From owner-freebsd-gecko@FreeBSD.ORG Fri Feb 1 02:17:38 2013 Return-Path: Delivered-To: freebsd-gecko@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 4B6733E8 for ; Fri, 1 Feb 2013 02:17:38 +0000 (UTC) (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: from trillian.chruetertee.ch (trillian.chruetertee.ch [217.150.245.56]) by mx1.freebsd.org (Postfix) with ESMTP id CC06021E for ; Fri, 1 Feb 2013 02:17:37 +0000 (UTC) Received: from trillian.chruetertee.ch (trillian [217.150.245.56]) by trillian.chruetertee.ch (8.14.4/8.14.3) with ESMTP id r1124gcO048434 for ; Fri, 1 Feb 2013 02:04:42 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Received: (from www@localhost) by trillian.chruetertee.ch (8.14.4/8.14.3/Submit) id r1124bFA048085 for freebsd-gecko@freebsd.org; Fri, 1 Feb 2013 02:04:37 GMT (envelope-from svn-freebsd-gecko@chruetertee.ch) Date: Fri, 1 Feb 2013 02:04:37 GMT Message-Id: <201302010204.r1124bFA048085@trillian.chruetertee.ch> X-Authentication-Warning: trillian.chruetertee.ch: www set sender to svn-freebsd-gecko@chruetertee.ch using -f From: svn-freebsd-gecko@chruetertee.ch To: freebsd-gecko@freebsd.org Subject: [SVN-Commit] r1153 - trunk/security/ca_root_nss MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: freebsd-gecko@freebsd.org List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Feb 2013 02:17:38 -0000 Author: jbeich Date: Fri Feb 1 02:04:36 2013 New Revision: 1153 Log: turn recently added openssl dependency into an option A .0 is required[1] in order for OpenSSL to pick up a certificate from, say, /etc/ssl/certs or /usr/local/openssl/certs. However, if CERTDIR is neither of those directories (default) or a user disabled OPENSSL in src.conf and haven't installed security/openssl it makes no sense to have the link or call non-existing openssl(1). [1] http://gagravarr.org/writing/openssl-certs/others.shtml Modified: trunk/security/ca_root_nss/Makefile trunk/security/ca_root_nss/pkg-plist Modified: trunk/security/ca_root_nss/Makefile ============================================================================== --- trunk/security/ca_root_nss/Makefile Thu Jan 31 19:36:04 2013 (r1152) +++ trunk/security/ca_root_nss/Makefile Fri Feb 1 02:04:36 2013 (r1153) @@ -11,15 +11,15 @@ MAINTAINER= gecko@FreeBSD.org COMMENT= The root certificate bundle from the Mozilla Project -OPTIONS_DEFINE= ETCSYMLINK +OPTIONS_DEFINE= ETCSYMLINK OPENSSL ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem +OPENSSL_DESC= Add a hashed symlink for use with OpenSSL USE_PERL5_BUILD= yes NO_WRKSUBDIR= yes CERTDIR?= ${PREFIX}/share/certs -PLIST_SUB+= CERTDIR=${CERTDIR:S,^/,,} \ - CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)" +PLIST_SUB+= CERTDIR=${CERTDIR:S,^/,,} # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!! These versions are indented to track security/nss. !!! @@ -41,6 +41,13 @@ PLIST_SUB+= ETCSYMLINK="@comment " .endif +.if ${PORT_OPTIONS:MOPENSSL} +PLIST_SUB+= OPENSSL= \ + CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)" +.else +PLIST_SUB+= OPENSSL="@comment " +.endif + do-extract: @${MKDIR} ${WRKDIR} @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ @@ -57,14 +64,18 @@ @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ < ${WRKDIR}/certdata.txt > \ ${WRKDIR}/ca-root-nss.crt +.if ${PORT_OPTIONS:MOPENSSL} openssl x509 -hash -noout -in \ ${WRKDIR}/ca-root-nss.crt >${WRKDIR}/ca-root-nss.hash +.endif do-install: ${MKDIR} ${CERTDIR} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${CERTDIR} +.if ${PORT_OPTIONS:MOPENSSL} cd ${CERTDIR} && ${LN} -fs ca-root-nss.crt \ $$(cat ${WRKDIR}/ca-root-nss.hash).0 +.endif .if ${PORT_OPTIONS:METCSYMLINK} ${LN} -sf ${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem .endif Modified: trunk/security/ca_root_nss/pkg-plist ============================================================================== --- trunk/security/ca_root_nss/pkg-plist Thu Jan 31 19:36:04 2013 (r1152) +++ trunk/security/ca_root_nss/pkg-plist Fri Feb 1 02:04:36 2013 (r1153) @@ -1,5 +1,5 @@ @cwd / %%CERTDIR%%/ca-root-nss.crt -%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0 +%%OPENSSL%%%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0 @dirrmtry %%CERTDIR%% %%ETCSYMLINK%%etc/ssl/cert.pem