc/security/mozilla-rootcerts/Makefile
(gdt)
@@ -1,43 +1,44 @@ | @@ -1,43 +1,44 @@ | |||
1 | # $NetBSD: Makefile,v 1.26 2017/03/15 18:52:55 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.27 2017/06/19 00:10:21 gdt Exp $ | |
2 | 2 | |||
3 | DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} | 3 | DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} | |
4 | PKGREVISION= 2 | 4 | PKGREVISION= 3 | |
5 | CATEGORIES= security | 5 | CATEGORIES= security | |
6 | MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt | 6 | MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt | |
7 | DISTFILES= ${CERTDATA} | 7 | DISTFILES= ${CERTDATA} | |
8 | EXTRACT_SUFX= # empty | 8 | EXTRACT_SUFX= # empty | |
9 | 9 | |||
10 | MAINTAINER= pkgsrc-users@NetBSD.org | 10 | MAINTAINER= pkgsrc-users@NetBSD.org | |
11 | HOMEPAGE= https://hg.mozilla.org/mozilla-central/log/tip/security/nss/lib/ckfw/builtins/certdata.txt | 11 | HOMEPAGE= https://hg.mozilla.org/mozilla-central/log/tip/security/nss/lib/ckfw/builtins/certdata.txt | |
12 | COMMENT= Root CA certificates from the Mozilla Project | 12 | COMMENT= Root CA certificates from the Mozilla Project | |
13 | LICENSE= mpl-2.0 | 13 | LICENSE= mpl-2.0 | |
14 | 14 | |||
15 | USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run | 15 | USE_TOOLS= awk:run echo:run expr:run ln:run ls:run openssl:run rm:run mkdir:run | |
16 | 16 | |||
17 | # This must be kept in sync with security/mozilla-rootcerts-openssl | 17 | # This must be kept in sync with security/mozilla-rootcerts-openssl | |
18 | CERTDATA_DATE= 20170121 | 18 | CERTDATA_DATE= 20170121 | |
19 | CERTDATA= certdata-${CERTDATA_DATE}.txt | 19 | CERTDATA= certdata-${CERTDATA_DATE}.txt | |
20 | 20 | |||
21 | WRKSRC= ${WRKDIR} | 21 | WRKSRC= ${WRKDIR} | |
22 | DATADIR= ${PREFIX}/share/${PKGBASE} | 22 | DATADIR= ${PREFIX}/share/${PKGBASE} | |
23 | 23 | |||
24 | # Set paths depending on whether we depend on builtin or pkgsrc openssl. | |||
24 | CHECK_BUILTIN.openssl= yes | 25 | CHECK_BUILTIN.openssl= yes | |
25 | .include "../../security/openssl/builtin.mk" | 26 | .include "../../security/openssl/builtin.mk" | |
26 | CHECK_BUILTIN.openssl= no | 27 | CHECK_BUILTIN.openssl= no | |
27 | .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | 28 | .if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) | |
28 | SSLDIR= /etc/openssl/certs | 29 | SSLDIR= /etc/openssl | |
29 | .else | 30 | .else | |
30 | SSLDIR= ${PKG_SYSCONFDIR}/openssl/certs | 31 | SSLDIR= ${PKG_SYSCONFDIR}/openssl | |
31 | .endif | 32 | .endif | |
32 | 33 | |||
33 | CERT_SCRIPT= mozilla-rootcerts.sh | 34 | CERT_SCRIPT= mozilla-rootcerts.sh | |
34 | 35 | |||
35 | SUBST_CLASSES= paths | 36 | SUBST_CLASSES= paths | |
36 | SUBST_MESSAGE.paths= Replacing hard-coded paths. | 37 | SUBST_MESSAGE.paths= Replacing hard-coded paths. | |
37 | SUBST_STAGE.paths= post-configure | 38 | SUBST_STAGE.paths= post-configure | |
38 | SUBST_FILES.paths= ${CERT_SCRIPT} | 39 | SUBST_FILES.paths= ${CERT_SCRIPT} | |
39 | SUBST_VARS.paths= AWK ECHO EXPR LN LOCALBASE LS RM DATADIR MKDIR SSLDIR | 40 | SUBST_VARS.paths= AWK ECHO EXPR LN LOCALBASE LS RM DATADIR MKDIR SSLDIR | |
40 | SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g' | 41 | SUBST_SED.paths= -e 's,@OPENSSL@,${TOOLS_PATH.openssl},g' | |
41 | 42 | |||
42 | INSTALLATION_DIRS= sbin ${DATADIR} | 43 | INSTALLATION_DIRS= sbin ${DATADIR} | |
43 | 44 |
@@ -1,39 +1,39 @@ | @@ -1,39 +1,39 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh | |
2 | # | 2 | # | |
3 | # $NetBSD: mozilla-rootcerts.sh,v 1.13 2017/03/15 18:52:56 jperkin Exp $ | 3 | # $NetBSD: mozilla-rootcerts.sh,v 1.14 2017/06/19 00:10:21 gdt Exp $ | |
4 | # | 4 | # | |
5 | # This script is meant to be used as follows: | 5 | # This script is meant to be used as follows: | |
6 | # | 6 | # | |
7 | # # cd /etc/openssl/certs | 7 | # # cd /etc/openssl/certs | |
8 | # # mozilla-rootcerts extract | 8 | # # mozilla-rootcerts extract | |
9 | # # mozilla-rootcerts rehash | 9 | # # mozilla-rootcerts rehash | |
10 | # | 10 | # | |
11 | 11 | |||
12 | : ${AWK=@AWK@} | 12 | : ${AWK=@AWK@} | |
13 | : ${ECHO=@ECHO@} | 13 | : ${ECHO=@ECHO@} | |
14 | : ${EXPR=@EXPR@} | 14 | : ${EXPR=@EXPR@} | |
15 | : ${LN=@LN@} | 15 | : ${LN=@LN@} | |
16 | : ${LS=@LS@} | 16 | : ${LS=@LS@} | |
17 | : ${MKDIR=@MKDIR@} | 17 | : ${MKDIR=@MKDIR@} | |
18 | : ${OPENSSL=@OPENSSL@} | 18 | : ${OPENSSL=@OPENSSL@} | |
19 | : ${SSLDIR=@SSLDIR@} | 19 | : ${SSLDIR=@SSLDIR@} | |
20 | : ${RM=@RM@} | 20 | : ${RM=@RM@} | |
21 | 21 | |||
22 | self="@LOCALBASE@/sbin/mozilla-rootcerts" | 22 | self="@LOCALBASE@/sbin/mozilla-rootcerts" | |
23 | certfile="@DATADIR@/certdata.txt" | 23 | certfile="@DATADIR@/certdata.txt" | |
24 | certdir="/etc/ssl/certs" | 24 | certdir=${SSLDIR}/certs | |
25 | destdir= | 25 | destdir= | |
26 | conffile="/etc/openssl/openssl.cnf" | 26 | conffile="@SSLDIR@/openssl.cnf" | |
27 | 27 | |||
28 | usage() | 28 | usage() | |
29 | { | 29 | { | |
30 | ${ECHO} 1>&2 "usage: $self [-d destdir] [-f certfile] extract|rehash|install" | 30 | ${ECHO} 1>&2 "usage: $self [-d destdir] [-f certfile] extract|rehash|install" | |
31 | exit $1 | 31 | exit $1 | |
32 | } | 32 | } | |
33 | 33 | |||
34 | while [ $# -gt 0 ]; do | 34 | while [ $# -gt 0 ]; do | |
35 | case "$1" in | 35 | case "$1" in | |
36 | -d) destdir="$2"; shift 2;; | 36 | -d) destdir="$2"; shift 2;; | |
37 | -f) certfile="$2"; shift 2 ;; | 37 | -f) certfile="$2"; shift 2 ;; | |
38 | --) shift; break ;; | 38 | --) shift; break ;; | |
39 | -*) ${ECHO} 1>&2 "$self: unknown option -- $1" | 39 | -*) ${ECHO} 1>&2 "$self: unknown option -- $1" | |
@@ -182,34 +182,34 @@ extract) | @@ -182,34 +182,34 @@ extract) | |||
182 | 182 | |||
183 | if (untrusted) { | 183 | if (untrusted) { | |
184 | print filename " untrusted" | 184 | print filename " untrusted" | |
185 | system("rm -f " filename) | 185 | system("rm -f " filename) | |
186 | } | 186 | } | |
187 | } | 187 | } | |
188 | }' | 188 | }' | |
189 | ;; | 189 | ;; | |
190 | install) | 190 | install) | |
191 | if [ `uname -s` = "NetBSD" ]; then | 191 | if [ `uname -s` = "NetBSD" ]; then | |
192 | # quell warnings for a missing config file | 192 | # quell warnings for a missing config file | |
193 | touch $destdir$conffile | 193 | touch $destdir$conffile | |
194 | fi | 194 | fi | |
195 | if [ ! -d $destdir$SSLDIR ]; then | 195 | if [ ! -d $destdir$certdir ]; then | |
196 | ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR does not exist, aborting." | 196 | ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting." | |
197 | exit 1 | 197 | exit 1 | |
198 | fi | 198 | fi | |
199 | cd $destdir$SSLDIR | 199 | cd $destdir$certdir | |
200 | if [ -n "`${LS}`" ]; then | 200 | if [ -n "`${LS}`" ]; then | |
201 | ${ECHO} 1>&2 "ERROR: $destdir$SSLDIR already contains certificates, aborting." | 201 | ${ECHO} 1>&2 "ERROR: $destdir$certdir already contains certificates, aborting." | |
202 | exit 1 | 202 | exit 1 | |
203 | fi | 203 | fi | |
204 | set -e | 204 | set -e | |
205 | $self extract | 205 | $self extract | |
206 | $self rehash | 206 | $self rehash | |
207 | set +e | 207 | set +e | |
208 | if [ -d $destdir$certdir ]; then | 208 | if [ -d $destdir$certdir ]; then | |
209 | ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." | 209 | ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." | |
210 | exit 1 | 210 | exit 1 | |
211 | fi | 211 | fi | |
212 | set -e | 212 | set -e | |
213 | $MKDIR $destdir$certdir | 213 | $MKDIR $destdir$certdir | |
214 | cat $destdir$SSLDIR/*.pem > $destdir$certdir/ca-certificates.crt | 214 | cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt | |
215 | esac | 215 | esac |