diff options
| author | gdt <gdt@pkgsrc.org> | 2017-06-19 00:32:37 +0000 |
|---|---|---|
| committer | gdt <gdt@pkgsrc.org> | 2017-06-19 00:32:37 +0000 |
| commit | 370fd79d22eeb467ac0bd23c2f2c4c699d089b9a (patch) | |
| tree | fcbd125124645d9975a28795df0e8a15efd081ad /security | |
| parent | 4faed6a170c159a4ea58bb71ac265457b65d9d7a (diff) | |
| download | pkgsrc-370fd79d22eeb467ac0bd23c2f2c4c699d089b9a.tar.gz | |
Rationalize directory handling around ca-certificates.crt
Now, ca-certificates.crt is always in the main certs dir, because we
have been careful about builtin vs pkgsrc paths. So the directory
must exist (because it was checked earlier). Instead, check for the
ca-certificates.crt file existing. Add more questioning comments.
Based on a patch by J. Lewis Muir.
Diffstat (limited to 'security')
| -rw-r--r-- | security/mozilla-rootcerts/Makefile | 4 | ||||
| -rw-r--r-- | security/mozilla-rootcerts/files/mozilla-rootcerts.sh | 16 |
2 files changed, 10 insertions, 10 deletions
diff --git a/security/mozilla-rootcerts/Makefile b/security/mozilla-rootcerts/Makefile index 1fbf30dd133..9f6122ec8cc 100644 --- a/security/mozilla-rootcerts/Makefile +++ b/security/mozilla-rootcerts/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2017/06/19 00:10:21 gdt Exp $ +# $NetBSD: Makefile,v 1.28 2017/06/19 00:32:37 gdt Exp $ DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt DISTFILES= ${CERTDATA} diff --git a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh index f300ec3ce2c..f306e3a292b 100644 --- a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh +++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: mozilla-rootcerts.sh,v 1.15 2017/06/19 00:20:15 gdt Exp $ +# $NetBSD: mozilla-rootcerts.sh,v 1.16 2017/06/19 00:32:37 gdt Exp $ # # This script is meant to be used as follows: # @@ -201,6 +201,7 @@ install) # quell warnings for a missing config file touch $destdir$conffile fi + # Insist on e.g. /etc/openssl/certs existing. if [ ! -d $destdir$certdir ]; then ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting." exit 1 @@ -217,18 +218,17 @@ install) $self extract $self rehash set +e - - # \todo Explain the point of the next check. After directory - # rationalization, it is checking the same directory that was - # just populated. - if [ -d $destdir$certdir ]; then - ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." + # \todo Explain why if we are willing to write + # ca-certificates.crt, we are not willing to remove and + # re-create it. Arguably install should be idempotent without + # error. + if [ -e $destdir$certdir/ca-certificates.crt ]; then + ${ECHO} 1>&2 "ERROR: $destdir$certdir/ca-certificates.crt already exists, aborting." exit 1 fi set -e # \todo Explain the purpose of the ca-certificates file, and # specifically if it is for openssl itself, propgrams using # openssl, gnutls, or something else. - $MKDIR $destdir$certdir cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt esac |