summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-misc')
-rw-r--r--app-misc/ca-certificates/ChangeLog11
-rw-r--r--app-misc/ca-certificates/Manifest32
-rw-r--r--app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild186
-rw-r--r--app-misc/ca-certificates/files/ca-certificates-20141019-root.patch116
4 files changed, 329 insertions, 16 deletions
diff --git a/app-misc/ca-certificates/ChangeLog b/app-misc/ca-certificates/ChangeLog
index 5e6cbda61867..be741a442a97 100644
--- a/app-misc/ca-certificates/ChangeLog
+++ b/app-misc/ca-certificates/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for app-misc/ca-certificates
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.105 2014/10/16 17:48:39 vapier Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ChangeLog,v 1.106 2015/03/22 00:07:09 vapier Exp $
+
+*ca-certificates-20141019.3.17.4 (22 Mar 2015)
+
+ 22 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+ +ca-certificates-20141019.3.17.4.ebuild,
+ +files/ca-certificates-20141019-root.patch:
+ Version bump.
*ca-certificates-20140927.3.17.2 (16 Oct 2014)
diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index d639abf286eb..7aeaf3f5db97 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,6 +3,7 @@ Hash: SHA256
AUX ca-certificates-20090709-root.patch 2842 SHA256 701da246597154c37b5c9ff6999730fe8b76fe10811f71b2d1eded50a2f4f175 SHA512 d7aa7f51099ffb254184bbe84a9129e2b682311eed585f43286c716a4e1d3857144ebb40074b1ec921a16d6a3a771b37d74300bf581b3ca8427d18998fad8ebe WHIRLPOOL 7c10e00fa48abe1756533f599364aab26253ede01c9b6d0563ae1848ec62657b863eb897ce0c16c53e0a353024025c0c5b9d112fdbfcb3f5754882e4a8feabce
AUX ca-certificates-20110502-root.patch 2942 SHA256 7f2273b748140c5806c37e954bb27846cb0b8bdddda15ba0f23d3fcae6e77e28 SHA512 972798239229d7d32b4e3c52a962f67db79eaafcbfac03683283861d2ed049daa5d2c77ef05343606afaed108bd8513c9aa588545049263ec8be598dfdb20d96 WHIRLPOOL 667d62670c3e498a69e46ba7d384fdacb37631ed887e7c4b110745905a8a28fdcc69e97778e1d177eb2ce68d724f0852e66f324025ecf059b1bc615c2cdf9d53
+AUX ca-certificates-20141019-root.patch 3307 SHA256 3d1a6f8db5a33e387421e1bb12e2da5a514143b3267361c63569329628d30062 SHA512 4c49945a23040cdf44c8cfe6e8c2e5817474e502823c2389fa82c2cc745bce5c562f5c29c96049d328891475a0c16dc1149b7199005e05a7221f9e2b9e82098e WHIRLPOOL f468bb9a199d1a6d6153e266dcd77f5ecaf0b5721b78780e74a1800f13c321e1bef52039314f85b0c5de9be6b811d9c88fdb0c9edec07ff5c555a760615a5acd
DIST ca-certificates_20090709_all.deb 154620 SHA256 de1e35997eb39c7ba5713f206aba034ff8ce8aa3aebebfc7eb1823de9968d767 SHA512 2237f03c6794f33e5dde2acc05c04447daf2b8a41fc4182297d971cf4bc1eb2ae1abdf21561fb8fdf9dad27465e63c17b8bd2060d3b270edcfdf22c5c5cb094d WHIRLPOOL 174facc0da0677baae403a0e9234692768d6a6342a1894116561a2c41878850cdc603c3556961641ba743fe347c436adef1d914060b23767549dd40041c4120c
DIST ca-certificates_20110421_all.deb 176778 SHA256 a60a9c0faf1847df4553ce13ffe337412b88dd1b9d502741ac1760204c0bdda3 SHA512 11c9ba3f483cd17ca964f19e6ec394a2239fd74187f57224d7b13d1c0bf5dc55bb6c66217c1dd8273695ff92710617a897f7a40be6e4ec9960276f1bfe6b2bbb WHIRLPOOL 67dee5217526d5abec740f367fe28ce0f823d3c21b99fc988b73e75859e47beb00cb76e3d83572e704c3924e45bd9f6a7c818a1a1b2dd3bf7594864c9d9b2c5f
DIST ca-certificates_20110502+nmu1_all.deb 174242 SHA256 d44284ee9b733b9890a54516f66b68a382ac5fb2c0bdceafed4cf229aa3b05a1 SHA512 2ba33346689d21846632390ad55f2a6102a333cc32019a6e00d85c00970a6f744b4a4d548b68bf9b6369d0cfc2b06009db4b4be4ffafd3629bf05737fdc096d2 WHIRLPOOL 88ffbbc68e1299a2b3cc243e1b17160f9862c469279e8dca03841c45defb238c034c8d81abe811a3d32f9968d7754f6d8c64a697cbcba0c2eb4be9d513d527e9
@@ -18,11 +19,13 @@ DIST ca-certificates_20140223.tar.xz 274768 SHA256 815b7cd97200b0d76450bb3e7d9b6
DIST ca-certificates_20140223_all.deb 190226 SHA256 13cb11144a97d95a8be130e4bcdd6c9ffc3df269bb194699bcd21ca377e01df2 SHA512 003b6fd2301eee3ca2119781ee75a1b195f142678d4570b598c4b93847de23c4f659152f834db1f0c8866767324d02b27807260cf43f6ae16207538fa419aa31 WHIRLPOOL 179a0bcf341e7de07d02f6574850614ef221851379945db00018d25f485cee6c11915322ee370e72321d81464d7d6bb96401b41029b8f7215a68e46971671deb
DIST ca-certificates_20140325.tar.xz 278816 SHA256 c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a SHA512 6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 WHIRLPOOL 93d4ff1ac74c6961612ffa0e4da35228636698940fd0a66e4e6842de4e48f5ded74885bfb330f6d106ae267124309d51d49f646959bbae1ef9fa7a55dbb2085a
DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270
+DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 SHA512 4db27ea98f17f1a5bc6f513455497945fc35957f573b3ac7e730b166fbe0e8fd741c188187c578faf361d969db63d83ff8ccf15ac2b8ca72a367f33a018695ca WHIRLPOOL c3c687ac53dca571d1c45bdf4a80e192ca58da07e06ef56de7ac9736480c97689dd12d14351860764b70a1d823092a1ddbc471328c4bae4a899edd0e331c8aee
DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3
DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e
DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
+DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
EBUILD ca-certificates-20090709.ebuild 2126 SHA256 86820ea4d33d9e0e779c0a0d631242b12821bf4135ec6bccd2c284e948c51b19 SHA512 5c47bd113f19d733219b57c5f5845617fd37802a1a2556af928c6affdb30a210ce91d2b9f97a55c13a22c586f20abe0865a8ec7237ba1841bfadd5cba4184e3a WHIRLPOOL 472cffbb69b7888aeca35faf6e03ae7d862f839b74fef6617d2008f12d8ed6b5f9451ea0f536141b7fd80fd6a121dc8617ad1b87634127fe95557c95f74e1089
EBUILD ca-certificates-20110421.ebuild 2119 SHA256 1223e4710e2d72fbb97f93bfa77351912b20b6ea07e83c7672bd24b1d812a634 SHA512 324615e914c150b991576df567b5f5042e527d05cd4674e44060771cf7e0e68cfa8495e432fa925d074b6602334d9b80cec50fdad7ae64cb3633c4c9726b42d6 WHIRLPOOL dffadcbc624cee7b9203c8ff6bba375508679c8d87ebb8a12da543d68cc937159b3f26b95bca94c444522e40c30b5b06741f1116233a6af3c6df5a428218fa16
EBUILD ca-certificates-20110502-r1.ebuild 2116 SHA256 39b705809344be81df5d717a63f7909127481f9ec052c2169d74ac2eda508e68 SHA512 570c7611404cb2cd230bf5925967230aa9e2f90f84bad157d6da522ab5d49c08ae8e6a2170694a094331c549373b2d253388d67a69032f775f9a94dfe476c794 WHIRLPOOL c24f06ad859f69187caacb83ff2835d40d17a7e1e6c03c16cbaf7794c9eab1a2cfb01b7b58290d72abb4f36cec6a655e79efb9a9acd53e99ee5c6d75caf8193e
@@ -42,22 +45,23 @@ EBUILD ca-certificates-20140223.3.15.5-r1.ebuild 6300 SHA256 a27cf48ebf50dd47571
EBUILD ca-certificates-20140223.3.16-r1.ebuild 6298 SHA256 bf12b98d046654227427e091d3af56abcd358a17713e5004e51a56ab11da392e SHA512 180f46e3cb916a625da0cab7808c674c4dcc8ec3a0244d7ff2586604a384355d9e9e7aa6e2422e4632e0fab8af2e3788ad3c4f249e63a4175c2a2996cb044475 WHIRLPOOL 872584b604b8deb5f77cc36b85dc209196f1fefb8e9097e03c51a3c6bc6ca883c8a62dc4186c655f5c55475e8c19bc7d1060b1831f9864eaf6a00cb67de31998
EBUILD ca-certificates-20140325.3.16.3.ebuild 6291 SHA256 f35a9a2d1dbf40a6fc9da488d566bea236d86d84167dbb0a197874060d2acfd5 SHA512 51234db2b011b857e46d71be9b2befd27a9fa27336e580f12bfdd8eeb957dcb7134596e6e47787e90df829f84322b9ba0b264ed917c25bbf5945c9a8c4e2bb91 WHIRLPOOL 1d5ca40fc11b001884e4ec68a333007cea7ceecdd4c70d8562c08a25fd2079d1353dad2fd8f85a8e50921ce74d6efc49da86863a7361191eff7695aa6f190885
EBUILD ca-certificates-20140927.3.17.2.ebuild 6318 SHA256 742d940aab7a79b2deb3b9d67659cf7ac6fe88552c1e83a3ebf92b3c8f2a28fa SHA512 7148a6ce42a074851082bff11db5736edaf7a4611ee0a5156fc50be8d946460dd993473a5e951c9a058c47dfd8c9b8918437b312e19a3bb6c142e40f325ad78c WHIRLPOOL d7a62d831f60de9fbe1f67d05cb237cc9d01f37ba995e6ccbc4778c7c109498cc7b14f20e76e57e1eba60de33f8b0fdfc0ff04ea1f550138d2b326c82b2f8e5e
-MISC ChangeLog 16512 SHA256 4a4a06f40f1f266551b0858eb8e675c95adf9512e1052266034bb0546dd0840f SHA512 c6d9fb93dd8ad971213f97cd1f706cd33557e9cf07977effde19e55408d41cde80d375037af5d3d021ec0995d221949742da0a20b69e2642907e9651ca536f88 WHIRLPOOL b95596ab0b6b801838de2e738d9156961c07bd931b63580c4c7e790a157a02eb5e1b238c4f053c991a97a37319129f55a4e01bd8871c1f8cdb6d1ca5063b0f51
+EBUILD ca-certificates-20141019.3.17.4.ebuild 6312 SHA256 a31adaabcb4e9206b959fd642cfcf7b1510c6c061b33f75fd06ab5ebfa9391d0 SHA512 0b61196f6165f74e62161dcbd93b05ee8c20be197b396f78cc7e08ea619a73a62e89713db51f44f88edf52909505bd2944326d9f2f5123a514b46ceb625ec273 WHIRLPOOL 92112115f527ed2494e0d546240f72ed19ecacfdc688da9c65893e8467bc5e0703b1879d56152ca73be495f7fb05aea672da0e11db84ec734745271b57550ec7
+MISC ChangeLog 16716 SHA256 a269bf06a88cf009f01e41f468ebc9ea771b46307b095e1e8fa89d32cbbe8e91 SHA512 3b36627f2c3ec91fe61b0520f00411ae1ad34828862e6f57a8124f104db3af0cc38204f6a1e686ba229fe319f741150f2c5b92ebdcd2ebf567e847d1377b07dd WHIRLPOOL 54f1e2ab6079f82f6297389c8cdf8fd592455788698646b004f80fc2460c0789593f2933c512c7e78dfb115ec15eb947fe8285e48554dcbb58b07b74d2e54277
MISC metadata.xml 343 SHA256 770e903b1433ea49a4d4e8fc47084cfa0412e76d2ab59f973d80d2e3db2eaae9 SHA512 3d72166eaf516edbd6d68652f9debbc864046ab548f6e7c171c2790add07f436fb426781f5ef98bfc4b9c3f36e3b616c8b8973e5c601b13f2fa4bdf2bba3f89d WHIRLPOOL bbffa556e696d62479bcdd2d67b03368f412859a1eb9d47ae93f4b364d6e44aca229b20649f97b3a3fc0ad51e2b831b2e1cdd1da84b3abf8ffa17c5e75305088
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-iQIcBAEBCAAGBQJUQAT4AAoJEPGu1DbS6WIAcj4P/164Y0NbRgZ1AtSj2guH6uk8
-ByTA+TI/dWDZRbPr+WW35lRe6iEFnvSdrC4ve8l2Y5GOjagLF5rHoWY1maSmc3F7
-6cHlFqD3Aw4qgQkB4rUwnjBW0sxbFtjbXfOIKeGh0Fghff3z93oybFfeyo9mn55f
-zOjmuy3yJUt3JwgvJr70SNAeloVIOnUIN7aDO8Q2kotSG8VN9T8CrlLYu0E/pPjO
-4NT2SYWtsenilpSR5dkf87Xk6nqDFto5RqnxoefF7wzvc5NvTDLjBdJBx764YRUK
-cGCEF5pWBwhuZtOHDlj7PiAaiRt7FgnaSUF++X36xHYcQS5Q8iZUpZfLS3nRpMPi
-a8rCJ56VGHKsuluw4AU6hAwkKToSMLf4g9+rXht+BQDJ7QhhNmnw4B3O5QJvDPQb
-FRVHVcRbjc0inYAZXvlUgEhI5bJK0BQ0ngiugJS1EYp1ORMmtSjw2OEV3231UQRT
-biWp5yR0zlwT20rQqvvSXc1Vb3rVzC3knq4BFNwJzslgY7gCmHpZdXwzFrj8N9do
-2+K8YJMKSd6eRrx7iwiWflFLRtRJqKchHBv7Z54aUd7vT2eFzJnOQbHaJiX39Jbp
-LmnwiQ2S+GMEmjYj5KsADxu7m+eM1+lX4189f6wvWMXRVO8iifbCWLJryJq8WuXW
-5t26B7T0C0SJGNmhVK4M
-=whBC
+iQIcBAEBCAAGBQJVDgevAAoJEPGu1DbS6WIA3hoP/Aq1ITRO7AkMMrQuH3TxPAhV
+bsptGY/PoF6WVsLZ0QSWLpZEXOdvcGl9MKYW6kH3+/vDvn/WBRpBIaYtfc2qiWYa
+Y0ynlEDRCWRu1iAl2YVxxZdBDH4FXmqOzAPGTZOpBgEJJWwycCRc4AolSO0z1x4y
+hy7JOQvKhk01102Piyf2PFgxKiJw4p/1lICVeNubxC0axfizLE22WcMZg/QJwcxe
+2ORX/YcPeyoxcoCU1gk+N2kX6su7F8lwGD467wF9+3voNGCDE4FrhCFMw86l58EK
+4+klIjVNOjQzTog9o2u25cagKGTqsVtaoBqiRcTqa4i5fUW+LbW0OLsGhSjyKgTL
+1ALHaP8/tTcCR+h7r5JhEX4nQH+ZHvtWCIIl6QUQWVN2PUfnUfbzcD0jEIZefs55
+IUTL8QXjUZo8gH82aODTJJ74w6lXKbBFp7rJz6ZyMlw6o04erc6fhkZWXHlkaU6U
+bQX9X3oxhTBA2luLLCseSt1Qe2wkqhfU1HNm3o51fI7Q9Ijln+enEcKSfJ73VaiL
+QU2yarwseFveRGlQvZLcQ03gafuLwj8Is1F6m8lQ6DLOmuUJJ+3mS4rECfycJXmD
+sniaqp7X49lKgzoapagg/x7GsWJh+vjuRKEOZdhu5t+UNkXSsfoHXtjGNcX1wnVF
+Vnfa4QFfX/jPsdxruabk
+=1rl8
-----END PGP SIGNATURE-----
diff --git a/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild b/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild
new file mode 100644
index 000000000000..e4f21453b19b
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/ca-certificates/ca-certificates-20141019.3.17.4.ebuild,v 1.1 2015/03/22 00:07:09 vapier Exp $
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result. The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+# Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="4"
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+ # Compile from source ourselves.
+ PRECOMPILED=false
+ inherit versionator
+
+ DEB_VER=$(get_version_component_range 1)
+ NSS_VER=$(get_version_component_range 2-)
+ RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+ # Debian precompiled version.
+ PRECOMPILED=true
+ inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+ SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+ ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+ cacert? ( http://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+ # platforms like AIX don't have a good ar
+ DEPEND+="
+ kernel_AIX? ( app-arch/deb2targz )
+ !<sys-apps/portage-2.1.10.41"
+fi
+# openssl: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+ dev-libs/openssl
+ sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+ DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+ # For the conversion to having it in CONFIG_PROTECT_MASK,
+ # we need to tell users about it once manually first.
+ [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+ || ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+ ${PRECOMPILED} || default
+
+ mv ${PN}-*/ ${PN} || die
+
+ # Do all the work in the image subdir to avoid conflicting with source
+ # dirs in $WORKDIR. Need to perform everything in the offset #381937
+ mkdir -p "image/${EPREFIX}"
+ cd "image/${EPREFIX}" || die
+
+ ${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+ cd "image/${EPREFIX}" || die
+ if ! ${PRECOMPILED} ; then
+ mkdir -p usr/sbin
+ cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+ if use cacert ; then
+ pushd "${S}"/nss-${NSS_VER} >/dev/null
+ epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+ popd >/dev/null
+ fi
+ fi
+
+ epatch "${FILESDIR}"/${PN}-20141019-root.patch
+ local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+ sed -i \
+ -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
+ -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+ usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+ cd "image/${EPREFIX}" || die
+ if ! ${PRECOMPILED} ; then
+ python_setup
+ local d="${S}/${PN}/mozilla"
+ # Grab the database from the nss sources.
+ cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+ emake -C "${d}"
+
+ # Now move the files to the same places that the precompiled would.
+ mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+ if use cacert ; then
+ mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+ mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+ mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+ fi
+ mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+ else
+ mv usr/share/doc/{ca-certificates,${PF}} || die
+ fi
+
+ (
+ echo "# Automatically generated by ${CATEGORY}/${PF}"
+ echo "# $(date -u)"
+ echo "# Do not edit."
+ cd usr/share/ca-certificates
+ find * -name '*.crt' | LC_ALL=C sort
+ ) > etc/ca-certificates.conf
+
+ sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+ cp -pPR image/* "${D}"/ || die
+ if ! ${PRECOMPILED} ; then
+ cd ca-certificates
+ doman sbin/*.8
+ dodoc debian/README.* examples/ca-certificates-local/README
+ fi
+
+ echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+ doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+ if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+ # if the user has local certs, we need to rebuild again
+ # to include their stuff in the db.
+ # However it's too overzealous when the user has custom certs in place.
+ # --fresh is to clean up dangling symlinks
+ "${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
+ fi
+
+ local c badcerts=0
+ for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+ ewarn "Broken symlink for a certificate at $c"
+ badcerts=1
+ done
+ if [ $badcerts -eq 1 ]; then
+ ewarn "Removing the following broken symlinks:"
+ ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+ fi
+}
diff --git a/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch b/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch
new file mode 100644
index 000000000000..2b2a42c58ec5
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-20141019-root.patch
@@ -0,0 +1,116 @@
+add a --root option so we can generate with DESTDIR installs
+
+--- a/usr/sbin/update-ca-certificates
++++ b/usr/sbin/update-ca-certificates
+@@ -23,6 +23,8 @@
+
+ verbose=0
+ fresh=0
++ROOT=""
++RELPATH=""
+ while [ $# -gt 0 ];
+ do
+ case $1 in
+@@ -30,18 +32,23 @@ do
+ verbose=1;;
+ --fresh|-f)
+ fresh=1;;
++ --root|-r)
++ ROOT=$(readlink -f "$2")
++ # needed as c_rehash wants to read the files directly
++ RELPATH="../../.."
++ shift;;
+ --help|-h|*)
+- echo "$0: [--verbose] [--fresh]"
++ echo "$0: [--verbose] [--fresh] [--root <dir>]"
+ exit;;
+ esac
+ shift
+ done
+
+-CERTSCONF=/etc/ca-certificates.conf
+-CERTSDIR=/usr/share/ca-certificates
+-LOCALCERTSDIR=/usr/local/share/ca-certificates
++CERTSCONF="$ROOT/etc/ca-certificates.conf"
++CERTSDIR="$ROOT/usr/share/ca-certificates"
++LOCALCERTSDIR="$ROOT/usr/local/share/ca-certificates"
+ CERTBUNDLE=ca-certificates.crt
+-ETCCERTSDIR=/etc/ssl/certs
++ETCCERTSDIR="$ROOT/etc/ssl/certs"
+
+ cleanup() {
+ rm -f "$TEMPBUNDLE"
+@@ -66,7 +73,7 @@ add() {
+ -e 's/,/_/g').pem"
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+ then
+- ln -sf "$CERT" "$PEM"
++ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM"
+ echo +$PEM >> "$ADDED"
+ fi
+ # Add trailing newline to certificate, if it is missing (#635570)
+@@ -79,36 +86,36 @@ remove() {
+ if test -L "$PEM"
+ then
+ rm -f "$PEM"
+- echo -$PEM >> "$REMOVED"
++ echo "-$PEM" >> "$REMOVED"
+ fi
+ }
+
+-cd $ETCCERTSDIR
++cd "$ETCCERTSDIR"
+ if [ "$fresh" = 1 ]; then
+- echo -n "Clearing symlinks in $ETCCERTSDIR..."
++ printf "Clearing symlinks in $ETCCERTSDIR..."
+ find . -type l -print | while read symlink
+ do
+- case $(readlink $symlink) in
+- $CERTSDIR*) rm -f $symlink;;
++ case $(readlink "$symlink") in
++ "$CERTSDIR"*) rm -f "$symlink";;
+ esac
+ done
+ find . -type l -print | while read symlink
+ do
+- test -f $symlink || rm -f $symlink
++ test -f "$symlink" || rm -f "$symlink"
+ done
+ echo "done."
+ fi
+
+-echo -n "Updating certificates in $ETCCERTSDIR... "
++printf "Updating certificates in $ETCCERTSDIR... "
+
+ # Handle certificates that should be removed. This is an explicit act
+ # by prefixing lines in the configuration files with exclamation marks (!).
+-sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt
++sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt
+ do
+ remove "$CERTSDIR/$crt"
+ done
+
+-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt
++sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+ do
+ if ! test -f "$CERTSDIR/$crt"
+ then
+@@ -151,14 +158,14 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE"
+
+ echo "$ADDED_CNT added, $REMOVED_CNT removed; done."
+
+-HOOKSDIR=/etc/ca-certificates/update.d
+-echo -n "Running hooks in $HOOKSDIR...."
++HOOKSDIR="$ROOT/etc/ca-certificates/update.d"
++printf "Running hooks in $HOOKSDIR...."
+ VERBOSE_ARG=
+ [ "$verbose" = 0 ] || VERBOSE_ARG=--verbose
+-eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook
++eval run-parts $VERBOSE_ARG --test -- \""$HOOKSDIR"\" | while read hook
+ do
+ ( cat $ADDED
+- cat $REMOVED ) | $hook || echo E: $hook exited with code $?.
++ cat $REMOVED ) | "$hook" || echo E: "$hook" exited with code $?.
+ done
+ echo "done."
+