[OpenWrt-Devel] [PATCH 3/4] Run c_hash on the certificates

Cristian Morales Vega cristian at samknows.com
Thu Sep 25 03:52:06 EDT 2014


OK, I found your patch. Sorry, I just registered in the list and
didn't look as far back as July.
I also see that "openssl" is supposed to be installed, so there is not
need to build it for the host.

The extension thing was only because of the "c_rehash" script. If you
crate the hashes manually there is indeed no need to change them.

I will take your patch, thanks!


On 24 September 2014 21:40, Christian Schoenebeck
<christian.schoenebeck at gmail.com> wrote:
> Am 24.09.2014 um 16:15 schrieb Cristian Morales Vega:
>> It's needed for OpenSSL to find them.
>>
>> Signed-off-by: Cristian Morales Vega <cristian at samknows.com>
>> ---
>>  package/system/ca-certificates/Makefile | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
>> index cd29c0a..492cbb5 100644
>> --- a/package/system/ca-certificates/Makefile
>> +++ b/package/system/ca-certificates/Makefile
>> @@ -14,6 +14,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
>>  PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates
>>  PKG_MD5SUM:=0436aba482091da310bd762e1deca8b4
>>
>> +PKG_BUILD_DEPENDS:=openssl-util/host
>> +
>>  PKG_INSTALL:=1
>>
>>  include $(INCLUDE_DIR)/package.mk
>> @@ -34,6 +36,7 @@ endef
>>  define Package/ca-certificates/install
>>       $(INSTALL_DIR) $(1)/etc/ssl/certs
>>       $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.pem $(1)/etc/ssl/certs/
>> +     c_rehash $(1)/etc/ssl/certs/
>>  endef
>>
>>  $(eval $(call BuildPackage,ca-certificates))
>>
> Hi Cristian,
>
> I already offered attached patch to build hashes during build of ca-certificate package.
> I'm using this patch for my own because it's not part of trunk.
> curl and wget works fine with this as long as they have hashes to look at.
> I'm not sure, but it makes no diff if file extension is pem or cer.
>
> Christian
>
> Date: Sun, 20 Jul 2014 10:48:50 +0200
> Subject: [PATCH] [package] ca-certificates: create symbolic link for certificate hashes
>
> Implementing "add-cert.sh" functionality described at
> http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
> otherwise you need to create symbolic links for certificate hashes
> yourself.
>
> Signed-off-by: Christian Schoenebeck <christian.schoenebeck at gmail.com>
> ---
>  package/system/ca-certificates/Makefile | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
> index 7f38c86..08a853f 100644
> --- a/package/system/ca-certificates/Makefile
> +++ b/package/system/ca-certificates/Makefile
> @@ -34,6 +34,15 @@ endef
>  define Package/ca-certificates/install
>         $(INSTALL_DIR) $(1)/etc/ssl/certs
>         $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
> +
> +       for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
> +               HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
> +               SUFFIX=0 ; \
> +               while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
> +                       let "SUFFIX += 1" ; \
> +               done ; \
> +               ln -s "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
> +       done
>  endef
>
>  $(eval $(call BuildPackage,ca-certificates))
>
>



-- 
Cristian Morales Vega

Email cristian at samknows.com
Office +44 (0) 20 3111 4330
Web:  www.samknows.com


This email is sent for and on behalf of SamKnows Limited.

This email and any attachments are confidential, legally privileged
and protected by copyright. If you are not the intended recipient
dissemination or copying of this email is prohibited. If you have
received this in error, please notify the sender by replying by email
and then delete the email completely from your system.

SamKnows Limited, Registered Number: 06510477, Registered Office: Hill
House, 1 Little New Street, London, EC4A 3TR. Registered in England
and Wales. Trade Mark 2507103
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list