| Message ID | 20180705105154.115237-1-yszhou4tech@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show |
| Series | [OpenWrt-Devel] ca-certificates: ca-bundle: add symlink for openssl default setting | expand |
On 2018-07-05 06:51 AM, Yousong Zhou wrote: > OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is > needed for wget-ssl and possibly others to work seamlessly with fresh > ca-bundle installation Out of curiosity will this eliminate the need for installing both ca-bundle and ca-certificates? (I know that in the past some packages used the certs dir and others the bundle, perhaps this is why?). Regards, Daniel > > Fixes openwrt/packages#6152 > > Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> > --- > package/system/ca-certificates/Makefile | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile > index 537cf2f4e9..6de00b7161 100644 > --- a/package/system/ca-certificates/Makefile > +++ b/package/system/ca-certificates/Makefile > @@ -8,6 +8,7 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=ca-certificates > PKG_VERSION:=20180409 > +PKG_RELEASE:=2 > PKG_MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com> > > PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz > @@ -57,6 +58,7 @@ endef > define Package/ca-bundle/install > $(INSTALL_DIR) $(1)/etc/ssl/certs > cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt > + $(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem > endef > $(eval $(call BuildPackage,ca-certificates)) > $(eval $(call BuildPackage,ca-bundle)) > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel >
On Sat, Jul 7, 2018 at 4:14 PM Daniel Dickinson <cshore@thecshore.com> wrote: > > On 2018-07-05 06:51 AM, Yousong Zhou wrote: > > OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is > > needed for wget-ssl and possibly others to work seamlessly with fresh > > ca-bundle installation > > Out of curiosity will this eliminate the need for installing both > ca-bundle and ca-certificates? (I know that in the past some packages > used the certs dir and others the bundle, perhaps this is why?). Hope so. The ca-certificates package is bigger as there's filesystem padding and metadata to deal with. > > Regards, > > Daniel > > > > > Fixes openwrt/packages#6152 > > > > Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> > > --- > > package/system/ca-certificates/Makefile | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile > > index 537cf2f4e9..6de00b7161 100644 > > --- a/package/system/ca-certificates/Makefile > > +++ b/package/system/ca-certificates/Makefile > > @@ -8,6 +8,7 @@ include $(TOPDIR)/rules.mk > > > > PKG_NAME:=ca-certificates > > PKG_VERSION:=20180409 > > +PKG_RELEASE:=2 > > PKG_MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com> > > > > PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz > > @@ -57,6 +58,7 @@ endef > > define Package/ca-bundle/install > > $(INSTALL_DIR) $(1)/etc/ssl/certs > > cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt > > + $(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem > > endef > > $(eval $(call BuildPackage,ca-certificates)) > > $(eval $(call BuildPackage,ca-bundle)) > > > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile index 537cf2f4e9..6de00b7161 100644 --- a/package/system/ca-certificates/Makefile +++ b/package/system/ca-certificates/Makefile @@ -8,6 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ca-certificates PKG_VERSION:=20180409 +PKG_RELEASE:=2 PKG_MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com> PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz @@ -57,6 +58,7 @@ endef define Package/ca-bundle/install $(INSTALL_DIR) $(1)/etc/ssl/certs cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt + $(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem endef $(eval $(call BuildPackage,ca-certificates)) $(eval $(call BuildPackage,ca-bundle))
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is needed for wget-ssl and possibly others to work seamlessly with fresh ca-bundle installation Fixes openwrt/packages#6152 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> --- package/system/ca-certificates/Makefile | 2 ++ 1 file changed, 2 insertions(+)