[Buildroot] svn commit: trunk/buildroot/package/openssl

John Voltz john.voltz at gmail.com
Tue Jul 8 15:34:03 UTC 2008


Here's a patch to add SSL certificates to buildroot. It builds them from
mozilla's svn, so the certs are not likely to have been tampered with. It's
really pretty slick.

diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/
ca-certificates.mk buildroot/package/ca-certificates/ca-certificates.mk
--- buildroot-orig/package/ca-certificates/ca-certificates.mk    1969-12-31
19:00:00.000000000 -0500
+++ buildroot/package/ca-certificates/ca-certificates.mk    2008-07-03
07:33:36.000000000 -0400
@@ -0,0 +1,25 @@
+#############################################################
+#
+# ca-certificates
+#
+#############################################################
+
+package/ca-certificates/ca-bundle.crt:
+    package/ca-certificates/mkcabundle.pl > $@
+
+$(TARGET_DIR)/usr/lib/ssl/cert.pem: package/ca-certificates/ca-bundle.crt
+    mkdir -p $(TARGET_DIR)/usr/lib/ssl/certs/
+    mkdir -p $(TARGET_DIR)/usr/lib/ssl/CA/private
+    cp package/ca-certificates/ca-bundle.crt
$(TARGET_DIR)/usr/lib/ssl/certs
+    ln -s certs/ca-bundle.crt $(TARGET_DIR)/usr/lib/ssl/cert.pem
+
+ca-certificates: $(TARGET_DIR)/usr/lib/ssl/cert.pem
+
+#############################################################
+#
+# Toplevel Makefile options
+#
+#############################################################
+ifeq ($(strip $(BR2_PACKAGE_CA_CERTIFICATES)),y)
+TARGETS+=ca-certificates
+endif
\ No newline at end of file
diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/Config.in
buildroot/package/ca-certificates/Config.in
--- buildroot-orig/package/ca-certificates/Config.in    1969-12-31
19:00:00.000000000 -0500
+++ buildroot/package/ca-certificates/Config.in    2008-07-03
07:33:36.000000000 -0400
@@ -0,0 +1,5 @@
+config BR2_PACKAGE_CA_CERTIFICATES
+    bool "ssl certificates"
+    default n
+    help
+      SSL certificates for OpenSSL
diff -Nwrup -x .svn buildroot-orig/package/ca-certificates/mkcabundle.pl
buildroot/package/ca-certificates/mkcabundle.pl
--- buildroot-orig/package/ca-certificates/mkcabundle.pl    1969-12-31
19:00:00.000000000 -0500
+++ buildroot/package/ca-certificates/mkcabundle.pl    2008-07-03
07:33:36.000000000 -0400
@@ -0,0 +1,41 @@
+#!/usr/bin/perl -w
+#
+# Used to regenerate ca-bundle.crt from the Mozilla certdata.txt.
+# Run as ./mkcabundle.pl > ca-bundle.crt
+#
+
+my $cvsroot = ':pserver:anonymous at cvs-mirror.mozilla.org:/cvsroot';
+my $certdata = 'mozilla/security/nss/lib/ckfw/builtins/certdata.txt';
+
+open(IN, "cvs -d $cvsroot co -p $certdata|")
+    || die "could not check out certdata.txt";
+
+my $incert = 0;
+
+print<<EOH;
+# This is a bundle of X.509 certificates of public Certificate
+# Authorities.  It was generated from the Mozilla root CA list.
+#
+# Source: $certdata
+#
+EOH
+
+while (<IN>) {
+    if (/^CKA_VALUE MULTILINE_OCTAL/) {
+        $incert = 1;
+        open(OUT, "|openssl x509 -text -inform DER -fingerprint")
+            || die "could not pipe to openssl x509";
+    } elsif (/^END/ && $incert) {
+        close(OUT);
+        $incert = 0;
+        print "\n\n";
+    } elsif ($incert) {
+        my @bs = split(/\\/);
+        foreach my $b (@bs) {
+            chomp $b;
+            printf(OUT "%c", oct($b)) unless $b eq '';
+        }
+    } elsif (/^CVS_ID.*Revision: ([^ ]*).*/) {
+        print "# Generated from certdata.txt RCS revision $1\n#\n";
+    }
+}
\ No newline at end of file
diff -Nwrup -x .svn buildroot-orig/package/Config.in
buildroot/package/Config.in
--- buildroot-orig/package/Config.in    2008-07-08 11:19:53.000000000 -0400
+++ buildroot/package/Config.in    2008-07-08 11:26:07.000000000 -0400
@@ -150,6 +150,7 @@ source "package/axel/Config.in"
 source "package/boa/Config.in"
 source "package/bind/Config.in"
 source "package/bridge-utils/Config.in"
+source "package/ca-certificates/Config.in"
 source "package/curl/Config.in"
 if !BR2_PACKAGE_BUSYBOX_HIDE_OTHERS
 source "package/dhcp/Config.in"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20080708/e821259b/attachment.html>


More information about the buildroot mailing list