ca_root_nss

svn-freebsd-gecko Thu, 31 Jan 2013 18:17:46 -0800

Author: jbeich
Date: Fri Feb  1 02:04:36 2013
New Revision: 1153

Log:
turn recently added openssl dependency into an option


A <hash>.0 is required[1] in order for OpenSSL to pick up a certificate
from, say, /etc/ssl/certs or /usr/local/openssl/certs. However, if
CERTDIR is neither of those directories (default) or a user disabled
OPENSSL in src.conf and haven't installed security/openssl it makes
no sense to have the link or call non-existing openssl(1).

[1] http://gagravarr.org/writing/openssl-certs/others.shtml

Modified:
   trunk/security/ca_root_nss/Makefile
   trunk/security/ca_root_nss/pkg-plist

Modified: trunk/security/ca_root_nss/Makefile
==============================================================================
--- trunk/security/ca_root_nss/Makefile Thu Jan 31 19:36:04 2013        (r1152)
+++ trunk/security/ca_root_nss/Makefile Fri Feb  1 02:04:36 2013        (r1153)
@@ -11,15 +11,15 @@
 MAINTAINER=    [email protected]
 COMMENT=       The root certificate bundle from the Mozilla Project
 
-OPTIONS_DEFINE=        ETCSYMLINK
+OPTIONS_DEFINE=        ETCSYMLINK OPENSSL
 ETCSYMLINK_DESC=       Add symlink to /etc/ssl/cert.pem
+OPENSSL_DESC=  Add a hashed symlink for use with OpenSSL
 
 USE_PERL5_BUILD=       yes
 NO_WRKSUBDIR=  yes
 
 CERTDIR?=      ${PREFIX}/share/certs
-PLIST_SUB+=    CERTDIR=${CERTDIR:S,^/,,} \
-               CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)"
+PLIST_SUB+=    CERTDIR=${CERTDIR:S,^/,,}
 
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 # !!!  These versions are indented to track security/nss.        !!!
@@ -41,6 +41,13 @@
 PLIST_SUB+=    ETCSYMLINK="@comment "
 .endif
 
+.if ${PORT_OPTIONS:MOPENSSL}
+PLIST_SUB+=    OPENSSL= \
+               CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)"
+.else
+PLIST_SUB+=    OPENSSL="@comment "
+.endif
+
 do-extract:
        @${MKDIR} ${WRKDIR}
        @${TAR} -C ${WRKDIR} -xf 
${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
@@ -57,14 +64,18 @@
        @${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \
            < ${WRKDIR}/certdata.txt > \
            ${WRKDIR}/ca-root-nss.crt
+.if ${PORT_OPTIONS:MOPENSSL}
        openssl x509 -hash -noout -in \
                ${WRKDIR}/ca-root-nss.crt >${WRKDIR}/ca-root-nss.hash
+.endif
 
 do-install:
        ${MKDIR} ${CERTDIR}
        ${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${CERTDIR}
+.if ${PORT_OPTIONS:MOPENSSL}
        cd ${CERTDIR} && ${LN} -fs ca-root-nss.crt \
                $$(cat ${WRKDIR}/ca-root-nss.hash).0
+.endif
 .if ${PORT_OPTIONS:METCSYMLINK}
        ${LN} -sf ${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
 .endif

Modified: trunk/security/ca_root_nss/pkg-plist
==============================================================================
--- trunk/security/ca_root_nss/pkg-plist        Thu Jan 31 19:36:04 2013        
(r1152)
+++ trunk/security/ca_root_nss/pkg-plist        Fri Feb  1 02:04:36 2013        
(r1153)
@@ -1,5 +1,5 @@
 @cwd /
 %%CERTDIR%%/ca-root-nss.crt
-%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0
+%%OPENSSL%%%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0
 @dirrmtry %%CERTDIR%%
 %%ETCSYMLINK%%etc/ssl/cert.pem
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-gecko
To unsubscribe, send any mail to "[email protected]"

[SVN-Commit] r1153 - trunk/security/ca_root_nss

Reply via email to