fix target ca-bundle

author Markham <markham001@gmx.de>

Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)

committer Markham <markham001@gmx.de>

Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)
author Markham <markham001@gmx.de>
Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)
committer Markham <markham001@gmx.de>
Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)
diff --git a/make/environment-build.mk b/make/environment-build.mk

index cb89165c90cd660f02be84bf1ac364a59f418295..3cd54d937230e10e8183c573ddf7eea303e89e98 100755 (executable)
--- a/make/environment-build.mk
+++ b/make/environment-build.mk
@@ -165,7 +165,7 @@ PKG_CONFIG_PATH = $(PKG_CONFIG_LIBDIR)/pkgconfig
  
  # certificates
  CA_BUNDLE             = ca-certificates.crt
-CA_BUNDLE_DIR         = etc/ssl/certs
+CA_BUNDLE_DIR         = /etc/ssl/certs
  
  # helper-"functions":
  REWRITE_LIBTOOL_RULES  = sed -i \
diff --git a/make/libraries.mk b/make/libraries.mk

index e0dab8d0ecb47dc92e2545c23e932b6ddbecac1b..9856f86ba20ed9e7774555802f2aeb32e3204baf 100755 (executable)
--- a/make/libraries.mk
+++ b/make/libraries.mk
@@ -562,12 +562,20 @@ $(D)/host_openssl: $(ARCHIVE)/openssl-$(OPENSSL_VER)$(OPENSSL_SUBVER).tar.gz | $
         $(TOUCH)
  
  CA_URL = https://curl.se/ca/cacert.pem
+CA_BUNDLE_MAX_AGE = 30 # days
  $(D)/ca-bundle: | $(TARGETPREFIX)
         $(START_BUILD)
-       cd $(ARCHIVE); \
-               curl -s --remote-name --time-cond $(ARCHIVE)/cacert.pem $(CA_URL)
-       install -D -m 0644 $(ARCHIVE)/cacert.pem $(TARGETPREFIX)/$(CA_BUNDLE_DIR)/$(CA_BUNDLE)
-       openssl verify $(TARGETPREFIX)/$(CA_BUNDLE_DIR)/$(CA_BUNDLE)
+       if test -f $(ARCHIVE)/cacert.pem; then \
+               if test $$(find $(ARCHIVE)/cacert.pem -mtime +$(CA_BUNDLE_MAX_AGE) -print 2>/dev/null | wc -l) -gt 0; then \
+                       echo "ca-bundle: cacert.pem is older than $(CA_BUNDLE_MAX_AGE) days, re-downloading..."; \
+                       rm -f $(ARCHIVE)/cacert.pem; \
+               fi; \
+       fi
+       if test ! -f $(ARCHIVE)/cacert.pem; then \
+               curl -L $(CA_URL) -o $(ARCHIVE)/cacert.pem; \
+       fi
+       install -D -m 0644 $(ARCHIVE)/cacert.pem $(TARGETPREFIX)$(CA_BUNDLE_DIR)/$(CA_BUNDLE)
+       openssl verify $(TARGETPREFIX)$(CA_BUNDLE_DIR)/$(CA_BUNDLE)
         $(TOUCH)
  
  $(D)/libcurl: $(ARCHIVE)/curl-$(LIBCURL_VER).tar.bz2 $(D)/openssl $(D)/librtmp $(D)/zlib $(D)/ca-bundle | $(TARGETPREFIX)
@@ -600,8 +608,8 @@ $(D)/libcurl: $(ARCHIVE)/curl-$(LIBCURL_VER).tar.bz2 $(D)/openssl $(D)/librtmp $
                         --without-libpsl \
                         --without-zstd \
                         --disable-ipfs \
-                       --disable-ipns \
-                       --with-ca-bundle=/$(CA_BUNDLE_DIR)/$(CA_BUNDLE) \
+                       --with-ca-path=$(CA_BUNDLE_DIR) \
+                       --with-ca-bundle=$(CA_BUNDLE_DIR)/$(CA_BUNDLE) \
                         --with-ssl=$(TARGETPREFIX) \
                         --with-librtmp=$(TARGETPREFIX)/lib \
                         --enable-optimize \
author	Markham <markham001@gmx.de>
	Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)
committer	Markham <markham001@gmx.de>
	Sat, 21 Mar 2026 18:11:30 +0000 (19:11 +0100)
make/environment-build.mk		patch \| blob \| history
make/libraries.mk		patch \| blob \| history