From 31e099114a2c41d7b85ea9544d1a47ef8f8b691b Mon Sep 17 00:00:00 2001 From: Fredrik Fornwall Date: Tue, 11 Aug 2015 23:52:41 -0400 Subject: [PATCH] CA certificates setup Move the CA certs from libcurl to separate ca-certificates package which both openssl and gnutls depends on. For a smooth upgrade without packages clashing with the same file, rename etc/ssl to etc/tls. Also update gnutls to latest version and give configure argument to use common certificate file. --- packages/ca-certificates/build.sh | 17 +++++++++++++++++ packages/libcurl/build.sh | 11 ++--------- packages/libgnutls/build.sh | 7 ++++--- packages/openssl/build.sh | 3 ++- packages/weechat/build.sh | 4 ++-- 5 files changed, 27 insertions(+), 15 deletions(-) create mode 100644 packages/ca-certificates/build.sh diff --git a/packages/ca-certificates/build.sh b/packages/ca-certificates/build.sh new file mode 100644 index 000000000..87dda342e --- /dev/null +++ b/packages/ca-certificates/build.sh @@ -0,0 +1,17 @@ +TERMUX_PKG_HOMEPAGE=http://curl.haxx.se/docs/caextract.html +TERMUX_PKG_DESCRIPTION="Common CA certificates" +TERMUX_PKG_VERSION=20150427 +TERMUX_PKG_BUILD_REVISION=1 + +termux_step_make_install () { + CERTFILE=$TERMUX_PKG_TMPDIR/cert.pem + curl -o $CERTFILE https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt + if grep -q 'SHA1: ed3c0bbfb7912bcc00cd2033b0cb85c98d10559c' $CERTFILE; then + CERT_DIR=$TERMUX_PREFIX/etc/tls + mkdir -p $CERT_DIR + mv $CERTFILE $CERT_DIR/cert.pem + else + echo "Have https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt been updated?" + exit 1 + fi +} diff --git a/packages/libcurl/build.sh b/packages/libcurl/build.sh index 85300ec63..fa765c665 100755 --- a/packages/libcurl/build.sh +++ b/packages/libcurl/build.sh @@ -3,14 +3,7 @@ TERMUX_PKG_DESCRIPTION="Easy-to-use client-side URL transfer library" TERMUX_PKG_DEPENDS="openssl" TERMUX_PKG_VERSION=7.43.0 TERMUX_PKG_SRCURL=http://curl.haxx.se/download/curl-${TERMUX_PKG_VERSION}.tar.bz2 - -export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/ssl/cert.pem +TERMUX_PKG_BUILD_REVISION=2 +export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/tls/cert.pem TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-ssl --with-ca-bundle=$TERMUX_CA_BUNDLE" TERMUX_PKG_RM_AFTER_INSTALL="bin/curl-config share/man/man1/curl-config.1" - -termux_step_post_make_install () { - # "port install p5-libwww-perl" needed on mac: - make ca-bundle - mkdir -p `dirname $TERMUX_CA_BUNDLE` - cp lib/ca-bundle.crt $TERMUX_CA_BUNDLE -} diff --git a/packages/libgnutls/build.sh b/packages/libgnutls/build.sh index 4d7847589..7b9866184 100644 --- a/packages/libgnutls/build.sh +++ b/packages/libgnutls/build.sh @@ -1,9 +1,10 @@ TERMUX_PKG_HOMEPAGE=http://www.gnutls.org/ TERMUX_PKG_DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them" -TERMUX_PKG_DEPENDS="libgmp, libnettle" +TERMUX_PKG_DEPENDS="libgmp, libnettle, ca-certificates" _TERMUX_PKG_MAJOR_VERSION=3.4 -TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.3 +TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.4.1 +TERMUX_PKG_BUILD_REVISION=1 TERMUX_PKG_SRCURL=ftp://ftp.gnutls.org/gcrypt/gnutls/v${_TERMUX_PKG_MAJOR_VERSION}/gnutls-${TERMUX_PKG_VERSION}.tar.xz -TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit" +TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit --with-default-trust-store-file=$TERMUX_PREFIX/etc/tls/cert.pem" CFLAGS+=" -std=c99" diff --git a/packages/openssl/build.sh b/packages/openssl/build.sh index 4c236dd63..dc5b01f10 100755 --- a/packages/openssl/build.sh +++ b/packages/openssl/build.sh @@ -1,7 +1,8 @@ TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" -TERMUX_PKG_ESSENTIAL=yes +TERMUX_PKG_DEPENDS="ca-certificates" TERMUX_PKG_VERSION=1.0.2d +TERMUX_PKG_BUILD_REVISION=1 TERMUX_PKG_SRCURL="http://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz" TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc" TERMUX_PKG_BUILD_IN_SRC=yes diff --git a/packages/weechat/build.sh b/packages/weechat/build.sh index 34e3a68e0..d10b40fd8 100755 --- a/packages/weechat/build.sh +++ b/packages/weechat/build.sh @@ -1,7 +1,7 @@ TERMUX_PKG_HOMEPAGE=http://weechat.org/ TERMUX_PKG_DESCRIPTION="Fast, light and extensible IRC chat client" TERMUX_PKG_VERSION=1.2 -TERMUX_PKG_BUILD_REVISION=2 +TERMUX_PKG_BUILD_REVISION=3 TERMUX_PKG_SRCURL=http://www.weechat.org/files/src/weechat-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_DEPENDS="ncurses, libgcrypt, libcurl, libgnutls, libandroid-support" # weechat-curses is a symlink to weechat, so remove it: @@ -26,6 +26,6 @@ termux_step_configure () { -DPKG_CONFIG_EXECUTABLE=$PKG_CONFIG \ -DZLIB_LIBRARY:FILEPATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/lib/libz.so" \ -DZLIB_INCLUDE_DIR:PATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/include" \ - -DCA_FILE="$TERMUX_PREFIX/etc/ssl/cert.pem" \ + -DCA_FILE="$TERMUX_PREFIX/etc/tls/cert.pem" \ $TERMUX_PKG_SRCDIR }