commit e6eab02e80ad5528edf6040ede5fbf57ad5b8072 parent 156367c3a7b331ef101993d1ab0815bcdc010684 Author: Jan Pobrislo <ccx@te2000.cz> Date: Fri, 9 May 2025 11:56:03 +0000 WIP certificate directory structure generation (possibly insecure) Diffstat:
44 files changed, 993 insertions(+), 87 deletions(-)
diff --git a/commitlist.sha1 b/commitlist.sha1 @@ -353,7 +353,6 @@ fae441e25a1ac266742ba6446b37ae56c8e57076 sources/ccx-utils c6aef8098d37a1773439117a5674bfc8662ef62b sources/confz 3955e658562cef8e6012c1936a6c79c6b6628773 sources/containers 41d6ee2d6aa33b323eee611013dd4aab6a09fc89 sources/containers -50605df970917899b3eb154736952f339471f7e2 sources/containers c33438f227efa4e8541c3152b684e3925c944f71 sources/containers e8dfe8dcb4396ac0f12f0d0017f9836fa113e3a6 sources/containers 94422be00da71ff44c8ad1fe3455587c62ca29d3 sources/easyseccomp diff --git a/downloadlist.sha256 b/downloadlist.sha256 @@ -58,3 +58,4 @@ e209daf0ee038ca5adcc4c277e9273b4d51f46a2ff86da575d36742ac3508a17 2642452 https:/ ddf0e32dd5fafe5283198d37e4bf9decf7ba1770b6e7e006c33e6df79e6a6157 958468 https://github.com/libunwind/libunwind/releases/download/v1.8.1/libunwind-1.8.1.tar.gz 712590fd20aaa60ec75d778fe5b810d6b829ca7fb1e530577917a131f9105539 18102481 https://github.com/openssl/openssl/releases/download/openssl-3.3.3/openssl-3.3.3.tar.gz 3bc9fc0e61827ee2f608e5e44993a8fda6d610b80a1e01a9c75610cc292997b5 432142 https://causal.agency/libretls/libretls-3.8.1.tar.gz +6ef7bc56cc0e0b307d99a3c494119686091cc1d4ad08986d68aa089dd00c7788 234383 https://gitlab.alpinelinux.org/alpine/ca-certificates/-/archive/20241121/ca-certificates-20241121.tar.bz2 diff --git a/filelist.sha256 b/filelist.sha256 @@ -23,6 +23,8 @@ a4facc0856b512ad8ab5aed7b07e14a9629aaf042b1e92377ba22fcfc4c4205b files/argp-sta e81557d01115c246b88d9138281a6d16e484acb0581d396e6c03b02a378dcc1d files/busybox.config 955edd28faae9dd665f002c85466eef58ef8fd36d76d1f39eb974e22933478ab files/busybox.config.1_12_0-8342-gaa4d303a3 9ee52091d7a41e7e492d508574573fbebe64155d85a07980128f21105eaad1e2 files/busybox_bootstrap.config +a68fedc0edd976b9f35ecfdcb252d80dc12084b1bc4e945be7dc42c437d8b540 files/c_rehash.c +064f7d41106cd9efa08b9e68cf049f44e3be55666bd2ab96d02c508293b8dce7 files/certdata2pem.c 75d5d255a2a273b6e651f82eecfabf6cbcd8eaeae70e86b417384c8f4a58d8d3 files/config.sub b9236c0fd504ffbc56f65d0522d2acadcd2683380eaa6f1873e8201eaa7388a5 files/default-policy.easyseccomp 9be2e5a97b3fcbc60dedb71967667b9a21d562dbfdaa7f9f74f4b3d9cbb5df86 files/dwarf.h diff --git a/files/c_rehash.c b/files/c_rehash.c @@ -0,0 +1,380 @@ +/* c_rehash.c - Create hash symlinks for certificates + * C implementation based on the original Perl and shell versions + * + * Copyright (c) 2013-2014 Timo Teräs <timo.teras@iki.fi> + * All rights reserved. + * + * This software is licensed under the MIT License. + * Full license available at: http://opensource.org/licenses/MIT + */ + +#include <stdio.h> +#include <limits.h> +#include <string.h> +#include <unistd.h> +#include <dirent.h> +#include <sys/stat.h> + +#include <openssl/evp.h> +#include <openssl/pem.h> +#include <openssl/x509.h> + +#define MAX_COLLISIONS 256 +#define countof(x) (sizeof(x) / sizeof(x[0])) + +#if 0 +#define DEBUG(args...) fprintf(stderr, args) +#else +#define DEBUG(args...) +#endif + +struct entry_info { + struct entry_info *next; + char *filename; + unsigned short old_id; + unsigned char need_symlink; + unsigned char digest[EVP_MAX_MD_SIZE]; +}; + +struct bucket_info { + struct bucket_info *next; + struct entry_info *first_entry, *last_entry; + unsigned int hash; + unsigned short type; + unsigned short num_needed; +}; + +enum Type { + TYPE_CERT = 0, + TYPE_CRL +}; + +static const char *symlink_extensions[] = { "", "r" }; +static const char *file_extensions[] = { "pem", "crt", "cer", "crl" }; + +static int evpmdsize; +static const EVP_MD *evpmd; + +static int do_hash_new = 1; +static int do_hash_old = 0; +static int do_remove_links = 1; +static int do_verbose = 0; + +static struct bucket_info *hash_table[257]; + +static void bit_set(unsigned char *set, unsigned bit) +{ + set[bit / 8] |= 1 << (bit % 8); +} + +static int bit_isset(unsigned char *set, unsigned bit) +{ + return set[bit / 8] & (1 << (bit % 8)); +} + +static void add_entry( + int type, unsigned int hash, + const char *filename, const unsigned char *digest, + int need_symlink, unsigned short old_id) +{ + struct bucket_info *bi; + struct entry_info *ei, *found = NULL; + unsigned int ndx = (type + hash) % countof(hash_table); + + for (bi = hash_table[ndx]; bi; bi = bi->next) + if (bi->type == type && bi->hash == hash) + break; + if (!bi) { + bi = calloc(1, sizeof(*bi)); + if (!bi) return; + bi->next = hash_table[ndx]; + bi->type = type; + bi->hash = hash; + hash_table[ndx] = bi; + } + + for (ei = bi->first_entry; ei; ei = ei->next) { + if (digest && memcmp(digest, ei->digest, evpmdsize) == 0) { + fprintf(stderr, + "WARNING: Skipping duplicate certificate in file %s\n", + filename); + return; + } + if (!strcmp(filename, ei->filename)) { + found = ei; + if (!digest) break; + } + } + ei = found; + if (!ei) { + if (bi->num_needed >= MAX_COLLISIONS) return; + ei = calloc(1, sizeof(*ei)); + if (!ei) return; + + ei->old_id = ~0; + ei->filename = strdup(filename); + if (bi->last_entry) bi->last_entry->next = ei; + if (!bi->first_entry) bi->first_entry = ei; + bi->last_entry = ei; + } + + if (old_id < ei->old_id) ei->old_id = old_id; + if (need_symlink && !ei->need_symlink) { + ei->need_symlink = 1; + bi->num_needed++; + memcpy(ei->digest, digest, evpmdsize); + } +} + +static int handle_symlink(const char *filename, const char *fullpath) +{ + static char xdigit[] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,-1,-1,-1,-1,-1,-1, + -1,10,11,12,13,14,15,-1,-1,-1,-1,-1,-1,-1,-1,-1, + -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1, + -1,10,11,12,13,14,15 + }; + char linktarget[NAME_MAX], *endptr; + unsigned int hash = 0; + unsigned char ch; + int i, type, id; + ssize_t n; + + for (i = 0; i < 8; i++) { + ch = filename[i] - '0'; + if (ch >= countof(xdigit) || xdigit[ch] < 0) + return -1; + hash <<= 4; + hash += xdigit[ch]; + } + if (filename[i++] != '.') return -1; + for (type = countof(symlink_extensions) - 1; type > 0; type--) + if (strcasecmp(symlink_extensions[type], &filename[i]) == 0) + break; + i += strlen(symlink_extensions[type]); + + id = strtoul(&filename[i], &endptr, 10); + if (*endptr != 0) return -1; + + n = readlink(fullpath, linktarget, sizeof(linktarget)); + if (n >= sizeof(linktarget) || n < 0) return -1; + linktarget[n] = 0; + + DEBUG("Found existing symlink %s for %08x (%d), certname %s\n", + filename, hash, type, linktarget); + add_entry(type, hash, linktarget, NULL, 0, id); + return 0; +} + +static int handle_certificate(const char *filename, const char *fullpath) +{ + STACK_OF(X509_INFO) *inf; + X509_INFO *x; + BIO *b; + const char *ext; + unsigned char digest[EVP_MAX_MD_SIZE]; + X509_NAME *name = NULL; + int i, type, ret = -1; + + ext = strrchr(filename, '.'); + if (ext == NULL) return 0; + for (i = 0; i < countof(file_extensions); i++) { + if (strcasecmp(file_extensions[i], ext+1) == 0) + break; + } + if (i >= countof(file_extensions)) return -1; + + b = BIO_new_file(fullpath, "r"); + if (!b) return -1; + inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL); + BIO_free(b); + if (!inf) return -1; + + if (sk_X509_INFO_num(inf) == 1) { + x = sk_X509_INFO_value(inf, 0); + if (x->x509) { + type = TYPE_CERT; + name = X509_get_subject_name(x->x509); + X509_digest(x->x509, evpmd, digest, NULL); + } else if (x->crl) { + type = TYPE_CRL; + name = X509_CRL_get_issuer(x->crl); + X509_CRL_digest(x->crl, evpmd, digest, NULL); + } + if (name && do_hash_new) + add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0); + if (name && do_hash_old) + add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0); + } else { + fprintf(stderr, + "WARNING: %s does not contain exactly one certificate or CRL: skipping\n", + filename); + } + + sk_X509_INFO_pop_free(inf, X509_INFO_free); + + return ret; +} + +static int hash_dir(const char *dirname) +{ + struct bucket_info *bi, *nextbi; + struct entry_info *ei, *nextei; + struct dirent *de; + struct stat st; + unsigned char idmask[MAX_COLLISIONS / 8]; + int i, n, nextid, buflen, ret = -1; + const char *pathsep; + char *buf; + DIR *d; + + if (access(dirname, R_OK|W_OK|X_OK) != 0) { + fprintf(stderr, + "ERROR: Access denied '%s'\n", + dirname); + return -1; + } + + buflen = strlen(dirname); + pathsep = (buflen && dirname[buflen-1] == '/') ? "" : "/"; + buflen += NAME_MAX + 2; + buf = malloc(buflen); + if (buf == NULL) + goto err; + + if (do_verbose) printf("Doing %s\n", dirname); + d = opendir(dirname); + if (!d) goto err; + + while ((de = readdir(d)) != NULL) { + if (snprintf(buf, buflen, "%s%s%s", dirname, pathsep, de->d_name) >= buflen) + continue; + if (lstat(buf, &st) < 0) + continue; + if (S_ISLNK(st.st_mode) && handle_symlink(de->d_name, buf) == 0) + continue; + if (strcmp(buf, "/etc/ssl/certs/ca-certificates.crt") == 0) { + /* Ignore the /etc/ssl/certs/ca-certificates.crt file */ + if (do_verbose) printf("Skipping %s file\n", buf); + continue; + } + handle_certificate(de->d_name, buf); + } + closedir(d); + + for (i = 0; i < countof(hash_table); i++) { + for (bi = hash_table[i]; bi; bi = nextbi) { + nextbi = bi->next; + DEBUG("Type %d, hash %08x, num entries %d:\n", bi->type, bi->hash, bi->num_needed); + + nextid = 0; + memset(idmask, 0, (bi->num_needed+7)/8); + for (ei = bi->first_entry; ei; ei = ei->next) + if (ei->old_id < bi->num_needed) + bit_set(idmask, ei->old_id); + + for (ei = bi->first_entry; ei; ei = nextei) { + nextei = ei->next; + DEBUG("\t(old_id %d, need_symlink %d) Cert %s\n", + ei->old_id, ei->need_symlink, + ei->filename); + + if (ei->old_id < bi->num_needed) { + /* Link exists, and is used as-is */ + snprintf(buf, buflen, "%08x.%s%d", bi->hash, symlink_extensions[bi->type], ei->old_id); + if (do_verbose) printf("link %s -> %s\n", ei->filename, buf); + } else if (ei->need_symlink) { + /* New link needed (it may replace something) */ + while (bit_isset(idmask, nextid)) + nextid++; + + snprintf(buf, buflen, "%s%s%n%08x.%s%d", + dirname, pathsep, &n, bi->hash, + symlink_extensions[bi->type], + nextid); + if (do_verbose) printf("link %s -> %s\n", ei->filename, &buf[n]); + unlink(buf); + symlink(ei->filename, buf); + } else if (do_remove_links) { + /* Link to be deleted */ + snprintf(buf, buflen, "%s%s%n%08x.%s%d", + dirname, pathsep, &n, bi->hash, + symlink_extensions[bi->type], + ei->old_id); + if (do_verbose) printf("unlink %s\n", &buf[n]); + unlink(buf); + } + free(ei->filename); + free(ei); + } + free(bi); + } + hash_table[i] = NULL; + } + + ret = 0; +err: + free(buf); + return ret; +} + +static void c_rehash_usage(void) +{ + printf("\ +usage: c_rehash <args> <dirs>\n\ +\n\ +-compat - create new- and old-style hashed links\n\ +-old - use old-style hashing for generating links\n\ +-h - display this help\n\ +-n - do not remove existing links\n\ +-v - be more verbose\n\ +\n"); +} + +int main(int argc, char **argv) +{ + const char *env, *opt; + int i, numargs, r = 0; + + evpmd = EVP_sha1(); + evpmdsize = EVP_MD_size(evpmd); + + numargs = argc; + for (i = 1; i < argc; i++) { + if (argv[i][0] != '-') continue; + if (strcmp(argv[i], "--") == 0) { argv[i] = 0; numargs--; break; } + opt = &argv[i][1]; + if (strcmp(opt, "compat") == 0) { + do_hash_new = do_hash_old = 1; + } else if (strcmp(opt, "old") == 0) { + do_hash_new = 0; + do_hash_old = 1; + } else if (strcmp(opt, "n") == 0) { + do_remove_links = 0; + } else if (strcmp(opt, "v") == 0) { + do_verbose++; + } else { + if (strcmp(opt, "h") != 0) + fprintf(stderr, "unknown option %s\n", argv[i]); + c_rehash_usage(); + return 1; + } + argv[i] = 0; + numargs--; + } + + if (numargs > 1) { + for (i = 1; i < argc; i++) + if (argv[i]) r |= hash_dir(argv[i]); + } else if ((env = getenv("SSL_CERT_DIR")) != NULL) { + char *e, *m; + m = strdup(env); + for (e = strtok(m, ":"); e != NULL; e = strtok(NULL, ":")) + r |= hash_dir(e); + free(m); + } else { + r |= hash_dir("/etc/ssl/certs"); + } + + return r ? 2 : 0; +} diff --git a/files/certdata2pem.c b/files/certdata2pem.c @@ -0,0 +1,142 @@ +/* Copyright (C) 2013, Felix Janda <felix.janda@posteo.de> + +Permission to use, copy, modify, and/or distribute this software for +any purpose with or without fee is hereby granted, provided that the +above copyright notice and this permission notice appear in all copies. + +SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <err.h> + +void xwrite(FILE *f, void *p, size_t size) +{ + if (fwrite(p, 1, size, f) != size) err(1, 0); +} + +int main(void) +{ + FILE *f; + char cert[4096], ecert[4096*4/3 + 100]; + char *line = 0, *tmp, *filename, *label, *pcert = 0; + ssize_t len; + size_t size, certsize; + int trust; + char **blacklist = 0, **node; + + filename = "./blacklist.txt"; + if (!(f = fopen(filename, "r"))) err(1, "%s", filename); + while ((len = getline(&line, &size, f)) != -1) { + if ((line[0] != '#') && (len > 1)) { + if (!(node = malloc(sizeof(void*) + len))) err(1, 0); + *node = (char*)blacklist; + memcpy(node + 1, line, len); + blacklist = node; + } + } + fclose(f); + + filename = "./certdata.txt"; + if (!(f = fopen(filename, "r"))) err(1, "%s", filename); + while ((len = getline(&line, &size, f)) != -1) { + tmp = line; + if (line[0] == '#') continue; + if (pcert) { + if (!strcmp(line, "END\n")) { + char *base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz0123456789+/"; + size_t i, j, k, val; + + for (i = 0, val = 0, tmp = ecert; i < (size_t)(pcert - cert); i++) { + val = (val << 8) + (unsigned char)cert[i]; + if (i % 3 == 2) { + for (j = 0; j < 4; j++, val >>= 6) tmp[3 - j] = base64[val & 0x3f]; + tmp += 4; + } + if (i && !(i % 48)) { + *tmp = '\n'; + tmp++; + } + } + if (k = i % 3) { + tmp[2] = '='; + tmp[3] = '='; + val <<= 6 - 2*k; + for (j = 0; j < k + 1; j++, val >>= 6) tmp[k - j] = base64[val & 0x3f]; + tmp += 4; + } + certsize = tmp - ecert; + pcert = 0; + } else while (sscanf(tmp, "\\%hho", pcert) == 1) pcert++, tmp += 4; + } else if (!memcmp(line, "CKA_LABEL UTF8 ", 15)) { + + char *p2, *tmp2; + len -= 15; + if (!(label = malloc(len))) err(1, 0); + memcpy(label, line + 15, len); + trust = 0; + for (node = blacklist; node; node = (char**)*node) + if (!strcmp(label, (char*)(node + 1))) trust = 4; + if (!(p2 = malloc(len + 2))) err(1, 0); + for (tmp = label + 1, tmp2 = p2; *tmp != '"'; tmp++, tmp2++) { + switch (*tmp) { + case '\\': + if (sscanf(tmp, "\\x%hhx", tmp2)!=1) errx(1, "Bad triple: %s\n", tmp); + tmp += 3; + break; + case '/': + case ' ': + *tmp2 = '_'; + break; + case '(': + case ')': + *tmp2 = '='; + break; + default: + *tmp2 = *tmp; + } + } + strcpy(tmp2, ".crt"); + free(label); + label = p2; + } else if (!strcmp(line, "CKA_VALUE MULTILINE_OCTAL\n")) pcert = cert; + else if (!memcmp(line, "CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_", 39)) { + tmp += 39; + if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1; + else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2; + } else if (!memcmp(line, + "CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_", 44)) { + tmp += 44; + if (!strcmp(tmp, "TRUSTED_DELEGATOR\n")) trust |= 1; + else if (!strcmp(tmp, "NOT_TRUSTED\n")) trust |= 2; + if (!trust) printf("Ignoring %s\n", label); + if (trust == 1) { + FILE *out; + if (!(out = fopen(label, "w"))) err(1, "%s", label); + xwrite(out, "-----BEGIN CERTIFICATE-----\n", 28); + xwrite(out, ecert, certsize); + xwrite(out, "\n-----END CERTIFICATE-----\n", 27); + fclose(out); + } + } + } + fclose(f); + + while (blacklist) { + node = (char**)*blacklist; + free(blacklist); + blacklist = node; + } + free(line); + free(label); + return 0; +}+ \ No newline at end of file diff --git a/templates/pkg/ca-certificates-wip-donotuse b/templates/pkg/ca-certificates-wip-donotuse @@ -0,0 +1,20 @@ +{% extends "genlinks" %} +{%- block script %} +#+{{pkg_install_name("musl-cross-make")}} +#+{{pkg_install_name("busybox")}} +#+{{pkg_install_name("certdata2pem")}} +#@untar:-j:sha256:6ef7bc56cc0e0b307d99a3c494119686091cc1d4ad08986d68aa089dd00c7788:. + +cd ca-certificates-20241121 +touch blacklist.txt # TODO! +certdata2pem + +install -d "$pthbs_destdir/$prefix/config/ssl/certs" +for file in *.crt; do + install -m 644 $file "$pthbs_destdir/$prefix/config/ssl/certs" +done +{% endblock %} +{% block genlinks_begin %} + x["./config/ssl/certs/ISRG_Root_X1.crt"]=1 + x["./config/ssl/certs/ISRG_Root_X2.crt"]=1 +{%- endblock %} diff --git a/templates/pkg/certdata2pem b/templates/pkg/certdata2pem @@ -0,0 +1,24 @@ +{% extends "genlinks" %} +{%- block script %} +#+{{pkg_install_name("musl-cross-make")}} +#+{{pkg_install_name("gnu-make")}} +#+{{pkg_install_name("busybox")}} +#@sha256:{{files["certdata2pem.c"]}}:certdata2pem.c + +name=certdata2pem +{% include "functions/check_static" %} +{% include "functions/build_env_static" %} +{% include "functions/vars" %} +build_env_static +def_prefix + +gcc -D_GNU_SOURCE -static -o $name $name.c $LDFLAGS -lskarnet -lcap + +install -d "$pthbs_destdir/$prefix/command" +install -m 755 $name "$pthbs_destdir/$prefix/command" +check_static command/$name +{% endblock %} +{% block genlinks_begin %} + x["./command/certdata2pem"]=1 +{%- endblock %} + diff --git a/templates/pkg/libressl b/templates/pkg/libressl @@ -1,6 +1,8 @@ {% extends "autotools" %} {%- block extra_deps %} +#+{{pkg_install_name("ca-certificates-wip-donotuse")}} #@untar:-z:sha256:6d4b8d5bbb25a1f8336639e56ec5088052d43a95256697a85c4ce91323c25954:. +#@sha256:{{files["c_rehash.c"]}}:c_rehash.c {%- endblock %} {% block at_script %} @@ -10,6 +12,11 @@ autotools_static libressl-3.8.2 --with-openssldir="$prefix/config/ssl" check_static command/openssl check_static command/ocspcheck +cd .. +$CC ./c_rehash.c -o c_rehash --static -static -L"$pthbs_destdir/$prefix/library" -lssl -lcrypto +cp -vs '{{pkg_install_dir("ca-certificates-wip-donotuse")}}/config/ssl/certs' "$prefix/config/ssl/" +./c_rehash "$prefix/config/ssl/" + {% endblock %} {% block genlinks_begin %} x["./command/openssl"]=1 diff --git a/variants/ccx-x86_64/apk-tools b/variants/ccx-x86_64/apk-tools @@ -4,7 +4,7 @@ #+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+patch.05834624d74752d1cbe386cd61dbd0dd98d69aad7777828dcf07390ab8772d4b -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d #+zstd.8b11bd81c450d61aa6a44ffd019654c590439df68ebd8987db4cdbbcf182d67c #+pkgconf-pkg-config.86f9c193f6ccc64cc2ac696a7e3a258f01b8d0c539312ae37c08ea2354332e90 #@git:9d074efdc12bc41b5d24190595a5269a770e852a:apk-tools diff --git a/variants/ccx-x86_64/ca-certificates-wip-donotuse b/variants/ccx-x86_64/ca-certificates-wip-donotuse @@ -0,0 +1,67 @@ +#!/usr/bin/env pthbs-build +#+musl-cross-make.98979eb41109d371f19d0637d51116db18c7aeef61fbf804a68094c22a302a78 +#+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 +#+certdata2pem.4d79df025077c695ce67d9156979b71b03f50325c5a8ccf72cd29b4a33d802d0 +#@untar:-j:sha256:6ef7bc56cc0e0b307d99a3c494119686091cc1d4ad08986d68aa089dd00c7788:. + +cd ca-certificates-20241121 +touch blacklist.txt # TODO! +certdata2pem + +install -d "$pthbs_destdir/$prefix/config/ssl/certs" +for file in *.crt; do + install -m 644 $file "$pthbs_destdir/$prefix/config/ssl/certs" +done + +cd "$pthbs_destdir/home/ccx/versions/$pthbs_package" +find -type d -o -print | awk -F/ ' +BEGIN { + x["./config/ssl/certs/ISRG_Root_X1.crt"]=1 + x["./config/ssl/certs/ISRG_Root_X2.crt"]=1} + +function r1(s) { + sub("^[.]/[^/]*", ".", s) + return s +} +function s1(repl, s) { + sub("^[.]/[^/]*", "./"repl, s) + return s +} +function link(src) { + x[$0]=0 + printf "%s\t%s\n", $0, src + printf "genlinks >>%s\t%s<<\n", $0, src >>"/dev/stderr" +} +$1!="."{exit 1} + + +$2 == "command" { link($0); next } +$2 == "bin" { link(s1("command", $0)); next } + +$2 == "library.so" { link($0); next } +$2 == "library" { link($0); next } +$2 == "lib" && $NF ~ /\.l?a$/ { link(s1("library", $0)); next } +$2 == "lib" && $NF ~ /\.so(|\..*)$/ { link(s1("library.so", $0)); next } + +$2 == "share" && $3 ~ /^(info|man|doc|icons|terminfo)$/ { link(r1($0)); next } + +$2 == "man" { link($0); next } +$2 == "info" { link($0); next } +$2 == "doc" { link($0); next } +$2 == "icons" { link($0); next } +$2 == "terminfo" { link($0); next } +$2 == "data" { link($0); next } +$2 == "include" { link($0); next } + +{ printf "genlinks ##%s## skipped\n", $0 >>"/dev/stderr" } + +END { + for(fname in x) { printf "DEBUG: x[\"%s\"]=\"%s\"\n", fname, x[fname] >"/dev/stderr" } + for(fname in x) { + if(x[fname]) { + printf "ERROR: missing expected file \"%s\"\n", fname >"/dev/stderr" + exit 3 + } + } +}' >.install-links.new +mv .install-links.new .install-links diff --git a/variants/ccx-x86_64/certdata2pem b/variants/ccx-x86_64/certdata2pem @@ -0,0 +1,91 @@ +#!/usr/bin/env pthbs-build +#+musl-cross-make.98979eb41109d371f19d0637d51116db18c7aeef61fbf804a68094c22a302a78 +#+gnu-make.ba8d7c64a23885182fc1c9dc0331d52adcdbc45df6000fb81e8e1dd3ee05694b +#+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 +#@sha256:064f7d41106cd9efa08b9e68cf049f44e3be55666bd2ab96d02c508293b8dce7:certdata2pem.c + +name=certdata2pem +check_static() { + local exe || true + exe=$pthbs_destdir/'/home/ccx/versions'/$pthbs_package/$1 + if ! test -f $exe; then + printf '%s\n' "Error: file '$1' doesn't exist!" + exit 1 + fi + interp_info=$(readelf --string-dump=.interp "$exe") || exit $? + if test x '!=' "x$interp_info"; then + printf '%s\n' "Error: '$1' is a dynamic binary!" + exit 1 + fi +} +build_env_static() { + export LD_LIBRARY_PATH="$pthbs_build_environment/library" + export CPATH="$pthbs_build_environment/include" + export LDFLAGS="-static -L$pthbs_build_environment/library $LDFLAGS" +} +def_prefix() { + prefix=/home/ccx/versions/$pthbs_package +} +def_dest() { + dest=${pthbs_destdir%/}//home/ccx/versions/$pthbs_package +} +build_env_static +def_prefix + +gcc -D_GNU_SOURCE -static -o $name $name.c $LDFLAGS -lskarnet -lcap + +install -d "$pthbs_destdir/$prefix/command" +install -m 755 $name "$pthbs_destdir/$prefix/command" +check_static command/$name + +cd "$pthbs_destdir/home/ccx/versions/$pthbs_package" +find -type d -o -print | awk -F/ ' +BEGIN { + x["./command/certdata2pem"]=1} + +function r1(s) { + sub("^[.]/[^/]*", ".", s) + return s +} +function s1(repl, s) { + sub("^[.]/[^/]*", "./"repl, s) + return s +} +function link(src) { + x[$0]=0 + printf "%s\t%s\n", $0, src + printf "genlinks >>%s\t%s<<\n", $0, src >>"/dev/stderr" +} +$1!="."{exit 1} + + +$2 == "command" { link($0); next } +$2 == "bin" { link(s1("command", $0)); next } + +$2 == "library.so" { link($0); next } +$2 == "library" { link($0); next } +$2 == "lib" && $NF ~ /\.l?a$/ { link(s1("library", $0)); next } +$2 == "lib" && $NF ~ /\.so(|\..*)$/ { link(s1("library.so", $0)); next } + +$2 == "share" && $3 ~ /^(info|man|doc|icons|terminfo)$/ { link(r1($0)); next } + +$2 == "man" { link($0); next } +$2 == "info" { link($0); next } +$2 == "doc" { link($0); next } +$2 == "icons" { link($0); next } +$2 == "terminfo" { link($0); next } +$2 == "data" { link($0); next } +$2 == "include" { link($0); next } + +{ printf "genlinks ##%s## skipped\n", $0 >>"/dev/stderr" } + +END { + for(fname in x) { printf "DEBUG: x[\"%s\"]=\"%s\"\n", fname, x[fname] >"/dev/stderr" } + for(fname in x) { + if(x[fname]) { + printf "ERROR: missing expected file \"%s\"\n", fname >"/dev/stderr" + exit 3 + } + } +}' >.install-links.new +mv .install-links.new .install-links diff --git a/variants/ccx-x86_64/containers b/variants/ccx-x86_64/containers @@ -4,8 +4,8 @@ #+pthbs-banginstall.7ddbf08ba8b1298841fad793d4ed7ba4979b9346155195489fc5e492ed5f0fe2 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f #+alpine-keys.dedc78b0b50e461d33a449adf40691698925b5eb9af8a6b69e7c0ece6b708ef4 -#+apk-tools.69a8c172d8dc6f60957469c555cfa3627fef38bb076dde5f758fd64854ecb275 -#+xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646 +#+apk-tools.1569c1921ee46be27ef9ca5bc4dbe569b136e967eff82e063e959a16365eb517 +#+xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08 #+container-bin-image.1b501ea4ae8d425b8ceab4df81ce7290a36bbc85d86caf02f614a451ec17ed32 #@git:e8dfe8dcb4396ac0f12f0d0017f9836fa113e3a6:containers @@ -43,8 +43,8 @@ printf '%s\n' >"$pkgdir/zsh/site-functions/confz_containers_pthbs_init" \ "typeset -g container_xbps_install_executable='$prefix/deps/command/xbps-install.static'" mkdir -p "$pkgdir/deps/command" -ln -sf '/home/ccx/versions/apk-tools.69a8c172d8dc6f60957469c555cfa3627fef38bb076dde5f758fd64854ecb275/command/apk.static' "$pkgdir/deps/command/" -ln -sf '/home/ccx/versions/xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646/command/xbps-install.static' "$pkgdir/deps/command/" +ln -sf '/home/ccx/versions/apk-tools.1569c1921ee46be27ef9ca5bc4dbe569b136e967eff82e063e959a16365eb517/command/apk.static' "$pkgdir/deps/command/" +ln -sf '/home/ccx/versions/xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08/command/xbps-install.static' "$pkgdir/deps/command/" for f in '/home/ccx/versions/alpine-keys.dedc78b0b50e461d33a449adf40691698925b5eb9af8a6b69e7c0ece6b708ef4'/keys/alpine/*/*; do test -f "$f" @@ -54,7 +54,7 @@ for f in '/home/ccx/versions/alpine-keys.dedc78b0b50e461d33a449adf40691698925b5e done mkdir -p "$pkgdir/deps/keys/void" -for f in '/home/ccx/versions/xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646'/keys/void/*; do +for f in '/home/ccx/versions/xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08'/keys/void/*; do ln -sf "$f" "$pkgdir/deps/keys/void/" done diff --git a/variants/ccx-x86_64/containers.environment b/variants/ccx-x86_64/containers.environment @@ -7,10 +7,10 @@ #+s6-linux-utils.1990b55837ff2c28a81500d80292c6d530c8516347eb896007eb5aed2af6c425 #+zsh.f79a20125b2f520d3719411e6f0895cf4f2e0657565c3fef07b3069436b8960f #+confz.9733b0a5d832c848bfeeb2dc737c05a77163fc4d8aca4156a18f2074f2902b8a -#+containers.1d197699459f2ada6b887d4772bcdc50959757765c65bc5b2af93d68e70597ce -#+xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646 +#+containers.3089bddf0df62ed3cc2d35de1d0d7784d7cd90ffd15d473f56bf992bedd50610 +#+xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08 #+zstd.8b11bd81c450d61aa6a44ffd019654c590439df68ebd8987db4cdbbcf182d67c -#+apk-tools.69a8c172d8dc6f60957469c555cfa3627fef38bb076dde5f758fd64854ecb275 +#+apk-tools.1569c1921ee46be27ef9ca5bc4dbe569b136e967eff82e063e959a16365eb517 #+alpine-keys.dedc78b0b50e461d33a449adf40691698925b5eb9af8a6b69e7c0ece6b708ef4 #+getent.497826562f0e3021d114ff3f47654fa0b574041039df71dbc4e509d38fa55447 #+fileset.4e84d6846c9db82c5ad691b8a6b63b6364b367e84f9d1490b0942b3fa28f3737 diff --git a/variants/ccx-x86_64/curl b/variants/ccx-x86_64/curl @@ -4,7 +4,7 @@ #+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+m4.46e121f61e0af52abf876bf2688ecfe70eeb04185028d6adde0085e865fdfe75 -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d #@untar:-J:sha256:3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15:. build_env_static() { diff --git a/variants/ccx-x86_64/default.environment b/variants/ccx-x86_64/default.environment @@ -6,7 +6,7 @@ #+patch.05834624d74752d1cbe386cd61dbd0dd98d69aad7777828dcf07390ab8772d4b #+flex.322ebabc6eba6cdfd84b1b90f25790b8d917035872c2e6bb2f4c8e2f05eabcfd #+bison.1a189980b7909de4d49b57a4821f58147c2cc150fcd4227cb88b63342551a10f -#+rsync.dd0b73f17251a7f46170892331ee23b5e403907c54b1a2a8be85142c50cdecb3 +#+rsync.cdb63f5542374b8ecb0ca22aeefccea4cb19bd804b7880cd485bbba5217fc797 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f #+s6.087ce2658d9f8b1c38f8f6999d2cfef0bf3b53afaf07f01495091883c154899e #+s6-rc.fecfa43aebb0615904e0e120b9ce8c0596c9b6c577611cbadc8fbaca75196ed9 @@ -15,20 +15,20 @@ #+s6-linux-init.cd3e307b62e7dde98e1572eed297bd544e888d2589d4c1e7fd79271c4078ddf2 #+mdevd.2c8e38fba9104da05177a2c4cc498139c506b1b3dae60c51cf54b831c1762daa #+s6-dns.91f4cab6424ef44de73cac82f7bda7d1e91a2ece09fcbe48912f431785c6db7e -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 -#+s6-networking.e2062f8126d3ea0d33d6fa5b72ac4a063871788de2b98db21d986bd7ed64fd0b +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d +#+s6-networking.453e8476e4a46357a55f04faba1db29dabf9273f9905e5edc8e2c5703c5dd0ac #+zsh.f79a20125b2f520d3719411e6f0895cf4f2e0657565c3fef07b3069436b8960f #+pthbs-banginstall.7ddbf08ba8b1298841fad793d4ed7ba4979b9346155195489fc5e492ed5f0fe2 #+aat.0698d0082830b7f8bcf3840f3f8c25382ef2d9f174dd6d5407c5e2132d1f16e4 #+confz.9733b0a5d832c848bfeeb2dc737c05a77163fc4d8aca4156a18f2074f2902b8a -#+containers.1d197699459f2ada6b887d4772bcdc50959757765c65bc5b2af93d68e70597ce +#+containers.3089bddf0df62ed3cc2d35de1d0d7784d7cd90ffd15d473f56bf992bedd50610 #+fileset.4e84d6846c9db82c5ad691b8a6b63b6364b367e84f9d1490b0942b3fa28f3737 #+logincaps.04accf875f567934eb11016453454f691d056c66e0dc36a971f98aaaefdbe360 #+snaprep.00aa9b9a8cd250e823959881ee26d93cab1be5fe7bbb06ad9abc7242c481b4f7 -#+curl.ccd8d031cd7b6df3a27b667b56a0d5f3f05aab5dbcd4610d6220cadbd35512aa -#+git.dc4c0abaa5556c4441078875efb37426456322bc850ada0ef92604a67d32a9ee -#+xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646 -#+apk-tools.69a8c172d8dc6f60957469c555cfa3627fef38bb076dde5f758fd64854ecb275 +#+curl.c48b1b1d665425a5fa29381e8f544dd6f40685fbee8735f52a393a11fb1fd908 +#+git.a6bf20aa112574c8cfaed592fec0608a08ad8cfc981c374e710728550cfffffa +#+xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08 +#+apk-tools.1569c1921ee46be27ef9ca5bc4dbe569b136e967eff82e063e959a16365eb517 #+getent.497826562f0e3021d114ff3f47654fa0b574041039df71dbc4e509d38fa55447 #+getconf.62760a9db3bdba375752c0a4f8722b5e0ee3c4eded1ab1073a73533c116f6de5 #+iconv.e574881283799fa144f1d9df753a05d9f7effa47ae0a06a92b532decde48f145 @@ -37,8 +37,8 @@ #+ccx-utils.ab28a8d701f60db69818ef22c546d02eca1ba3900bcdeaf5676bcc13d4b7f114 #+user-env.4e95a5387aa403e1d16a22254f21fb4cec046c69341a5eae764dd8126fb638a8 #+strace.53097be3dbf67dbf52aa675a59980a7d965fd8cdf965ef3005035e70fc7e4103 -#+system-config.5a01596c7ac88d04d4fd80836e1290c20a54e76db2a4042617b4b89713614ace -#+system-config-rc.a1661943ded52d9217b3f50aec67aca9dffed5d1e0a393fd63473648f243daa6 +#+system-config.1de71d96a044eab179b19574033e066888e93738c4190c95e71d205a529f7575 +#+system-config-rc.ab1a0673fec0d8a82de3a2a4234802f12971337c5705c0d543f72ec1058e2af6 #+system-config-scripts.bdedb957b96fc1efd8259d16dac786d1d9c220dcde66996a16688989f104925d -#+system-config-init.7c19ae8806dcdbfa134ab125787db78b548f48fec055da0b009bc87d5721d943 +#+system-config-init.205a9c8d5f1021f9d988b0d71aacbd08d8cdcab6c393089aa944ec4e84bb2bbd #+system-config-zsh.250277c1fe17ccb13b5efbacd35ecb3b8342e30910cdd709f89475773bb7f309 \ No newline at end of file diff --git a/variants/ccx-x86_64/git b/variants/ccx-x86_64/git @@ -4,8 +4,8 @@ #+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+m4.46e121f61e0af52abf876bf2688ecfe70eeb04185028d6adde0085e865fdfe75 -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 -#+curl.ccd8d031cd7b6df3a27b667b56a0d5f3f05aab5dbcd4610d6220cadbd35512aa +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d +#+curl.c48b1b1d665425a5fa29381e8f544dd6f40685fbee8735f52a393a11fb1fd908 #@untar:-J:sha256:f612c1abc63557d50ad3849863fc9109670139fc9901e574460ec76e0511adb9:. check_static() { diff --git a/variants/ccx-x86_64/kernel.environment b/variants/ccx-x86_64/kernel.environment @@ -1,2 +1,2 @@ #!/usr/bin/env pthbs-build -#+linux.2e03db4e7293d80809b1528d96277a3121710edaa6e0aca4a072dc002f05aa8e- \ No newline at end of file +#+linux.51ed6b9345c41e80844c48436ff214ceacf75861ef64f90f52615a0e57722861+ \ No newline at end of file diff --git a/variants/ccx-x86_64/libressl b/variants/ccx-x86_64/libressl @@ -4,7 +4,9 @@ #+busybox.ee3440974794767b833fd3299226771f170d3f8601cf225cb884f0a513db8ab3 #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+m4.46e121f61e0af52abf876bf2688ecfe70eeb04185028d6adde0085e865fdfe75 +#+ca-certificates-wip-donotuse.19a78dd8975ce74f3a54057f2240fc96ee3f45b0b7ad4769428e8e2e2068343e #@untar:-z:sha256:6d4b8d5bbb25a1f8336639e56ec5088052d43a95256697a85c4ce91323c25954:. +#@sha256:a68fedc0edd976b9f35ecfdcb252d80dc12084b1bc4e945be7dc42c437d8b540:c_rehash.c build_env_static() { export LD_LIBRARY_PATH="$pthbs_build_environment/library" @@ -63,6 +65,11 @@ autotools_static libressl-3.8.2 --with-openssldir="$prefix/config/ssl" check_static command/openssl check_static command/ocspcheck +cd .. +$CC ./c_rehash.c -o c_rehash --static -static -L"$pthbs_destdir/$prefix/library" -lssl -lcrypto +cp -vs '/home/ccx/versions/ca-certificates-wip-donotuse.19a78dd8975ce74f3a54057f2240fc96ee3f45b0b7ad4769428e8e2e2068343e/config/ssl/certs' "$prefix/config/ssl/" +./c_rehash "$prefix/config/ssl/" + cd "$pthbs_destdir/home/ccx/versions/$pthbs_package" diff --git a/variants/ccx-x86_64/linux b/variants/ccx-x86_64/linux @@ -6,7 +6,7 @@ #+patch.05834624d74752d1cbe386cd61dbd0dd98d69aad7777828dcf07390ab8772d4b #+flex.322ebabc6eba6cdfd84b1b90f25790b8d917035872c2e6bb2f4c8e2f05eabcfd #+bison.1a189980b7909de4d49b57a4821f58147c2cc150fcd4227cb88b63342551a10f -#+rsync.dd0b73f17251a7f46170892331ee23b5e403907c54b1a2a8be85142c50cdecb3 +#+rsync.cdb63f5542374b8ecb0ca22aeefccea4cb19bd804b7880cd485bbba5217fc797 #+zstd.8b11bd81c450d61aa6a44ffd019654c590439df68ebd8987db4cdbbcf182d67c #+libelf.fd68f03f03caea1e71ca235bd8e1c0d4dc9fe6b5556ff45c3892c4940218c018 #+pkgconf-pkg-config.86f9c193f6ccc64cc2ac696a7e3a258f01b8d0c539312ae37c08ea2354332e90 diff --git a/variants/ccx-x86_64/rsync b/variants/ccx-x86_64/rsync @@ -5,7 +5,7 @@ #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+m4.46e121f61e0af52abf876bf2688ecfe70eeb04185028d6adde0085e865fdfe75 #+popt.a38a6063ecb9f52c0c2017119d9d6c9eefe1ae820f9f11f693b2a4c07ae4ff31 -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d #+zstd.8b11bd81c450d61aa6a44ffd019654c590439df68ebd8987db4cdbbcf182d67c #@untar:-z:sha256:4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb:. diff --git a/variants/ccx-x86_64/s6-networking b/variants/ccx-x86_64/s6-networking @@ -6,7 +6,7 @@ #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f #+s6.087ce2658d9f8b1c38f8f6999d2cfef0bf3b53afaf07f01495091883c154899e #+s6-dns.91f4cab6424ef44de73cac82f7bda7d1e91a2ece09fcbe48912f431785c6db7e -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d #@git:2c7b780bdb204caac3faf5613051d71a58de4017:s6-networking : ${JOBS:=1} diff --git a/variants/ccx-x86_64/system-config b/variants/ccx-x86_64/system-config @@ -4,7 +4,7 @@ #+gnu-make.ba8d7c64a23885182fc1c9dc0331d52adcdbc45df6000fb81e8e1dd3ee05694b #+aat.0698d0082830b7f8bcf3840f3f8c25382ef2d9f174dd6d5407c5e2132d1f16e4 #+fileset.4e84d6846c9db82c5ad691b8a6b63b6364b367e84f9d1490b0942b3fa28f3737 -#+rsync.dd0b73f17251a7f46170892331ee23b5e403907c54b1a2a8be85142c50cdecb3 +#+rsync.cdb63f5542374b8ecb0ca22aeefccea4cb19bd804b7880cd485bbba5217fc797 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f #+kbd.4b136e1e449b21180ac16ee7980c30135e6c24a4deb5a4ba600a3e8c431e0b9e #+mdevd.2c8e38fba9104da05177a2c4cc498139c506b1b3dae60c51cf54b831c1762daa @@ -52,7 +52,7 @@ printf '%s\n' >config/etc/skel/loginexec \ chmod +x config/etc/skel/loginexec env 'pthbs_path_system-config'="$prefix" \ - 'pthbs_path_containers=/home/ccx/versions/env.0ea3cb35f24a14111865b6d77d094b00c82b1e1d17ca8a1846793357e38681e2' \ + 'pthbs_path_containers=/home/ccx/versions/env.b9ff912995f8c6574d2c9839a6830326e4f09d16471265a23b5b64268bd82b48' \ 'pthbs_path_mdevd=/home/ccx/versions/env.5049027ea8b6b4d373e16aadd3cdc63a940582ff297656e395f2131eef181671' \ make -j${JOBS:-1} -l$((1+${JOBS:-1})) all diff --git a/variants/ccx-x86_64/system-config-init b/variants/ccx-x86_64/system-config-init @@ -5,9 +5,9 @@ #+s6-portable-utils.1b8fd31be72bfe84afb28c3dfff03b1fc45121d11fc85f79c90f085fe61bc132 #+s6-linux-init.cd3e307b62e7dde98e1572eed297bd544e888d2589d4c1e7fd79271c4078ddf2 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f -#+system-config-rc.a1661943ded52d9217b3f50aec67aca9dffed5d1e0a393fd63473648f243daa6 +#+system-config-rc.ab1a0673fec0d8a82de3a2a4234802f12971337c5705c0d543f72ec1058e2af6 -s6rcdb=/home/ccx/versions/system-config-rc.a1661943ded52d9217b3f50aec67aca9dffed5d1e0a393fd63473648f243daa6/config/s6-rc-db +s6rcdb=/home/ccx/versions/system-config-rc.ab1a0673fec0d8a82de3a2a4234802f12971337c5705c0d543f72ec1058e2af6/config/s6-rc-db prefix=/home/ccx/versions/$pthbs_package pkgdir="$pthbs_destdir/$prefix" diff --git a/variants/ccx-x86_64/system-config-rc b/variants/ccx-x86_64/system-config-rc @@ -3,7 +3,7 @@ #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+s6-rc.fecfa43aebb0615904e0e120b9ce8c0596c9b6c577611cbadc8fbaca75196ed9 #+fileset.4e84d6846c9db82c5ad691b8a6b63b6364b367e84f9d1490b0942b3fa28f3737 -#+system-config.5a01596c7ac88d04d4fd80836e1290c20a54e76db2a4042617b4b89713614ace +#+system-config.1de71d96a044eab179b19574033e066888e93738c4190c95e71d205a529f7575 def_prefix() { prefix=/home/ccx/versions/$pthbs_package @@ -13,7 +13,7 @@ def_dest() { } def_dest -src=/home/ccx/versions/system-config.5a01596c7ac88d04d4fd80836e1290c20a54e76db2a4042617b4b89713614ace/config/s6-rc-source +src=/home/ccx/versions/system-config.1de71d96a044eab179b19574033e066888e93738c4190c95e71d205a529f7575/config/s6-rc-source s6-rc-compile ./s6-rc-db "$src" mkdir -p "$dest/config" mv -v s6-rc-db "$dest/config/" diff --git a/variants/ccx-x86_64/userspace.environment b/variants/ccx-x86_64/userspace.environment @@ -6,7 +6,7 @@ #+patch.05834624d74752d1cbe386cd61dbd0dd98d69aad7777828dcf07390ab8772d4b #+flex.322ebabc6eba6cdfd84b1b90f25790b8d917035872c2e6bb2f4c8e2f05eabcfd #+bison.1a189980b7909de4d49b57a4821f58147c2cc150fcd4227cb88b63342551a10f -#+rsync.dd0b73f17251a7f46170892331ee23b5e403907c54b1a2a8be85142c50cdecb3 +#+rsync.cdb63f5542374b8ecb0ca22aeefccea4cb19bd804b7880cd485bbba5217fc797 #+execline.1505a32c24aa5dbf362550f39283c9ff1936e717e5a82d220f8212cd9e604d8f #+s6.087ce2658d9f8b1c38f8f6999d2cfef0bf3b53afaf07f01495091883c154899e #+s6-rc.fecfa43aebb0615904e0e120b9ce8c0596c9b6c577611cbadc8fbaca75196ed9 @@ -15,20 +15,20 @@ #+s6-linux-init.cd3e307b62e7dde98e1572eed297bd544e888d2589d4c1e7fd79271c4078ddf2 #+mdevd.2c8e38fba9104da05177a2c4cc498139c506b1b3dae60c51cf54b831c1762daa #+s6-dns.91f4cab6424ef44de73cac82f7bda7d1e91a2ece09fcbe48912f431785c6db7e -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 -#+s6-networking.e2062f8126d3ea0d33d6fa5b72ac4a063871788de2b98db21d986bd7ed64fd0b +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d +#+s6-networking.453e8476e4a46357a55f04faba1db29dabf9273f9905e5edc8e2c5703c5dd0ac #+zsh.f79a20125b2f520d3719411e6f0895cf4f2e0657565c3fef07b3069436b8960f #+pthbs-banginstall.7ddbf08ba8b1298841fad793d4ed7ba4979b9346155195489fc5e492ed5f0fe2 #+aat.0698d0082830b7f8bcf3840f3f8c25382ef2d9f174dd6d5407c5e2132d1f16e4 #+confz.9733b0a5d832c848bfeeb2dc737c05a77163fc4d8aca4156a18f2074f2902b8a -#+containers.1d197699459f2ada6b887d4772bcdc50959757765c65bc5b2af93d68e70597ce +#+containers.3089bddf0df62ed3cc2d35de1d0d7784d7cd90ffd15d473f56bf992bedd50610 #+fileset.4e84d6846c9db82c5ad691b8a6b63b6364b367e84f9d1490b0942b3fa28f3737 #+logincaps.04accf875f567934eb11016453454f691d056c66e0dc36a971f98aaaefdbe360 #+snaprep.00aa9b9a8cd250e823959881ee26d93cab1be5fe7bbb06ad9abc7242c481b4f7 -#+curl.ccd8d031cd7b6df3a27b667b56a0d5f3f05aab5dbcd4610d6220cadbd35512aa -#+git.dc4c0abaa5556c4441078875efb37426456322bc850ada0ef92604a67d32a9ee -#+xbps.0c1ece8bbd380938c5c0744cf9d37f2a2f402dd2f16dfe9b9ec891a5c84b9646 -#+apk-tools.69a8c172d8dc6f60957469c555cfa3627fef38bb076dde5f758fd64854ecb275 +#+curl.c48b1b1d665425a5fa29381e8f544dd6f40685fbee8735f52a393a11fb1fd908 +#+git.a6bf20aa112574c8cfaed592fec0608a08ad8cfc981c374e710728550cfffffa +#+xbps.123934b8b7f115016bf46a8000703053c508cbbefa75f79ca9287a8d46669d08 +#+apk-tools.1569c1921ee46be27ef9ca5bc4dbe569b136e967eff82e063e959a16365eb517 #+getent.497826562f0e3021d114ff3f47654fa0b574041039df71dbc4e509d38fa55447 #+getconf.62760a9db3bdba375752c0a4f8722b5e0ee3c4eded1ab1073a73533c116f6de5 #+iconv.e574881283799fa144f1d9df753a05d9f7effa47ae0a06a92b532decde48f145 diff --git a/variants/ccx-x86_64/xbps b/variants/ccx-x86_64/xbps @@ -5,7 +5,7 @@ #+busybox-diffutils.c2ebcfcad050ad71b8e30322a463b5c009f254c7a42e95c627d32665e17134dc #+m4.46e121f61e0af52abf876bf2688ecfe70eeb04185028d6adde0085e865fdfe75 #+libarchive.3dfc995086b5c4926acf7fa472ceb8bba6ab906d05f85a8069a8092957317d0c -#+libressl.2991c315ff3063b2306cc744e66daee583282b5100b0ab039dd338e43337cc94 +#+libressl.ab125289f6a8f1fddc54b8d4708f41b5022530b7cefcfecc21329baf3933656d #+pkgconf-pkg-config.86f9c193f6ccc64cc2ac696a7e3a258f01b8d0c539312ae37c08ea2354332e90 #@untar:-z:sha256:a6607e83fcd654a0ae846d729e43fefd8da9a61323e91430f884caf895b4f59b:. diff --git a/variants/root-x86_64/apk-tools b/variants/root-x86_64/apk-tools @@ -4,7 +4,7 @@ #+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+patch.9d8b2c370a0ccf6e5ad48c27070ff1da2d30d41327fd5711a76cf570b34ae523 -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 #+zstd.a83f72c5953bd6b7afc171528a503710b3144bf9197961833fd27926b0a18137 #+pkgconf-pkg-config.ea4d3fe0fca073b8e3eb3b731df4d36c062498864ee04f68ce000a6f282b5621 #@git:9d074efdc12bc41b5d24190595a5269a770e852a:apk-tools diff --git a/variants/root-x86_64/ca-certificates-wip-donotuse b/variants/root-x86_64/ca-certificates-wip-donotuse @@ -0,0 +1,67 @@ +#!/usr/bin/env pthbs-build +#+musl-cross-make.d0431fc0def788be03da43136972361827de52c8e6f0a6f3890dc57fe32e8ecc +#+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 +#+certdata2pem.6bd5a1b2347abb7e87850f07447a1d1f65b79e11212e4891f06f9162273879f8 +#@untar:-j:sha256:6ef7bc56cc0e0b307d99a3c494119686091cc1d4ad08986d68aa089dd00c7788:. + +cd ca-certificates-20241121 +touch blacklist.txt # TODO! +certdata2pem + +install -d "$pthbs_destdir/$prefix/config/ssl/certs" +for file in *.crt; do + install -m 644 $file "$pthbs_destdir/$prefix/config/ssl/certs" +done + +cd "$pthbs_destdir/versions/$pthbs_package" +find -type d -o -print | awk -F/ ' +BEGIN { + x["./config/ssl/certs/ISRG_Root_X1.crt"]=1 + x["./config/ssl/certs/ISRG_Root_X2.crt"]=1} + +function r1(s) { + sub("^[.]/[^/]*", ".", s) + return s +} +function s1(repl, s) { + sub("^[.]/[^/]*", "./"repl, s) + return s +} +function link(src) { + x[$0]=0 + printf "%s\t%s\n", $0, src + printf "genlinks >>%s\t%s<<\n", $0, src >>"/dev/stderr" +} +$1!="."{exit 1} + + +$2 == "command" { link($0); next } +$2 == "bin" { link(s1("command", $0)); next } + +$2 == "library.so" { link($0); next } +$2 == "library" { link($0); next } +$2 == "lib" && $NF ~ /\.l?a$/ { link(s1("library", $0)); next } +$2 == "lib" && $NF ~ /\.so(|\..*)$/ { link(s1("library.so", $0)); next } + +$2 == "share" && $3 ~ /^(info|man|doc|icons|terminfo)$/ { link(r1($0)); next } + +$2 == "man" { link($0); next } +$2 == "info" { link($0); next } +$2 == "doc" { link($0); next } +$2 == "icons" { link($0); next } +$2 == "terminfo" { link($0); next } +$2 == "data" { link($0); next } +$2 == "include" { link($0); next } + +{ printf "genlinks ##%s## skipped\n", $0 >>"/dev/stderr" } + +END { + for(fname in x) { printf "DEBUG: x[\"%s\"]=\"%s\"\n", fname, x[fname] >"/dev/stderr" } + for(fname in x) { + if(x[fname]) { + printf "ERROR: missing expected file \"%s\"\n", fname >"/dev/stderr" + exit 3 + } + } +}' >.install-links.new +mv .install-links.new .install-links diff --git a/variants/root-x86_64/certdata2pem b/variants/root-x86_64/certdata2pem @@ -0,0 +1,91 @@ +#!/usr/bin/env pthbs-build +#+musl-cross-make.d0431fc0def788be03da43136972361827de52c8e6f0a6f3890dc57fe32e8ecc +#+gnu-make.444e811a68f4f16724e21354b710fad3592e53a2dbf7c0c78658f3d4e7c8e465 +#+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 +#@sha256:064f7d41106cd9efa08b9e68cf049f44e3be55666bd2ab96d02c508293b8dce7:certdata2pem.c + +name=certdata2pem +check_static() { + local exe || true + exe=$pthbs_destdir/'/versions'/$pthbs_package/$1 + if ! test -f $exe; then + printf '%s\n' "Error: file '$1' doesn't exist!" + exit 1 + fi + interp_info=$(readelf --string-dump=.interp "$exe") || exit $? + if test x '!=' "x$interp_info"; then + printf '%s\n' "Error: '$1' is a dynamic binary!" + exit 1 + fi +} +build_env_static() { + export LD_LIBRARY_PATH="$pthbs_build_environment/library" + export CPATH="$pthbs_build_environment/include" + export LDFLAGS="-static -L$pthbs_build_environment/library $LDFLAGS" +} +def_prefix() { + prefix=/versions/$pthbs_package +} +def_dest() { + dest=${pthbs_destdir%/}//versions/$pthbs_package +} +build_env_static +def_prefix + +gcc -D_GNU_SOURCE -static -o $name $name.c $LDFLAGS -lskarnet -lcap + +install -d "$pthbs_destdir/$prefix/command" +install -m 755 $name "$pthbs_destdir/$prefix/command" +check_static command/$name + +cd "$pthbs_destdir/versions/$pthbs_package" +find -type d -o -print | awk -F/ ' +BEGIN { + x["./command/certdata2pem"]=1} + +function r1(s) { + sub("^[.]/[^/]*", ".", s) + return s +} +function s1(repl, s) { + sub("^[.]/[^/]*", "./"repl, s) + return s +} +function link(src) { + x[$0]=0 + printf "%s\t%s\n", $0, src + printf "genlinks >>%s\t%s<<\n", $0, src >>"/dev/stderr" +} +$1!="."{exit 1} + + +$2 == "command" { link($0); next } +$2 == "bin" { link(s1("command", $0)); next } + +$2 == "library.so" { link($0); next } +$2 == "library" { link($0); next } +$2 == "lib" && $NF ~ /\.l?a$/ { link(s1("library", $0)); next } +$2 == "lib" && $NF ~ /\.so(|\..*)$/ { link(s1("library.so", $0)); next } + +$2 == "share" && $3 ~ /^(info|man|doc|icons|terminfo)$/ { link(r1($0)); next } + +$2 == "man" { link($0); next } +$2 == "info" { link($0); next } +$2 == "doc" { link($0); next } +$2 == "icons" { link($0); next } +$2 == "terminfo" { link($0); next } +$2 == "data" { link($0); next } +$2 == "include" { link($0); next } + +{ printf "genlinks ##%s## skipped\n", $0 >>"/dev/stderr" } + +END { + for(fname in x) { printf "DEBUG: x[\"%s\"]=\"%s\"\n", fname, x[fname] >"/dev/stderr" } + for(fname in x) { + if(x[fname]) { + printf "ERROR: missing expected file \"%s\"\n", fname >"/dev/stderr" + exit 3 + } + } +}' >.install-links.new +mv .install-links.new .install-links diff --git a/variants/root-x86_64/containers b/variants/root-x86_64/containers @@ -4,8 +4,8 @@ #+pthbs-banginstall.30ed98ef3fedfb6b25b3f58c27e845f123a22a756b37a5cd75764315bba23571 #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 #+alpine-keys.4ecd9fac6efcc329a98af1b0b1318771a77eb83ac10832c6e769ebf11c14cae1 -#+apk-tools.f56b624a4ea26318bf9117754fb5e0c564f7f466fedde43e1c45e86278dc2552 -#+xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672 +#+apk-tools.28d6aac945b5cd5deb95da223931da0a4693d77c6c8c81100229e91f7f70eed1 +#+xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432 #+container-bin-image.8593434f8fbeac8ca87a4252750091c43dd86fdfe55394c851d99e31665f136b #@git:e8dfe8dcb4396ac0f12f0d0017f9836fa113e3a6:containers @@ -43,8 +43,8 @@ printf '%s\n' >"$pkgdir/zsh/site-functions/confz_containers_pthbs_init" \ "typeset -g container_xbps_install_executable='$prefix/deps/command/xbps-install.static'" mkdir -p "$pkgdir/deps/command" -ln -sf '/versions/apk-tools.f56b624a4ea26318bf9117754fb5e0c564f7f466fedde43e1c45e86278dc2552/command/apk.static' "$pkgdir/deps/command/" -ln -sf '/versions/xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672/command/xbps-install.static' "$pkgdir/deps/command/" +ln -sf '/versions/apk-tools.28d6aac945b5cd5deb95da223931da0a4693d77c6c8c81100229e91f7f70eed1/command/apk.static' "$pkgdir/deps/command/" +ln -sf '/versions/xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432/command/xbps-install.static' "$pkgdir/deps/command/" for f in '/versions/alpine-keys.4ecd9fac6efcc329a98af1b0b1318771a77eb83ac10832c6e769ebf11c14cae1'/keys/alpine/*/*; do test -f "$f" @@ -54,7 +54,7 @@ for f in '/versions/alpine-keys.4ecd9fac6efcc329a98af1b0b1318771a77eb83ac10832c6 done mkdir -p "$pkgdir/deps/keys/void" -for f in '/versions/xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672'/keys/void/*; do +for f in '/versions/xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432'/keys/void/*; do ln -sf "$f" "$pkgdir/deps/keys/void/" done diff --git a/variants/root-x86_64/containers.environment b/variants/root-x86_64/containers.environment @@ -7,10 +7,10 @@ #+s6-linux-utils.f7e0654375f11beedafd731ad1dd66c0de8d03452bb8e38bb647cc51cc3adb2e #+zsh.4ac9e4166454e8d60c15837b7ca4938abe99db029b3fffa11b1cfd54d40ae09b #+confz.2c5f5b9bb69976bb57be5de332d8e7a2cf69c0b41c006ee7e6912abe8e8a0edf -#+containers.0ceb53f7e5d4c77bbcdb83b29123a44e54c01517fe90c4b0fc338c15f601c3ea -#+xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672 +#+containers.80409072fd048f612740e3b3f9ad0afc674e82ce472d64db4007078363ede442 +#+xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432 #+zstd.a83f72c5953bd6b7afc171528a503710b3144bf9197961833fd27926b0a18137 -#+apk-tools.f56b624a4ea26318bf9117754fb5e0c564f7f466fedde43e1c45e86278dc2552 +#+apk-tools.28d6aac945b5cd5deb95da223931da0a4693d77c6c8c81100229e91f7f70eed1 #+alpine-keys.4ecd9fac6efcc329a98af1b0b1318771a77eb83ac10832c6e769ebf11c14cae1 #+getent.a4f1c1679ad9e6d4cd167e921ee8af0f7fce4a2b7886f96223b8c7fe1ba5ba97 #+fileset.7159458f5e8c9237e1e1708cafced263dd342d5fd24ccec97ae8092d9b1c5150 diff --git a/variants/root-x86_64/curl b/variants/root-x86_64/curl @@ -4,7 +4,7 @@ #+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+m4.3cffaef6909a65493ddc9aba4c53f77dc594ff5ab8b58c57acaa34c654b09ff3 -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 #@untar:-J:sha256:3ccd55d91af9516539df80625f818c734dc6f2ecf9bada33c76765e99121db15:. build_env_static() { diff --git a/variants/root-x86_64/default.environment b/variants/root-x86_64/default.environment @@ -6,7 +6,7 @@ #+patch.9d8b2c370a0ccf6e5ad48c27070ff1da2d30d41327fd5711a76cf570b34ae523 #+flex.42bdab01fb2083e92a4417d5fb289c468b9a1a5b8092904b965455b74559262f #+bison.d9992ea20119a82e24982f67479e65e94ec0fdc686f024f0ed04e87c83a00ef0 -#+rsync.38f0e79525f792ceb40fb17f0e2416c6e6dd928f4e3d72eb3de1a7fb4f50c2f4 +#+rsync.17324a2de81f502f28a596b05b2121ce679bf1e40c5eb2a3b1624e932d9fbcf8 #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 #+s6.43f7ad2aaeb2646da287c5bddf7c29c44d3f7b68a976beee75b60da44b54759e #+s6-rc.c131bb99b2054bcd9705c5a5652822938265a8587a54d2894667b8b620815c7f @@ -15,20 +15,20 @@ #+s6-linux-init.8fbed3537ce9accc1a31e36f4648d1a0df0f1d155fcfa8fb5b1079786cf1442c #+mdevd.ce53dc40e066f620a163354acb732a70f019902cf9dbdb45571d368eaf4f67b8 #+s6-dns.e65a0e1310967e0d4b18fd597993a364969fd35d50d35ba9eb2fd3fc68ffdf4b -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 -#+s6-networking.e1124b592c3af890a148642c18eecc6261d538ac1ab5b25e130e518a434824b1 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 +#+s6-networking.7b6a0856998225393d53e888bea83c4a0ef8c1bedda77df1cdb5d68dd7230b0f #+zsh.4ac9e4166454e8d60c15837b7ca4938abe99db029b3fffa11b1cfd54d40ae09b #+pthbs-banginstall.30ed98ef3fedfb6b25b3f58c27e845f123a22a756b37a5cd75764315bba23571 #+aat.9432aa485263e75ca3e43d6511c561a9cd328c417ebe26b890ed4a8061fee06f #+confz.2c5f5b9bb69976bb57be5de332d8e7a2cf69c0b41c006ee7e6912abe8e8a0edf -#+containers.0ceb53f7e5d4c77bbcdb83b29123a44e54c01517fe90c4b0fc338c15f601c3ea +#+containers.80409072fd048f612740e3b3f9ad0afc674e82ce472d64db4007078363ede442 #+fileset.7159458f5e8c9237e1e1708cafced263dd342d5fd24ccec97ae8092d9b1c5150 #+logincaps.3c7957125c5700c2436df091d2fba6324b1ac5f2bfcd54948f6a5b8049047afc #+snaprep.73784e7863284b4cc1597b76b0d869eb2eaaa5eed08245e629937044a2c0c3b5 -#+curl.2fdbc30e99a55b3b963ae7a49bbce85461eb7b9ad4c022da9918b4d85beaec9a -#+git.c1ad44cdebf427caffb8127de2de9fc6261379500bd0d8287b7cae6ec2c31003 -#+xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672 -#+apk-tools.f56b624a4ea26318bf9117754fb5e0c564f7f466fedde43e1c45e86278dc2552 +#+curl.9e8d82288bf75a1b3cc3753e2bce42565a8f9525fd2705a1683ebe8f9c1a1cfa +#+git.eb1ba792a7d51701c9659ec9e0ef603d87f1804f0299049a88fa9636d098c2cf +#+xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432 +#+apk-tools.28d6aac945b5cd5deb95da223931da0a4693d77c6c8c81100229e91f7f70eed1 #+getent.a4f1c1679ad9e6d4cd167e921ee8af0f7fce4a2b7886f96223b8c7fe1ba5ba97 #+getconf.2d8409e202963fe34a70113b3fed7da0299f212d739c84f529126f9451886e7e #+iconv.b537e50837859e5b0fa7cc56ee46ff152c638910b9c817cba957f09631c9aad1 @@ -37,8 +37,8 @@ #+ccx-utils.ccaa449ada3142ef075f3c80a6e475520219814490557f308ded4685231a70ac #+user-env.8ad55eebe32b11f005f7b5c6dc204fdccc0a53cd7294f87c1e959ea47793dbca #+strace.ce1707d2cf1dfcd965827af80a18c6b97ca20b563b8967be8297322e8adf9296 -#+system-config.a8a3c2f756df11f83c4f55ddef22e0c5cf3c80b56f0538c410fc276f2015dad0 -#+system-config-rc.5b07876cccd3bca56e76e5f6a31e6390b2adcebe8f558ea4e3337db7b7e15e45 +#+system-config.8ab08b6c0c4b43d99222e78056b0cb18d1a0d6b5ec16537fd186abe1ddc96438 +#+system-config-rc.5479a6a069ea295e7a42f09434df8ebf8bb4226c65369c090b59f456c790d997 #+system-config-scripts.4c00e32b8c4f6feef53b562356abd54830cc7e889149e4f8bcb928d6e6e93378 -#+system-config-init.d96c42fe419c8d23f24199e9f00bd3e07074b597578a3a3475acd5e3f64c6d10 +#+system-config-init.091514b26decbc3a80931330e9e6453d42abeeeda8fcaf3ff2eba1789fc26297 #+system-config-zsh.01286ec545c7035b2e08ded96e40b73f912f33fd7eec44993a1e93e12577dc0f \ No newline at end of file diff --git a/variants/root-x86_64/git b/variants/root-x86_64/git @@ -4,8 +4,8 @@ #+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+m4.3cffaef6909a65493ddc9aba4c53f77dc594ff5ab8b58c57acaa34c654b09ff3 -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 -#+curl.2fdbc30e99a55b3b963ae7a49bbce85461eb7b9ad4c022da9918b4d85beaec9a +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 +#+curl.9e8d82288bf75a1b3cc3753e2bce42565a8f9525fd2705a1683ebe8f9c1a1cfa #@untar:-J:sha256:f612c1abc63557d50ad3849863fc9109670139fc9901e574460ec76e0511adb9:. check_static() { diff --git a/variants/root-x86_64/kernel.environment b/variants/root-x86_64/kernel.environment @@ -1,2 +1,2 @@ #!/usr/bin/env pthbs-build -#+linux.560924b631c199ebacccd9f243570c8f9e1c894c27adde2053abbf4250d0daae- \ No newline at end of file +#+linux.542f62e8d70eebe9929eaea37e104a593fac9d70777e48ec500273195bdb9161+ \ No newline at end of file diff --git a/variants/root-x86_64/libressl b/variants/root-x86_64/libressl @@ -4,7 +4,9 @@ #+busybox.f4ef3d511c029095beda8d21dd48f7730bec63fb09792ca951402d6620338089 #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+m4.3cffaef6909a65493ddc9aba4c53f77dc594ff5ab8b58c57acaa34c654b09ff3 +#+ca-certificates-wip-donotuse.71091c2a2883c94853635064e456bac8b36cc869fa299b81f5c4eac651d25ee1 #@untar:-z:sha256:6d4b8d5bbb25a1f8336639e56ec5088052d43a95256697a85c4ce91323c25954:. +#@sha256:a68fedc0edd976b9f35ecfdcb252d80dc12084b1bc4e945be7dc42c437d8b540:c_rehash.c build_env_static() { export LD_LIBRARY_PATH="$pthbs_build_environment/library" @@ -63,6 +65,11 @@ autotools_static libressl-3.8.2 --with-openssldir="$prefix/config/ssl" check_static command/openssl check_static command/ocspcheck +cd .. +$CC ./c_rehash.c -o c_rehash --static -static -L"$pthbs_destdir/$prefix/library" -lssl -lcrypto +cp -vs '/versions/ca-certificates-wip-donotuse.71091c2a2883c94853635064e456bac8b36cc869fa299b81f5c4eac651d25ee1/config/ssl/certs' "$prefix/config/ssl/" +./c_rehash "$prefix/config/ssl/" + cd "$pthbs_destdir/versions/$pthbs_package" diff --git a/variants/root-x86_64/linux b/variants/root-x86_64/linux @@ -6,7 +6,7 @@ #+patch.9d8b2c370a0ccf6e5ad48c27070ff1da2d30d41327fd5711a76cf570b34ae523 #+flex.42bdab01fb2083e92a4417d5fb289c468b9a1a5b8092904b965455b74559262f #+bison.d9992ea20119a82e24982f67479e65e94ec0fdc686f024f0ed04e87c83a00ef0 -#+rsync.38f0e79525f792ceb40fb17f0e2416c6e6dd928f4e3d72eb3de1a7fb4f50c2f4 +#+rsync.17324a2de81f502f28a596b05b2121ce679bf1e40c5eb2a3b1624e932d9fbcf8 #+zstd.a83f72c5953bd6b7afc171528a503710b3144bf9197961833fd27926b0a18137 #+libelf.b129c20086c9a39a997886caaa57b3f7c5be24fd0ceb34289b62e794ff722ed0 #+pkgconf-pkg-config.ea4d3fe0fca073b8e3eb3b731df4d36c062498864ee04f68ce000a6f282b5621 diff --git a/variants/root-x86_64/rsync b/variants/root-x86_64/rsync @@ -5,7 +5,7 @@ #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+m4.3cffaef6909a65493ddc9aba4c53f77dc594ff5ab8b58c57acaa34c654b09ff3 #+popt.3e3f8b71a43e7c837dff32830175ac07372bc54fbba39564ec0b609dd3c8d8d0 -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 #+zstd.a83f72c5953bd6b7afc171528a503710b3144bf9197961833fd27926b0a18137 #@untar:-z:sha256:4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb:. diff --git a/variants/root-x86_64/s6-networking b/variants/root-x86_64/s6-networking @@ -6,7 +6,7 @@ #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 #+s6.43f7ad2aaeb2646da287c5bddf7c29c44d3f7b68a976beee75b60da44b54759e #+s6-dns.e65a0e1310967e0d4b18fd597993a364969fd35d50d35ba9eb2fd3fc68ffdf4b -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 #@git:2c7b780bdb204caac3faf5613051d71a58de4017:s6-networking : ${JOBS:=1} diff --git a/variants/root-x86_64/system-config b/variants/root-x86_64/system-config @@ -4,7 +4,7 @@ #+gnu-make.444e811a68f4f16724e21354b710fad3592e53a2dbf7c0c78658f3d4e7c8e465 #+aat.9432aa485263e75ca3e43d6511c561a9cd328c417ebe26b890ed4a8061fee06f #+fileset.7159458f5e8c9237e1e1708cafced263dd342d5fd24ccec97ae8092d9b1c5150 -#+rsync.38f0e79525f792ceb40fb17f0e2416c6e6dd928f4e3d72eb3de1a7fb4f50c2f4 +#+rsync.17324a2de81f502f28a596b05b2121ce679bf1e40c5eb2a3b1624e932d9fbcf8 #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 #+kbd.2a0ad895612242729ff63f689075b1bff9295cba0f3eac9c23d79aedf88f6f54 #+mdevd.ce53dc40e066f620a163354acb732a70f019902cf9dbdb45571d368eaf4f67b8 @@ -52,7 +52,7 @@ printf '%s\n' >config/etc/skel/loginexec \ chmod +x config/etc/skel/loginexec env 'pthbs_path_system-config'="$prefix" \ - 'pthbs_path_containers=/versions/env.7d610786c1b988c5d9760b2844ceb51ad96da92357d3282a7f361d2173867f73' \ + 'pthbs_path_containers=/versions/env.5211658361ea12613fadab70aae8e1d3ac259ff8c90d0c3a883fbd0aefe1b1a2' \ 'pthbs_path_mdevd=/versions/env.699c310193b7957c8ec17e16d6846443f99c198e3e2ce6425066f4523de2cf1e' \ make -j${JOBS:-1} -l$((1+${JOBS:-1})) all diff --git a/variants/root-x86_64/system-config-init b/variants/root-x86_64/system-config-init @@ -5,9 +5,9 @@ #+s6-portable-utils.f6171ad521d6be72875f1d5c1b28f966662ba93cfe5790e1ef010f9e76211bc3 #+s6-linux-init.8fbed3537ce9accc1a31e36f4648d1a0df0f1d155fcfa8fb5b1079786cf1442c #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 -#+system-config-rc.5b07876cccd3bca56e76e5f6a31e6390b2adcebe8f558ea4e3337db7b7e15e45 +#+system-config-rc.5479a6a069ea295e7a42f09434df8ebf8bb4226c65369c090b59f456c790d997 -s6rcdb=/versions/system-config-rc.5b07876cccd3bca56e76e5f6a31e6390b2adcebe8f558ea4e3337db7b7e15e45/config/s6-rc-db +s6rcdb=/versions/system-config-rc.5479a6a069ea295e7a42f09434df8ebf8bb4226c65369c090b59f456c790d997/config/s6-rc-db prefix=/versions/$pthbs_package pkgdir="$pthbs_destdir/$prefix" diff --git a/variants/root-x86_64/system-config-rc b/variants/root-x86_64/system-config-rc @@ -3,7 +3,7 @@ #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+s6-rc.c131bb99b2054bcd9705c5a5652822938265a8587a54d2894667b8b620815c7f #+fileset.7159458f5e8c9237e1e1708cafced263dd342d5fd24ccec97ae8092d9b1c5150 -#+system-config.a8a3c2f756df11f83c4f55ddef22e0c5cf3c80b56f0538c410fc276f2015dad0 +#+system-config.8ab08b6c0c4b43d99222e78056b0cb18d1a0d6b5ec16537fd186abe1ddc96438 def_prefix() { prefix=/versions/$pthbs_package @@ -13,7 +13,7 @@ def_dest() { } def_dest -src=/versions/system-config.a8a3c2f756df11f83c4f55ddef22e0c5cf3c80b56f0538c410fc276f2015dad0/config/s6-rc-source +src=/versions/system-config.8ab08b6c0c4b43d99222e78056b0cb18d1a0d6b5ec16537fd186abe1ddc96438/config/s6-rc-source s6-rc-compile ./s6-rc-db "$src" mkdir -p "$dest/config" mv -v s6-rc-db "$dest/config/" diff --git a/variants/root-x86_64/userspace.environment b/variants/root-x86_64/userspace.environment @@ -6,7 +6,7 @@ #+patch.9d8b2c370a0ccf6e5ad48c27070ff1da2d30d41327fd5711a76cf570b34ae523 #+flex.42bdab01fb2083e92a4417d5fb289c468b9a1a5b8092904b965455b74559262f #+bison.d9992ea20119a82e24982f67479e65e94ec0fdc686f024f0ed04e87c83a00ef0 -#+rsync.38f0e79525f792ceb40fb17f0e2416c6e6dd928f4e3d72eb3de1a7fb4f50c2f4 +#+rsync.17324a2de81f502f28a596b05b2121ce679bf1e40c5eb2a3b1624e932d9fbcf8 #+execline.c89bee1b1207461afa2d2ab9250f0940a2a6bbca3e45bdd60037049a75f4adf9 #+s6.43f7ad2aaeb2646da287c5bddf7c29c44d3f7b68a976beee75b60da44b54759e #+s6-rc.c131bb99b2054bcd9705c5a5652822938265a8587a54d2894667b8b620815c7f @@ -15,20 +15,20 @@ #+s6-linux-init.8fbed3537ce9accc1a31e36f4648d1a0df0f1d155fcfa8fb5b1079786cf1442c #+mdevd.ce53dc40e066f620a163354acb732a70f019902cf9dbdb45571d368eaf4f67b8 #+s6-dns.e65a0e1310967e0d4b18fd597993a364969fd35d50d35ba9eb2fd3fc68ffdf4b -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 -#+s6-networking.e1124b592c3af890a148642c18eecc6261d538ac1ab5b25e130e518a434824b1 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 +#+s6-networking.7b6a0856998225393d53e888bea83c4a0ef8c1bedda77df1cdb5d68dd7230b0f #+zsh.4ac9e4166454e8d60c15837b7ca4938abe99db029b3fffa11b1cfd54d40ae09b #+pthbs-banginstall.30ed98ef3fedfb6b25b3f58c27e845f123a22a756b37a5cd75764315bba23571 #+aat.9432aa485263e75ca3e43d6511c561a9cd328c417ebe26b890ed4a8061fee06f #+confz.2c5f5b9bb69976bb57be5de332d8e7a2cf69c0b41c006ee7e6912abe8e8a0edf -#+containers.0ceb53f7e5d4c77bbcdb83b29123a44e54c01517fe90c4b0fc338c15f601c3ea +#+containers.80409072fd048f612740e3b3f9ad0afc674e82ce472d64db4007078363ede442 #+fileset.7159458f5e8c9237e1e1708cafced263dd342d5fd24ccec97ae8092d9b1c5150 #+logincaps.3c7957125c5700c2436df091d2fba6324b1ac5f2bfcd54948f6a5b8049047afc #+snaprep.73784e7863284b4cc1597b76b0d869eb2eaaa5eed08245e629937044a2c0c3b5 -#+curl.2fdbc30e99a55b3b963ae7a49bbce85461eb7b9ad4c022da9918b4d85beaec9a -#+git.c1ad44cdebf427caffb8127de2de9fc6261379500bd0d8287b7cae6ec2c31003 -#+xbps.e82f8c85f25413cdfa1e23926d635ec0d5aa6059a953750d63de49eeacf3c672 -#+apk-tools.f56b624a4ea26318bf9117754fb5e0c564f7f466fedde43e1c45e86278dc2552 +#+curl.9e8d82288bf75a1b3cc3753e2bce42565a8f9525fd2705a1683ebe8f9c1a1cfa +#+git.eb1ba792a7d51701c9659ec9e0ef603d87f1804f0299049a88fa9636d098c2cf +#+xbps.104372b8986c08baa8da00581769dfd06caae7ec5d2c1c63c802605edb98d432 +#+apk-tools.28d6aac945b5cd5deb95da223931da0a4693d77c6c8c81100229e91f7f70eed1 #+getent.a4f1c1679ad9e6d4cd167e921ee8af0f7fce4a2b7886f96223b8c7fe1ba5ba97 #+getconf.2d8409e202963fe34a70113b3fed7da0299f212d739c84f529126f9451886e7e #+iconv.b537e50837859e5b0fa7cc56ee46ff152c638910b9c817cba957f09631c9aad1 diff --git a/variants/root-x86_64/xbps b/variants/root-x86_64/xbps @@ -5,7 +5,7 @@ #+busybox-diffutils.4a0933977737282afcd82b39d435b50946a700fe13472d24e4580a41fa852123 #+m4.3cffaef6909a65493ddc9aba4c53f77dc594ff5ab8b58c57acaa34c654b09ff3 #+libarchive.27442e0362163a464fbcc3f60b8a8ccfba7afeb95fed8e412af2983b40d27f27 -#+libressl.ae4c70b6a794a2f5c03d1ad9cc48b1003abeea6612d99a0c51e5da8c4d8a2bf9 +#+libressl.03a28b9505445a8c4c240cc0c60d7fd651e8cc2acfef1984e54f7da0c514f790 #+pkgconf-pkg-config.ea4d3fe0fca073b8e3eb3b731df4d36c062498864ee04f68ce000a6f282b5621 #@untar:-z:sha256:a6607e83fcd654a0ae846d729e43fefd8da9a61323e91430f884caf895b4f59b:.