[SVN-Commit] r1153 - trunk/security/ca_root_nss

svn-freebsd-gecko at chruetertee.ch svn-freebsd-gecko at chruetertee.ch
Fri Feb 1 02:17:38 UTC 2013 

Author: jbeich
Date: Fri Feb  1 02:04:36 2013
New Revision: 1153

Log:
turn recently added openssl dependency into an option

A <hash>.0 is required[1] in order for OpenSSL to pick up a certificate
from, say, /etc/ssl/certs or /usr/local/openssl/certs. However, if
CERTDIR is neither of those directories (default) or a user disabled
OPENSSL in src.conf and haven't installed security/openssl it makes
no sense to have the link or call non-existing openssl(1).

[1] http://gagravarr.org/writing/openssl-certs/others.shtml

Modified:
   trunk/security/ca_root_nss/Makefile
   trunk/security/ca_root_nss/pkg-plist

Modified: trunk/security/ca_root_nss/Makefile
==============================================================================
--- trunk/security/ca_root_nss/Makefile	Thu Jan 31 19:36:04 2013	(r1152)
+++ trunk/security/ca_root_nss/Makefile	Fri Feb  1 02:04:36 2013	(r1153)
@@ -11,15 +11,15 @@
 MAINTAINER=	gecko at FreeBSD.org
 COMMENT=	The root certificate bundle from the Mozilla Project
 
-OPTIONS_DEFINE=	ETCSYMLINK
+OPTIONS_DEFINE=	ETCSYMLINK OPENSSL
 ETCSYMLINK_DESC=	Add symlink to /etc/ssl/cert.pem
+OPENSSL_DESC=	Add a hashed symlink for use with OpenSSL
 
 USE_PERL5_BUILD=	yes
 NO_WRKSUBDIR=	yes
 
 CERTDIR?=	${PREFIX}/share/certs
-PLIST_SUB+=	CERTDIR=${CERTDIR:S,^/,,} \
-		CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)"
+PLIST_SUB+=	CERTDIR=${CERTDIR:S,^/,,}
 
 # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 # !!!  These versions are indented to track security/nss.        !!!
@@ -41,6 +41,13 @@
 PLIST_SUB+=	ETCSYMLINK="@comment "
 .endif
 
+.if ${PORT_OPTIONS:MOPENSSL}
+PLIST_SUB+=	OPENSSL= \
+		CA_ROOT_NSS_HASH="$$(cat ${WRKDIR}/ca-root-nss.hash)"
+.else
+PLIST_SUB+=	OPENSSL="@comment "
+.endif
+
 do-extract:
 	@${MKDIR} ${WRKDIR}
 	@${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \
@@ -57,14 +64,18 @@
 	@${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \
 	    < ${WRKDIR}/certdata.txt > \
 	    ${WRKDIR}/ca-root-nss.crt
+.if ${PORT_OPTIONS:MOPENSSL}
 	openssl x509 -hash -noout -in \
 		${WRKDIR}/ca-root-nss.crt >${WRKDIR}/ca-root-nss.hash
+.endif
 
 do-install:
 	${MKDIR} ${CERTDIR}
 	${INSTALL_DATA} ${WRKDIR}/ca-root-nss.crt ${CERTDIR}
+.if ${PORT_OPTIONS:MOPENSSL}
 	cd ${CERTDIR} && ${LN} -fs ca-root-nss.crt \
 		$$(cat ${WRKDIR}/ca-root-nss.hash).0
+.endif
 .if ${PORT_OPTIONS:METCSYMLINK}
 	${LN} -sf ${CERTDIR}/ca-root-nss.crt /etc/ssl/cert.pem
 .endif

Modified: trunk/security/ca_root_nss/pkg-plist
==============================================================================
--- trunk/security/ca_root_nss/pkg-plist	Thu Jan 31 19:36:04 2013	(r1152)
+++ trunk/security/ca_root_nss/pkg-plist	Fri Feb  1 02:04:36 2013	(r1153)
@@ -1,5 +1,5 @@
 @cwd /
 %%CERTDIR%%/ca-root-nss.crt
-%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0
+%%OPENSSL%%%%CERTDIR%%/%%CA_ROOT_NSS_HASH%%.0
 @dirrmtry %%CERTDIR%%
 %%ETCSYMLINK%%etc/ssl/cert.pem

More information about the freebsd-gecko mailing list