diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2008-08-16 03:04:23 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2008-08-16 03:04:23 +0000 |
commit | f15aabe04137cab4b97782b9ad2d321f6c8197c1 (patch) | |
tree | ebae14d04cef5ab6b8eb52f7e47436f587451ad5 /app-misc | |
parent | Version bump. (diff) | |
download | gentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.tar.gz gentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.tar.bz2 gentoo-2-f15aabe04137cab4b97782b9ad2d321f6c8197c1.zip |
Patch per bug #234816, give a warning for every broken symlink - as their existence can cause various SSL validation routines to fail.
(Portage version: 2.2_rc8/cvs/Linux 2.6.27-rc3-00277-g4ad193b i686)
Diffstat (limited to 'app-misc')
3 files changed, 99 insertions, 1 deletions
diff --git a/app-misc/ca-certificates/ChangeLog b/app-misc/ca-certificates/ChangeLog index 51c522c5c9c0..e43fcbb84871 100644 --- a/app-misc/ca-certificates/ChangeLog +++ b/app-misc/ca-certificates/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for app-misc/ca-certificates # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.19 2008/06/10 18:00:30 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.20 2008/08/16 03:04:23 robbat2 Exp $ + +*ca-certificates-20080514-r2 (16 Aug 2008) + + 16 Aug 2008; Robin H. Johnson <robbat2@gentoo.org> + +files/ca-certificates-20080514-warn-on-bad-symlinks.patch, + +ca-certificates-20080514-r2.ebuild: + Patch per bug #234816, give a warning for every broken symlink - as their + existence can cause various SSL validation routines to fail. 10 Jun 2008; Robin H. Johnson <robbat2@gentoo.org> ca-certificates-20080514-r1.ebuild: diff --git a/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild new file mode 100644 index 000000000000..7ce614da314f --- /dev/null +++ b/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20080514-r2.ebuild,v 1.1 2008/08/16 03:04:23 robbat2 Exp $ + +inherit eutils + +DESCRIPTION="Common CA Certificates PEM files" +HOMEPAGE="http://packages.debian.org/sid/ca-certificates" +SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}_all.deb" + +LICENSE="MPL-1.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~sparc-fbsd ~x86 ~x86-fbsd" +IUSE="" + +DEPEND="|| ( >=sys-apps/coreutils-6.10-r1 sys-apps/mktemp sys-freebsd/freebsd-ubin )" +RDEPEND="${DEPEND} + dev-libs/openssl + sys-apps/debianutils" + +S=${WORKDIR} + +src_unpack() { + unpack ${A} + unpack ./data.tar.gz + rm -f control.tar.gz data.tar.gz debian-binary + epatch "${FILESDIR}"/ca-certificates-20080514-warn-on-bad-symlinks.patch +} + +pkg_setup() { + # For the conversion to having it in CONFIG_PROTECT_MASK, + # we need to tell users about it once manually first. + [[ -f /etc/env.d/98ca-certificates ]] \ + || ewarn "You should run update-ca-certificates manually after etc-update" +} + +src_install() { + cp -pPR * "${D}"/ || die "installing data failed" + + ( + echo "# Automatically generated by ${CAT}/${PF}" + echo "# $(date -u)" + echo "# Do not edit." + cd "${D}"/usr/share/ca-certificates + find . -name '*.crt' | sort | cut -b3- + ) > "${D}"/etc/ca-certificates.conf + + mv "${D}"/usr/share/doc/{ca-certificates,${PF}} || die + prepalldocs + dodir /etc/env.d/ + echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' \ + >"${D}/etc/env.d/98ca-certificates" +} + +pkg_postinst() { + local badcerts=0 + for c in `find -L "${ROOT}"/etc/ssl/certs/ -type l`; do + ewarn "Broken symlink for a certificate at $c" + badcerts=1 + done + if [[ $badcerts -eq 1 ]]; then + ewarn "You MUST remove the above broken symlinks" + ewarn "Otherwise any SSL validation that use the directory may fail!" + fi + + [[ ${ROOT} != "/" ]] && return 0 + # However it's too overzealous when the user has custom certs in place. + # --fresh is to clean up dangling symlinks + update-ca-certificates +} diff --git a/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch b/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch new file mode 100644 index 000000000000..8c9c31abacea --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20080514-warn-on-bad-symlinks.patch @@ -0,0 +1,20 @@ +https://bugs.gentoo.org/show_bug.cgi?id=234816 + +Do not redirect error output from c_rehash in update-ca-certificates, as +some errors, especially broken symlinks, can cause trouble for some +applications like current openldap. + +2008-08-15 Martin von Gagern <Martin.vGagern@gmx.net> + +diff -ur work.orig/usr/sbin/update-ca-certificates work/usr/sbin/update-ca-certificates +--- work.orig/usr/sbin/update-ca-certificates 2008-08-15 15:20:33.000000000 +0200 ++++ work/usr/sbin/update-ca-certificates 2008-08-15 15:20:56.000000000 +0200 +@@ -83,7 +83,7 @@ + # only run if set of files has changed + + if [ "$verbose" = 0 ]; then +- c_rehash . > /dev/null 2>&1 ++ c_rehash . > /dev/null + else + c_rehash . + fi |