CA certificates setup

Move the CA certs from libcurl to separate ca-certificates package which both openssl and gnutls depends on.

For a smooth upgrade without packages clashing with the same file, rename etc/ssl to etc/tls.

Also update gnutls to latest version and give configure argument to use common certificate file.

packages/ca-certificates/build.sh

@@ -0,0 +1,17 @@
+TERMUX_PKG_HOMEPAGE=http://curl.haxx.se/docs/caextract.html
+TERMUX_PKG_DESCRIPTION="Common CA certificates"
+TERMUX_PKG_VERSION=20150427
+TERMUX_PKG_BUILD_REVISION=1
+
+termux_step_make_install () {
+	CERTFILE=$TERMUX_PKG_TMPDIR/cert.pem
+	curl -o $CERTFILE https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
+	if grep -q 'SHA1: ed3c0bbfb7912bcc00cd2033b0cb85c98d10559c' $CERTFILE; then
+		CERT_DIR=$TERMUX_PREFIX/etc/tls
+		mkdir -p $CERT_DIR
+		mv $CERTFILE $CERT_DIR/cert.pem
+	else
+		echo "Have https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt been updated?"
+		exit 1
+	fi
+}

packages/libcurl/build.sh

@@ -3,14 +3,7 @@ TERMUX_PKG_DESCRIPTION="Easy-to-use client-side URL transfer library"
 TERMUX_PKG_DEPENDS="openssl"
 TERMUX_PKG_VERSION=7.43.0
 TERMUX_PKG_SRCURL=http://curl.haxx.se/download/curl-${TERMUX_PKG_VERSION}.tar.bz2
-
-export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/ssl/cert.pem
+TERMUX_PKG_BUILD_REVISION=2
+export TERMUX_CA_BUNDLE=$TERMUX_PREFIX/etc/tls/cert.pem
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--with-ssl --with-ca-bundle=$TERMUX_CA_BUNDLE"
 TERMUX_PKG_RM_AFTER_INSTALL="bin/curl-config share/man/man1/curl-config.1"
-
-termux_step_post_make_install () {
-	# "port install p5-libwww-perl" needed on mac:
-	make ca-bundle
-        mkdir -p `dirname $TERMUX_CA_BUNDLE`
-	cp lib/ca-bundle.crt $TERMUX_CA_BUNDLE
-}

packages/libgnutls/build.sh

@@ -1,9 +1,10 @@
 TERMUX_PKG_HOMEPAGE=http://www.gnutls.org/
 TERMUX_PKG_DESCRIPTION="Secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them"
-TERMUX_PKG_DEPENDS="libgmp, libnettle"
+TERMUX_PKG_DEPENDS="libgmp, libnettle, ca-certificates"
 _TERMUX_PKG_MAJOR_VERSION=3.4
-TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.3
+TERMUX_PKG_VERSION=${_TERMUX_PKG_MAJOR_VERSION}.4.1
+TERMUX_PKG_BUILD_REVISION=1
 TERMUX_PKG_SRCURL=ftp://ftp.gnutls.org/gcrypt/gnutls/v${_TERMUX_PKG_MAJOR_VERSION}/gnutls-${TERMUX_PKG_VERSION}.tar.xz
-TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit"
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-hardware-acceleration --disable-cxx --disable-openssl-compatibility --with-included-libtasn1 --without-p11-kit --with-default-trust-store-file=$TERMUX_PREFIX/etc/tls/cert.pem"
 
 CFLAGS+=" -std=c99"

packages/openssl/build.sh

@@ -1,7 +1,8 @@
 TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
 TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
-TERMUX_PKG_ESSENTIAL=yes
+TERMUX_PKG_DEPENDS="ca-certificates"
 TERMUX_PKG_VERSION=1.0.2d
+TERMUX_PKG_BUILD_REVISION=1
 TERMUX_PKG_SRCURL="http://www.openssl.org/source/openssl-${TERMUX_PKG_VERSION}.tar.gz"
 TERMUX_PKG_RM_AFTER_INSTALL="bin/c_rehash etc/ssl/misc"
 TERMUX_PKG_BUILD_IN_SRC=yes

packages/weechat/build.sh

@@ -1,7 +1,7 @@
 TERMUX_PKG_HOMEPAGE=http://weechat.org/
 TERMUX_PKG_DESCRIPTION="Fast, light and extensible IRC chat client"
 TERMUX_PKG_VERSION=1.2
-TERMUX_PKG_BUILD_REVISION=2
+TERMUX_PKG_BUILD_REVISION=3
 TERMUX_PKG_SRCURL=http://www.weechat.org/files/src/weechat-${TERMUX_PKG_VERSION}.tar.bz2
 TERMUX_PKG_DEPENDS="ncurses, libgcrypt, libcurl, libgnutls, libandroid-support"
 # weechat-curses is a symlink to weechat, so remove it:
@@ -26,6 +26,6 @@ termux_step_configure () {
                 -DPKG_CONFIG_EXECUTABLE=$PKG_CONFIG \
 		-DZLIB_LIBRARY:FILEPATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/lib/libz.so" \
 		-DZLIB_INCLUDE_DIR:PATH="$TERMUX_STANDALONE_TOOLCHAIN/sysroot/usr/include" \
-		-DCA_FILE="$TERMUX_PREFIX/etc/ssl/cert.pem" \
+		-DCA_FILE="$TERMUX_PREFIX/etc/tls/cert.pem" \
 		$TERMUX_PKG_SRCDIR
 }