Browse Source

CA certificates setup

Move the CA certs from libcurl to separate ca-certificates package which both openssl and gnutls depends on.

For a smooth upgrade without packages clashing with the same file, rename etc/ssl to etc/tls.

Also update gnutls to latest version and give configure argument to use common certificate file.
android-5
Fredrik Fornwall 10 years ago
parent
commit
31e099114a
  1. 17
      packages/ca-certificates/build.sh
  2. 11
      packages/libcurl/build.sh
  3. 7
      packages/libgnutls/build.sh
  4. 3
      packages/openssl/build.sh
  5. 4
      packages/weechat/build.sh

17
packages/ca-certificates/build.sh

@ -0,0 +1,17 @@
TERMUX_PKG_HOMEPAGE=http://curl.haxx.se/docs/caextract.html
TERMUX_PKG_DESCRIPTION="Common CA certificates"
TERMUX_PKG_VERSION=20150427
TERMUX_PKG_BUILD_REVISION=1
termux_step_make_install () {
CERTFILE=$TERMUX_PKG_TMPDIR/cert.pem
curl -o $CERTFILE https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
if grep -q 'SHA1: ed3c0bbfb7912bcc00cd2033b0cb85c98d10559c' $CERTFILE; then
CERT_DIR=$TERMUX_PREFIX/etc/tls
mkdir -p $CERT_DIR
mv $CERTFILE $CERT_DIR/cert.pem
else
echo "Have https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt been updated?"
exit 1
fi
}

11
packages/libcurl/build.sh

@ -3,14 +3,7 @@ TERMUX_PKG_DESCRIPTION="Easy-to-use client-side URL transfer library"
TERMUX_PKG_DEPENDS="openssl" TERMUX_PKG_DEPENDS="openssl"
TERMUX_PKG_VERSION=7.43.0 TERMUX_PKG_VERSION=7.43.0
TERMUX_PKG_SRCURL=http://curl.haxx.se/download/curl-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_SRCURL=http://curl.haxx.se/download/curl-${TERMUX_PKG_VERSION}.tar.bz2
TERMUX_PKG_BUILD_REVISION=2
export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/ssl/cert.pem export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/tls/cert.pem
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-ssl --with-ca-bundle=$TERMUX_CA_BUNDLE" TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-ssl --with-ca-bundle=$TERMUX_CA_BUNDLE"
TERMUX_PKG_RM_AFTER_INSTALL="bin/curl-config share/man/man1/curl-config.1" TERMUX_PKG_RM_AFTER_INSTALL="bin/curl-config share/man/man1/curl-config.1"
termux_step_post_make_install () {
# "port install p5-libwww-perl" needed on mac:
make ca-bundle
mkdir -p `dirname $TERMUX_CA_BUNDLE`
cp lib/ca-bundle.crt $TERMUX_CA_BUNDLE
}

7
packages/libgnutls/build.sh

@ -1,9 +1,10 @@
TERMUX_PKG_HOMEPAGE=http://www.gnutls.org/ TERMUX_PKG_HOMEPAGE=http://www.gnutls.org/
TERMUX_PKG_DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them" TERMUX_PKG_DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them"
TERMUX_PKG_DEPENDS="libgmp, libnettle" TERMUX_PKG_DEPENDS="libgmp, libnettle, ca-certificates"
_TERMUX_PKG_MAJOR_VERSION=3.4 _TERMUX_PKG_MAJOR_VERSION=3.4
TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.3 TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.4.1
TERMUX_PKG_BUILD_REVISION=1
TERMUX_PKG_SRCURL=ftp://ftp.gnutls.org/gcrypt/gnutls/v${_TERMUX_PKG_MAJOR_VERSION}/gnutls-${TERMUX_PKG_VERSION}.tar.xz TERMUX_PKG_SRCURL=ftp://ftp.gnutls.org/gcrypt/gnutls/v${_TERMUX_PKG_MAJOR_VERSION}/gnutls-${TERMUX_PKG_VERSION}.tar.xz
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit" TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit --with-default-trust-store-file=$TERMUX_PREFIX/etc/tls/cert.pem"
CFLAGS+=" -std=c99" CFLAGS+=" -std=c99"

3
packages/openssl/build.sh

@ -1,7 +1,8 @@
TERMUX_PKG_HOMEPAGE=https://www.openssl.org/ TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions" TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
TERMUX_PKG_ESSENTIAL=yes TERMUX_PKG_DEPENDS="ca-certificates"
TERMUX_PKG_VERSION=1.0.2d TERMUX_PKG_VERSION=1.0.2d
TERMUX_PKG_BUILD_REVISION=1
TERMUX_PKG_SRCURL="http://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz" TERMUX_PKG_SRCURL="http://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz"
TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc" TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc"
TERMUX_PKG_BUILD_IN_SRC=yes TERMUX_PKG_BUILD_IN_SRC=yes

4
packages/weechat/build.sh

@ -1,7 +1,7 @@
TERMUX_PKG_HOMEPAGE=http://weechat.org/ TERMUX_PKG_HOMEPAGE=http://weechat.org/
TERMUX_PKG_DESCRIPTION="Fast, light and extensible IRC chat client" TERMUX_PKG_DESCRIPTION="Fast, light and extensible IRC chat client"
TERMUX_PKG_VERSION=1.2 TERMUX_PKG_VERSION=1.2
TERMUX_PKG_BUILD_REVISION=2 TERMUX_PKG_BUILD_REVISION=3
TERMUX_PKG_SRCURL=http://www.weechat.org/files/src/weechat-${TERMUX_PKG_VERSION}.tar.bz2 TERMUX_PKG_SRCURL=http://www.weechat.org/files/src/weechat-${TERMUX_PKG_VERSION}.tar.bz2
TERMUX_PKG_DEPENDS="ncurses, libgcrypt, libcurl, libgnutls, libandroid-support" TERMUX_PKG_DEPENDS="ncurses, libgcrypt, libcurl, libgnutls, libandroid-support"
# weechat-curses is a symlink to weechat, so remove it: # weechat-curses is a symlink to weechat, so remove it:
@ -26,6 +26,6 @@ termux_step_configure () {
-DPKG_CONFIG_EXECUTABLE=$PKG_CONFIG \ -DPKG_CONFIG_EXECUTABLE=$PKG_CONFIG \
-DZLIB_LIBRARY:FILEPATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/lib/libz.so" \ -DZLIB_LIBRARY:FILEPATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/lib/libz.so" \
-DZLIB_INCLUDE_DIR:PATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/include" \ -DZLIB_INCLUDE_DIR:PATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/include" \
-DCA_FILE="$TERMUX_PREFIX/etc/ssl/cert.pem" \ -DCA_FILE="$TERMUX_PREFIX/etc/tls/cert.pem" \
$TERMUX_PKG_SRCDIR $TERMUX_PKG_SRCDIR
} }

Loading…
Cancel
Save