From: Martin Bark Date: Sat, 16 Jun 2018 22:05:59 +0000 (+0100) Subject: package/ca-certificates: don't hash certificates.crt X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=d07ddd8e4ed576dbce4c33ab006f342e24d3bd6b;p=buildroot.git package/ca-certificates: don't hash certificates.crt c_rehash looks at all files in /etc/ssl/certs, generates the hash for the certificates in them, and makes a symlink from the hash to the certificate file. However, ca-certificates.crt is also installed in /etc/ssl/certs and it contains all the certificates. c_rehash will take one of them (the first?) and create a symlink from that hash to ca-certificates.crt. Usually, this results in an error like: WARNING: Skipping duplicate certificate ca-certificates.crt and all is well. However, depending on filesystem order, ca-certificates.crt may come first, and the actual certificate is not symlinked. To fix this install certificates.crt to /etc/ssl/certs *after* we run c_rehash to prevent it getting hashed by mistake. Note: $(TARGET_DIR)/etc/ssl/certs/ is already removed during install so this fix also works for rebuilds. Signed-off-by: Martin Bark Signed-off-by: Arnout Vandecappelle (Essensium/Mind) --- diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk index c19d37788b..9685d0e6f0 100644 --- a/package/ca-certificates/ca-certificates.mk +++ b/package/ca-certificates/ca-certificates.mk @@ -33,11 +33,15 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS cd $(TARGET_DIR) ;\ for i in `find usr/share/ca-certificates -name "*.crt"` ; do \ ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\ - cat $$i >>etc/ssl/certs/ca-certificates.crt ;\ - done + cat $$i ;\ + done >$(@D)/ca-certificates.crt # Create symlinks to the certificates by their hash values $(HOST_DIR)/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs + + # Install the certificates bundle + $(INSTALL) -D -m 644 $(@D)/ca-certificates.crt \ + $(TARGET_DIR)/etc/ssl/certs/ca-certificates.crt endef $(eval $(generic-package))