[oe-commits] [openembedded-core] 53/59: openssl: Ensure SSL certificates are stored on sysconfdir
git at git.openembedded.org
git at git.openembedded.org
Thu May 18 12:15:35 UTC 2017
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch krogoth
in repository openembedded-core.
commit 735f4528b5046024f118658cda8ee340ff8aa082
Author: Otavio Salvador <otavio at ossystems.com.br>
AuthorDate: Mon May 23 17:45:27 2016 -0300
openssl: Ensure SSL certificates are stored on sysconfdir
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-connectivity/openssl/openssl.inc | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a10c45e..20dd740 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
# package RRECOMMENDS on this package. This will enable the configuration
# file to be installed for both the base openssl package and the libcrypto
# package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
RRECOMMENDS_libcrypto += "openssl-conf"
RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
@@ -185,6 +185,17 @@ do_install () {
else
rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
fi
+
+ # Create SSL structure
+ install -d ${D}${sysconfdir}/ssl/
+ mv ${D}${libdir}/ssl/openssl.cnf \
+ ${D}${libdir}/ssl/certs \
+ ${D}${libdir}/ssl/private \
+ \
+ ${D}${sysconfdir}/ssl/
+ ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+ ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
}
do_install_ptest () {
@@ -198,7 +209,7 @@ do_install_ptest () {
cp -r certs ${D}${PTEST_PATH}
mkdir -p ${D}${PTEST_PATH}/apps
ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps
- ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+ ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps
cp apps/server2.pem ${D}${PTEST_PATH}/apps
mkdir -p ${D}${PTEST_PATH}/util
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list