[OpenWrt-Devel] [patch] [package] ca-certificates: create symbolic link for certificate hashes

Christian Schoenebeck christian.schoenebeck at gmail.com
Thu Sep 18 04:56:41 EDT 2014


Am 20.07.2014 09:06, schrieb Felix Fietkau:
> On 2014-07-19 12:16, Christian Schoenebeck wrote:
>> From: Christian Schoenebeck <christian.schoenebeck at gmail.com>
>> Date: Sat, 19 Jul 2014 11:14:01 +0200
>> Subject: ca-certificates: create symbolic link for certificate hashes
>>
>> Implementing "add-cert.sh" functionality discribed at
>> http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile 
>> otherwise you need to create symbolic links for certificate hashes yourself.
>>
>> Signed-off-by: Christian Schoenebeck <christian.schoenebeck at gmail.com>
>> ---
>>  package/system/ca-certificates/Makefile | 13 +++++++++++++
>>  1 file changed, 13 insertions(+)
>>
>> diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
>> index 7f38c86..534c38b 100644
>> --- a/package/system/ca-certificates/Makefile
>> +++ b/package/system/ca-certificates/Makefile
>> @@ -34,6 +34,19 @@ endef
>>  define Package/ca-certificates/install
>>  	$(INSTALL_DIR) $(1)/etc/ssl/certs
>>  	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
>> +
>> +	OPENSSL=/usr/bin/openssl ; \
>> +	CERTDIR=$(1)/etc/ssl/certs ; \
> The use of shell variables here is unnecessary. make variables are more
> convenient because you don't need $$$$.
> Also, please don't hardcode the openssl path. OpenWrt build prereq
> checks already test if OpenSSL is installed, so you can safely assume
> that it is available. Just call 'openssl' without specifying a path.
> 
> - Felix
> 
Patch rebuilded and tested on WNDR3800 and VirtualBox x86

- Christian

From: Christian Schoenebeck <christian.schoenebeck at gmail.com>
Date: Sun, 20 Jul 2014 10:48:50 +0200
Subject: [PATCH] [package] ca-certificates: create symbolic link for certificate hashes

Implementing "add-cert.sh" functionality described at
http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
otherwise you need to create symbolic links for certificate hashes
yourself.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck at gmail.com>
---
 package/system/ca-certificates/Makefile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
index 7f38c86..08a853f 100644
--- a/package/system/ca-certificates/Makefile
+++ b/package/system/ca-certificates/Makefile
@@ -34,6 +34,15 @@ endef
 define Package/ca-certificates/install
 	$(INSTALL_DIR) $(1)/etc/ssl/certs
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
+
+	for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
+		HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
+		SUFFIX=0 ; \
+		while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
+			let "SUFFIX += 1" ; \
+		done ; \
+		ln -s "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
+	done
 endef
 
 $(eval $(call BuildPackage,ca-certificates))
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list