[oe-commits] [openembedded-core] 53/59: openssl: Ensure SSL certificates are stored on sysconfdir

git at git.openembedded.org git at git.openembedded.org
Thu May 18 12:15:35 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch krogoth
in repository openembedded-core.

commit 735f4528b5046024f118658cda8ee340ff8aa082
Author: Otavio Salvador <otavio at ossystems.com.br>
AuthorDate: Mon May 23 17:45:27 2016 -0300

    openssl: Ensure SSL certificates are stored on sysconfdir
    
    Debian and other generic distributions has moved the certificates for
    sysconfdir (/etc/ssl) and made the libdir content to link for it.
    
    This provides several advantages specially for read-only
    rootfs. Another benefit is that it ensures foreign implementations
    (e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
    the certificates) to find the content correctly.
    
    (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
    
    Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/recipes-connectivity/openssl/openssl.inc | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a10c45e..20dd740 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 
@@ -185,6 +185,17 @@ do_install () {
 	else
 		rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
 	fi
+
+	# Create SSL structure
+	install -d ${D}${sysconfdir}/ssl/
+	mv ${D}${libdir}/ssl/openssl.cnf \
+	   ${D}${libdir}/ssl/certs \
+	   ${D}${libdir}/ssl/private \
+	   \
+	   ${D}${sysconfdir}/ssl/
+	ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+	ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
 }
 
 do_install_ptest () {
@@ -198,7 +209,7 @@ do_install_ptest () {
 	cp -r certs ${D}${PTEST_PATH}
 	mkdir -p ${D}${PTEST_PATH}/apps
 	ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-	ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+	ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
 	ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
 	cp apps/server2.pem             ${D}${PTEST_PATH}/apps
 	mkdir -p ${D}${PTEST_PATH}/util

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list