From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 1/3] package/ca-certificates: don't hash certificates.crt
Date: Sun, 17 Jun 2018 21:25:47 +0200 [thread overview]
Message-ID: <20180617212547.4bc868c3@windsurf> (raw)
In-Reply-To: <20180616220601.4629-2-martin@barkynet.com>
Hello,
On Sat, 16 Jun 2018 23:05:59 +0100, Martin Bark wrote:
> Currently c_rehash mistakenly hashes the certificates bundle
> certificates.crt resulting in ${TAGET_DIR}/etc/ssl/certs/128805a3.0
> incorrectly linking to ca-certificates.crt when it should be linked to
> EE_Certification_Centre_Root_CA_2.pem
I can't reproduce this issue here:
output/target$ ls -l etc/ssl/certs/128805a3.0
lrwxrwxrwx 1 thomas thomas 35 Jun 17 20:58 etc/ssl/certs/128805a3.0 -> EE_Certification_Centre_Root_CA.pem
Also, during the review, you said that you noticed this problem when
comparing the /etc/ssl/certs generated by Buildroot with the one
available in Ubuntu.
On Fedora, it looks just like this:
$ ls -l /etc/ssl/certs/
total 4
lrwxrwxrwx 1 root root 49 May 18 13:21 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
lrwxrwxrwx 1 root root 55 May 18 13:21 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
-rw-r--r-- 1 root root 2516 Apr 3 13:18 Makefile
So it really doesn't look like what Buildroot produces. But I'm not
familiar at all with those certificates.
Peter, since you've reviewed the previous iteration of this patch
series, perhaps you can take care of merging it ?
Thanks!
Thomas Petazzoni
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2018-06-17 19:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-16 22:05 [Buildroot] [PATCH v2 0/3] package/ca-certificates improvements Martin Bark
2018-06-16 22:05 ` [Buildroot] [PATCH v2 1/3] package/ca-certificates: don't hash certificates.crt Martin Bark
2018-06-17 19:25 ` Thomas Petazzoni [this message]
2018-06-18 9:51 ` Martin Bark
2018-06-18 14:39 ` Thomas Petazzoni
2018-06-21 22:04 ` Martin Bark
2018-10-21 13:15 ` Arnout Vandecappelle
2018-10-21 13:38 ` Arnout Vandecappelle
2018-10-21 14:03 ` Martin Bark
2018-10-24 12:32 ` Peter Korsgaard
2018-06-16 22:06 ` [Buildroot] [PATCH v2 2/3] package/ca-certificates: fix rebuilds Martin Bark
2018-06-16 22:06 ` [Buildroot] [PATCH v2 3/3] package/ca-certificates: create ca-certificates.crt reproducibly Martin Bark
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180617212547.4bc868c3@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox