Date: Fri, 1 Feb 2013 02:04:37 GMT From: svn-freebsd-gecko@chruetertee.ch To: freebsd-gecko@freebsd.org Subject: [SVN-Commit] r1153 - trunk/security/ca_root_nss Message-ID: <201302010204.r1124bFA048085@trillian.chruetertee.ch>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Fri Feb 1 02:04:36 2013 New Revision: 1153 Log: turn recently added openssl dependency into an option A <hash>.0 is required[1] in order for OpenSSL to pick up a certificate from, say, /etc/ssl/certs or /usr/local/openssl/certs. However, if CERTDIR is neither of those directories (default) or a user disabled OPENSSL in src.conf and haven't installed security/openssl it makes no sense to have the link or call non-existing openssl(1). [1] http://gagravarr.org/writing/openssl-certs/others.shtml Modified: trunk/security/ca_root_nss/Makefile trunk/security/ca_root_nss/pkg-plist Modified: trunk/security/ca_root_nss/Makefile ============================================================================== --- trunk/security/ca_root_nss/Makefile Thu Jan 31 19:36:04 2013 (r1152) +++ trunk/security/ca_root_nss/Makefile Fri Feb 1 02:04:36 2013 (r1153) @@ -11,15 +11,15 @@ MAINTAINER= gecko@FreeBSD.org COMMENT= The root certificate bundle from the Mozilla Project -OPTIONS_DEFINE= ETCSYMLINK +OPTIONS_DEFINE= ETCSYMLINK OPENSSL ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem +OPENSSL_DESC= Add a hashed symlink for use with OpenSSL USE_PERL5_BUILD= yes NO_WRKSUBDIR= yes CERTDIR?= ${PREFIX}/share/certs -PLIST_SUB+= CERTDIR=${CERTDIR:S,^/,,} \ - CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)" +PLIST_SUB+= CERTDIR=${CERTDIR:S,^/,,} # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!! These versions are indented to track security/nss. !!! @@ -41,6 +41,13 @@ PLIST_SUB+= ETCSYMLINK="@comment " .endif +.if ${PORT_OPTIONS:MOPENSSL} +PLIST_SUB+= OPENSSL= \ + CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)" +.else +PLIST_SUB+= OPENSSL="@comment " +.endif + do-extract: @${MKDIR} ${WRKDIR} @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ @@ -57,14 +64,18 @@ @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ < ${WRKDIR}/certdata.txt > \ ${WRKDIR}/ca-root-nss.crt +.if ${PORT_OPTIONS:MOPENSSL} openssl x509 -hash -noout -in \ ${WRKDIR}/ca-root-nss.crt >${WRKDIR}/ca-root-nss.hash +.endif do-install: ${MKDIR} ${CERTDIR} ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${CERTDIR} +.if ${PORT_OPTIONS:MOPENSSL} cd ${CERTDIR} && ${LN} -fs ca-root-nss.crt \ $$(cat ${WRKDIR}/ca-root-nss.hash).0 +.endif .if ${PORT_OPTIONS:METCSYMLINK} ${LN} -sf ${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem .endif Modified: trunk/security/ca_root_nss/pkg-plist ============================================================================== --- trunk/security/ca_root_nss/pkg-plist Thu Jan 31 19:36:04 2013 (r1152) +++ trunk/security/ca_root_nss/pkg-plist Fri Feb 1 02:04:36 2013 (r1153) @@ -1,5 +1,5 @@ @cwd / %%CERTDIR%%/ca-root-nss.crt -%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0 +%%OPENSSL%%%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0 @dirrmtry %%CERTDIR%% %%ETCSYMLINK%%etc/ssl/cert.pem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302010204.r1124bFA048085>