summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2008-08-16 03:04:23 +0000
committerRobin H. Johnson <robbat2@gentoo.org>2008-08-16 03:04:23 +0000
commitf15aabe04137cab4b97782b9ad2d321f6c8197c1 (patch)
treeebae14d04cef5ab6b8eb52f7e47436f587451ad5 /app-misc
parentVersion bump. (diff)
downloadgentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.tar.gz
gentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.tar.bz2
gentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.zip
Patch per bug #234816, give a warning for every broken symlink - as their existence can cause various SSL validation routines to fail.
(Portage version: 2.2_rc8/cvs/Linux 2.6.27-rc3-00277-g4ad193b i686)
Diffstat (limited to 'app-misc')
-rw-r--r--app-misc/ca-certificates/ChangeLog10
-rw-r--r--app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild70
-rw-r--r--app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch20
3 files changed, 99 insertions, 1 deletions
diff --git a/app-misc/ca-certificates/ChangeLog b/app-misc/ca-certificates/ChangeLog
index 51c522c5c9c0..e43fcbb84871 100644
--- a/app-misc/ca-certificates/ChangeLog
+++ b/app-misc/ca-certificates/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for app-misc/ca-certificates
# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.19 2008/06/10 18:00:30 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.20 2008/08/16 03:04:23 robbat2 Exp $
+
+*ca-certificates-20080514-r2 (16 Aug 2008)
+
+ 16 Aug 2008; Robin H. Johnson <robbat2@gentoo.org>
+ +files/ca-certificates-20080514-warn-on-bad-symlinks.patch,
+ +ca-certificates-20080514-r2.ebuild:
+ Patch per bug #234816, give a warning for every broken symlink - as their
+ existence can cause various SSL validation routines to fail.
10 Jun 2008; Robin H. Johnson <robbat2@gentoo.org>
ca-certificates-20080514-r1.ebuild:
diff --git a/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild
new file mode 100644
index 000000000000..7ce614da314f
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild
@@ -0,0 +1,70 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild,v 1.1 2008/08/16 03:04:23 robbat2 Exp $
+
+inherit eutils
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}_all.deb"
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd"
+IUSE=""
+
+DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )"
+RDEPEND="${DEPEND}
+ dev-libs/openssl
+ sys-apps/debianutils"
+
+S=${WORKDIR}
+
+src_unpack() {
+ unpack ${A}
+ unpack ./data.tar.gz
+ rm -f control.tar.gz data.tar.gz debian-binary
+ epatch "${FILESDIR}"/ca-certificates-20080514-warn-on-bad-symlinks.patch
+}
+
+pkg_setup() {
+ # For the conversion to having it in CONFIG_PROTECT_MASK,
+ # we need to tell users about it once manually first.
+ [[ -f /etc/env.d/98ca-certificates ]] \
+ || ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_install() {
+ cp -pPR * "${D}"/ || die "installing data failed"
+
+ (
+ echo "# Automatically generated by ${CAT}/${PF}"
+ echo "# $(date -u)"
+ echo "# Do not edit."
+ cd "${D}"/usr/share/ca-certificates
+ find . -name '*.crt' | sort | cut -b3-
+ ) > "${D}"/etc/ca-certificates.conf
+
+ mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die
+ prepalldocs
+ dodir /etc/env.d/
+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' \
+ >"${D}/etc/env.d/98ca-certificates"
+}
+
+pkg_postinst() {
+ local badcerts=0
+ for c in `find -L "${ROOT}"/etc/ssl/certs/ -type l`; do
+ ewarn "Broken symlink for a certificate at $c"
+ badcerts=1
+ done
+ if [[ $badcerts -eq 1 ]]; then
+ ewarn "You MUST remove the above broken symlinks"
+ ewarn "Otherwise any SSL validation that use the directory may fail!"
+ fi
+
+ [[ ${ROOT} != "/" ]] && return 0
+ # However it's too overzealous when the user has custom certs in place.
+ # --fresh is to clean up dangling symlinks
+ update-ca-certificates
+}
diff --git a/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch b/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch
new file mode 100644
index 000000000000..8c9c31abacea
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch
@@ -0,0 +1,20 @@
+https://bugs.gentoo.org/show_bug.cgi?id=234816
+
+Do not redirect error output from c_rehash in update-ca-certificates, as
+some errors, especially broken symlinks, can cause trouble for some
+applications like current openldap.
+
+2008-08-15 Martin von Gagern <Martin.vGagern@gmx.net>
+
+diff -ur work.orig/usr/sbin/update-ca-certificates work/usr/sbin/update-ca-certificates
+--- work.orig/usr/sbin/update-ca-certificates 2008-08-15 15:20:33.000000000 +0200
++++ work/usr/sbin/update-ca-certificates 2008-08-15 15:20:56.000000000 +0200
+@@ -83,7 +83,7 @@
+ # only run if set of files has changed
+
+ if [ "$verbose" = 0 ]; then
+- c_rehash . > /dev/null 2>&1
++ c_rehash . > /dev/null
+ else
+ c_rehash .
+ fi