From 370fd79d22eeb467ac0bd23c2f2c4c699d089b9a Mon Sep 17 00:00:00 2001 From: gdt Date: Mon, 19 Jun 2017 00:32:37 +0000 Subject: Rationalize directory handling around ca-certificates.crt Now, ca-certificates.crt is always in the main certs dir, because we have been careful about builtin vs pkgsrc paths. So the directory must exist (because it was checked earlier). Instead, check for the ca-certificates.crt file existing. Add more questioning comments. Based on a patch by J. Lewis Muir. --- security/mozilla-rootcerts/Makefile | 4 ++-- security/mozilla-rootcerts/files/mozilla-rootcerts.sh | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/security/mozilla-rootcerts/Makefile b/security/mozilla-rootcerts/Makefile index 1fbf30dd133..9f6122ec8cc 100644 --- a/security/mozilla-rootcerts/Makefile +++ b/security/mozilla-rootcerts/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.27 2017/06/19 00:10:21 gdt Exp $ +# $NetBSD: Makefile,v 1.28 2017/06/19 00:32:37 gdt Exp $ DISTNAME= mozilla-rootcerts-1.0.${CERTDATA_DATE} -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= security MASTER_SITES= -https://hg.mozilla.org/mozilla-central/raw-file/052b90b5414f/security/nss/lib/ckfw/builtins/certdata.txt DISTFILES= ${CERTDATA} diff --git a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh index f300ec3ce2c..f306e3a292b 100644 --- a/security/mozilla-rootcerts/files/mozilla-rootcerts.sh +++ b/security/mozilla-rootcerts/files/mozilla-rootcerts.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: mozilla-rootcerts.sh,v 1.15 2017/06/19 00:20:15 gdt Exp $ +# $NetBSD: mozilla-rootcerts.sh,v 1.16 2017/06/19 00:32:37 gdt Exp $ # # This script is meant to be used as follows: # @@ -201,6 +201,7 @@ install) # quell warnings for a missing config file touch $destdir$conffile fi + # Insist on e.g. /etc/openssl/certs existing. if [ ! -d $destdir$certdir ]; then ${ECHO} 1>&2 "ERROR: $destdir$certdir does not exist, aborting." exit 1 @@ -217,18 +218,17 @@ install) $self extract $self rehash set +e - - # \todo Explain the point of the next check. After directory - # rationalization, it is checking the same directory that was - # just populated. - if [ -d $destdir$certdir ]; then - ${ECHO} 1>&2 "ERROR: $destdir$certdir already exists, aborting." + # \todo Explain why if we are willing to write + # ca-certificates.crt, we are not willing to remove and + # re-create it. Arguably install should be idempotent without + # error. + if [ -e $destdir$certdir/ca-certificates.crt ]; then + ${ECHO} 1>&2 "ERROR: $destdir$certdir/ca-certificates.crt already exists, aborting." exit 1 fi set -e # \todo Explain the purpose of the ca-certificates file, and # specifically if it is for openssl itself, propgrams using # openssl, gnutls, or something else. - $MKDIR $destdir$certdir cat $destdir$certdir/*.pem > $destdir$certdir/ca-certificates.crt esac -- cgit v1.2.3