Use the whole system cert store rather than hardcoding a specific CA #534394.

(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key D2E96200)

2 files changed, 77 insertions, 1 deletions

diff --git a/net-misc/tlsdate/ChangeLog b/net-misc/tlsdate/ChangeLog
index 164305527930..29f6f9de953f 100644
--- a/net-misc/tlsdate/ChangeLog
+++ b/net-misc/tlsdate/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for net-misc/tlsdate
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/tlsdate/ChangeLog,v 1.15 2015/02/01 21:10:57 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tlsdate/ChangeLog,v 1.16 2015/02/14 04:54:32 vapier Exp $
+
+*tlsdate-0.0.12-r2 (14 Feb 2015)
+
+  14 Feb 2015; Mike Frysinger <vapier@gentoo.org> +tlsdate-0.0.12-r2.ebuild:
+  Use the whole system cert store rather than hardcoding a specific CA #534394.
 
   01 Feb 2015; Markus Meier <maekke@gentoo.org> tlsdate-0.0.12-r1.ebuild:
   arm stable, bug #538200
diff --git a/net-misc/tlsdate/tlsdate-0.0.12-r2.ebuild b/net-misc/tlsdate/tlsdate-0.0.12-r2.ebuild
new file mode 100644
index 000000000000..0f070d1e4b85
--- /dev/null
+++ b/net-misc/tlsdate/tlsdate-0.0.12-r2.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/tlsdate/tlsdate-0.0.12-r2.ebuild,v 1.1 2015/02/14 04:54:32 vapier Exp $
+
+EAPI="4"
+
+inherit autotools vcs-snapshot user
+
+DESCRIPTION="Update local time over HTTPS"
+HOMEPAGE="https://github.com/ioerror/tlsdate"
+SRC_URI="https://github.com/ioerror/tlsdate/tarball/${P} -> ${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~mips ~x86"
+IUSE="dbus +seccomp static-libs"
+
+DEPEND="dev-libs/openssl
+	dev-libs/libevent
+	dbus? ( sys-apps/dbus )"
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	# Use the system cert store rather than a custom one specific
+	# to the tlsdate package. #534394
+	sed -i \
+		-e 's:/tlsdate/ca-roots/tlsdate-ca-roots.conf:/ssl/certs/ca-certificates.crt:' \
+		Makefile.am || die
+
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		$(use_enable dbus) \
+		$(use_enable seccomp seccomp-filter) \
+		--disable-hardened-checks \
+		--without-polarssl \
+		--with-unpriv-user=tlsdate \
+		--with-unpriv-group=tlsdate
+}
+
+src_install() {
+	default
+
+	# Use Google servers by default rather than a random German site.
+	# They provide round robin DNS and local servers automatically.
+	sed -i \
+		-e 's:www.ptb.de:www.google.com:' \
+		"${ED}"/etc/tlsdate/tlsdated.conf || die
+
+	# Use the system cert store; see src_prepare. #446426 #534394
+	rm "${ED}"/etc/tlsdate/ca-roots/tlsdate-ca-roots.conf || die
+	rmdir "${ED}"/etc/tlsdate/ca-roots || die
+
+	newinitd "${FILESDIR}"/tlsdated.rc tlsdated
+	newconfd "${FILESDIR}"/tlsdated.confd tlsdated
+	newinitd "${FILESDIR}"/tlsdate.rc tlsdate
+	newconfd "${FILESDIR}"/tlsdate.confd tlsdate
+
+	insinto /etc/dbus-1/system.d/
+	doins dbus/org.torproject.tlsdate.conf
+
+	use static-libs || \
+		find "${ED}"/usr '(' -name '*.la' -o -name '*.a' ')' -delete
+}
+
+pkg_preinst() {
+	enewgroup tlsdate 124
+	enewuser tlsdate 124 -1 /dev/null tlsdate
+}