From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] Revert "dependencies: check that SSL certificates are installed"
Date: Sun, 26 May 2013 09:49:20 +0200 [thread overview]
Message-ID: <20130526094920.47aa7434@skate> (raw)
In-Reply-To: <20130526024707.GA5037@tarshish>
Dear Baruch Siach,
On Sun, 26 May 2013 05:47:07 +0300, Baruch Siach wrote:
> Hi Thomas,
>
> On Mon, May 20, 2013 at 09:27:27AM +0300, Baruch Siach wrote:
> > This reverts commit d66cd067f3dc3d5e2479e1e8c05f24fd82329f7a.
> >
> > SSL certificates are no always installed in /etc/ssl/certs. For example, on
> > CentOS 5.6 the default OpenSSL certificates directory is /etc/pki/tls/certs,
> > and wget can download using https without any problem.
> >
> > Moreover, the existence of /etc/ssl/certs does not guarantee the presence of a
> > CA certificates bundle even on Debian. On my current Debian testing
> > installation the openssl package itself creates an empty /etc/ssl/certs
> > directory.
> >
> > Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> > ---
>
> As the author of d66cd067f3, what do you think?
Well, d66cd067f3 was written because if you install a very minimal
system, you may not have the SSL certificates installed, which prevents
any download from https:// website. So I added a quick check for that.
However, apparently, the location of such certificates is not fixed
between various systems, so clearly my patch doesn't work properly.
I see two options here:
(1) Apply your patch, and assume that in most systems, SSL
certificates are always installed. The case I had what when you
create a very minimal Debian system, but most people probably use
a more full-featured system, and it's pretty likely that SSL
certificates are already installed.
(2) Replace the test by a test that wget some well-known https:// URL,
and if it doesn't work, say that SSL certificates are not
available. But I don't like this too much, because this means that
at every invocation of 'make', Buildroot will try to download
something from the network.
So, for now, I believe option (1) is the only viable one, unless there
is some local command that allows to check whether SSL certificates are
installed or not.
Best regards,
Thomas
--
Thomas Petazzoni, Free Electrons
Kernel, drivers, real-time and embedded Linux
development, consulting, training and support.
http://free-electrons.com
next prev parent reply other threads:[~2013-05-26 7:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-20 6:27 [Buildroot] [PATCH] Revert "dependencies: check that SSL certificates are installed" Baruch Siach
2013-05-26 2:47 ` Baruch Siach
2013-05-26 3:21 ` Spenser Gilliland
2013-05-26 7:49 ` Thomas Petazzoni [this message]
2013-05-26 8:24 ` Baruch Siach
2013-05-26 8:27 ` Thomas Petazzoni
2013-05-26 9:14 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130526094920.47aa7434@skate \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.