- rework ca-certificate handling

make/archives.mk

@@ -379,4 +379,4 @@ $(ARCHIVE)/mtools-$(MTOOLS_VER).tar.gz:
 $(ARCHIVE)/curl-ca-bundle.crt:
 	cd $(ARCHIVE); \
 		wget https://curl.haxx.se/ca/cacert.pem; \
-		mv cacert.pem curl-ca-bundle.crt
+		mv cacert.pem $(CA_BUNDLE)

make/environment.mk

@@ -161,6 +161,10 @@ CCACHE        = /usr/bin/ccache
 CCACHE_DIR    = $(HOME)/.ccache-ni-buildsystem-$(BOXARCH)-$(BOXSERIES)
 export CCACHE_DIR
 
+# certificates
+CA_BUNDLE     = ca-certificates.crt
+CA_BUNDLE_DIR = $(TARGETPREFIX)/etc/ssl/certs
+
 # create debug image
 DEBUG ?= no
 

make/gstreamer.mk

@@ -424,7 +424,7 @@ GNUTLS_SOURCE = gnutls-$(GNUTLS_VER).tar.xz
 $(ARCHIVE)/$(GNUTLS_SOURCE):
 	$(WGET) ftp://ftp.gnutls.org/gcrypt/gnutls/v$(GNUTLS_VER_MAJOR)/$(GNUTLS_SOURCE)
 
-$(D)/gnutls: $(D)/install-certs $(D)/nettle $(ARCHIVE)/$(GNUTLS_SOURCE)
+$(D)/gnutls: $(D)/nettle $(D)/ca-bundle $(ARCHIVE)/$(GNUTLS_SOURCE)
 	$(UNTAR)/$(GNUTLS_SOURCE)
 	set -e; cd $(BUILD_TMP)/gnutls-$(GNUTLS_VER); \
 		$(CONFIGURE) \
@@ -436,7 +436,7 @@ $(D)/gnutls: $(D)/install-certs $(D)/nettle $(ARCHIVE)/$(GNUTLS_SOURCE)
 			--enable-local-libopts \
 			--with-libpthread-prefix=$(TARGETPREFIX) \
 			--with-included-unistring \
-			--with-default-trust-store-dir=/etc/ssl/certs/ \
+			--with-default-trust-store-dir=$(CA_BUNDLE_DIR)/ \
 			--disable-guile \
 			--without-p11-kit \
 		; \
@@ -450,10 +450,6 @@ $(D)/gnutls: $(D)/install-certs $(D)/nettle $(ARCHIVE)/$(GNUTLS_SOURCE)
 	$(REMOVE)/gnutls-$(GNUTLS_VER)
 	touch $@
 
-$(D)/install-certs:
-	cp -a $(IMAGEFILES)/ca-certificates/* $(TARGETPREFIX)
-	touch $@
-
 #
 # glib-networking
 #

make/system-libs.mk

@@ -100,7 +100,7 @@ ifeq ($(BOXSERIES), hd1)
 	CURL_IPV6="--disable-ipv6"
 endif
 
-$(D)/libcurl: $(D)/zlib $(D)/openssl $(D)/librtmp $(ARCHIVE)/curl-ca-bundle.crt $(ARCHIVE)/curl-$(LIBCURL_VER).tar.bz2 | $(TARGETPREFIX)
+$(D)/libcurl: $(D)/zlib $(D)/openssl $(D)/librtmp $(D)/ca-bundle $(ARCHIVE)/curl-$(LIBCURL_VER).tar.bz2 | $(TARGETPREFIX)
 	$(UNTAR)/curl-$(LIBCURL_VER).tar.bz2
 	pushd $(BUILD_TMP)/curl-$(LIBCURL_VER) && \
 		$(CONFIGURE) \
@@ -123,7 +123,7 @@ $(D)/libcurl: $(D)/zlib $(D)/openssl $(D)/librtmp $(ARCHIVE)/curl-ca-bundle.crt
 			--disable-ntlm-wb \
 			--disable-ares \
 			--without-libidn \
-			--with-ca-bundle=/share/curl/curl-ca-bundle.crt \
+			--with-ca-bundle=$(CA_BUNDLE_DIR)/$(CA_BUNDLE) \
 			--with-random=/dev/urandom \
 			--with-ssl=$(TARGETPREFIX) \
 			--with-librtmp=$(TARGETPREFIX)/lib \
@@ -132,8 +132,6 @@ $(D)/libcurl: $(D)/zlib $(D)/openssl $(D)/librtmp $(ARCHIVE)/curl-ca-bundle.crt
 		$(MAKE) all && \
 		mkdir -p $(HOSTPREFIX)/bin && \
 		sed -e "s,^prefix=,prefix=$(TARGETPREFIX)," < curl-config > $(HOSTPREFIX)/bin/curl-config && \
-		mkdir -p $(TARGETPREFIX)/share/curl && \
-		cp -a $(ARCHIVE)/curl-ca-bundle.crt $(TARGETPREFIX)/share/curl && \
 		chmod 755 $(HOSTPREFIX)/bin/curl-config && \
 		make install DESTDIR=$(TARGETPREFIX)
 	rm -rf $(TARGETPREFIX)/bin/curl-config $(TARGETPREFIX)/share/zsh

make/system-tools.mk

@@ -1001,3 +1001,7 @@ $(D)/aio-grab: $(D)/zlib $(D)/libpng $(D)/libjpeg | $(TARGETPREFIX)
 		$(MAKE) install DESTDIR=$(TARGETPREFIX)
 	$(REMOVE)/aio-grab
 	touch $@
+
+$(D)/ca-bundle: $(ARCHIVE)/curl-ca-bundle.crt | $(TARGETPREFIX)
+	mkdir -p $(CA_BUNDLE_DIR) && \
+	cp -a $(ARCHIVE)/$(CA_BUNDLE) $(CA_BUNDLE_DIR)