]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 9ae6e10)
openssl: Ensure SSL certificates are stored on sysconfdir
authorOtavio Salvador <otavio@ossystems.com.br>
Mon, 23 May 2016 20:45:27 +0000 (17:45 -0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:13:41 +0000 (13:13 +0100)
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.

This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.

(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-connectivity/openssl/openssl.inc patch | blob | history

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a10c45e0c7078f77029f17c13fb0cbdb4dd1edb5..20dd74062a0911bec430f29a142fc7672cc71af0 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 
@@ -185,6 +185,17 @@ do_install () {
        else
                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
        fi
+
+       # Create SSL structure
+       install -d ${D}${sysconfdir}/ssl/
+       mv ${D}${libdir}/ssl/openssl.cnf \
+          ${D}${libdir}/ssl/certs \
+          ${D}${libdir}/ssl/private \
+          \
+          ${D}${sysconfdir}/ssl/
+       ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+       ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
 }
 
 do_install_ptest () {
@@ -198,7 +209,7 @@ do_install_ptest () {
        cp -r certs ${D}${PTEST_PATH}
        mkdir -p ${D}${PTEST_PATH}/apps
        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-       ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
        mkdir -p ${D}${PTEST_PATH}/util
Mirror of the official openembedded-core repository