From patchwork Mon Nov 10 10:21:39 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74096
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3C8F6CCFA1E
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:03 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45176.1762770117385761815
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:21:57 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=iws4by8+;
 spf=pass (domain: gmail.com, ip: 209.85.216.49,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-3434700be69so3809987a91.1
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:21:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770117; x=1763374917;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=qSk/bfdjoJ+b5Q8OfGPSU6sG60n7E0badv9NIkBErcA=;
        b=iws4by8+2GcDuPyiJVK+mm3QMCbnIKm+DYJ86Ln0pf544oI1XTxj8GQmx25jd4KqRs
         OFya1pe3cbAc+f4PiwAC3hWhtpHWYnazNkbKUx5K7HVYtjX1AbEZMKy4nR7EG8VWqHbM
         lW3uYnbgPXEXrT4F96BZkty70BUDpUANljDMNM4oGIQCr4Yd5pppq4of/FO0B9hEV9xG
         jdAtHTIqdetfPG99gSWDLiHBEG/qrZRNGsCYKuy7rx+UiedSyDPxO44BBHs3Lr8wXPD+
         p7mrnvTOhhh4qA/vPrdeIoBqXpfFtN6bLem8qSirlmSXKW5xax6f3rO/Cfg2+WSrbYvP
         lfOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770117; x=1763374917;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=qSk/bfdjoJ+b5Q8OfGPSU6sG60n7E0badv9NIkBErcA=;
        b=iY5OYw3UOlkeUlXDO5RqEoJ+0wJLw0LcYTkDhYab2sHizC87yS9GV4weR7SNKpWka2
         UKNCwBcJqMqIDs047h0GImgCN0c//mD9sfxhHbnP3urflvFqwFMwqO7DfEdGqUXVYZja
         bhp27CwZ1TzRJnKd1w1j/RW189lNfVTQuJqIvldZRG2dc6FmVT+/M+osgVCsFCq9c6es
         DfW3yNcK/e4BSmc7QAONcyE0MCba4I6ZdSkDPP82sya6yF29Xx0HY0Zk0wnNbo5wAUPE
         edXUXEMsY8T90q4pBNyYFPhd4za+J9fs2YSvWdg0RkbC07/1Hl7HGLqts5yGAVpcIzdF
         o75A==
X-Gm-Message-State: AOJu0YwWv0v61DpRGERfL/OG/lCrVMjwnxl8jWekRkpIeFXjbnExhHxe
	jbXBWeUE1RPjE8c9octyp2rn2iI/3efzBaSgK+LuDAzi5QBjw1KkaLmAx3zMXA==
X-Gm-Gg: ASbGncvMZ4dWNhbvV9ypn8jkv5lH/MalHYOcqx1bA09GY6148VaryLKt0fZyluWumuP
	eLIxr8EhlPBMt0Tv/UO+emilM9TbZzsH7mSDc8FDZxZYMr49uR7aft4XxMfD9AoSwIGc4o/aqqp
	9dwjMY3FYsiHH272o5pYAFJ7LUcyQmny0KB0HqzQrarL/S0kL1eP1RZZuaCrEwl4MOk8J+2dhvP
	e1JeZ35IMTsW6cEGAlMP2QroSno0DntGo/PqVoPopEbavsJG5eBzfEGF2KS/hAbZ/OJo6UVIyuV
	yJkyksGSy0bFwMRSBfGxlqdhiL1KwmzbQp6khTlX5DLYVsnYuL3uyY7Ndkub3uFAuGY906XYXIV
	I3GqDfIO0c8gWuNTMpLwVaJ3yOMvZQWdvclKgO8N1g4tEvS3Vg2zOmEt8ZyPOYDzooHgqm1n/Vv
	jZxouz/RyiBR2uTH0qHZWL32S0
X-Google-Smtp-Source: 
 AGHT+IGV9wSOrQrN7Gf4yFRMkzlQTXzmdvkeW9zicSmB25dXwvhSGiq4gA8LsFgzBqaGN0lgDjR8BQ==
X-Received: by 2002:a17:90b:270a:b0:340:ff89:8b62 with SMTP id
 98e67ed59e1d1-3436cbb4076mr9256519a91.21.1762770116631;
        Mon, 10 Nov 2025 02:21:56 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.21.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:21:56 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 1/9] webkitgtk: upgrade 2.44.3 -> 2.44.4
Date: Mon, 10 Nov 2025 23:21:39 +1300
Message-ID: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:03 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226104

From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Bug fixes only:
https://www.webkitgtk.org/release/webkitgtk-2.44.4.html

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../webkit/{webkitgtk_2.44.3.bb => webkitgtk_2.44.4.bb}         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-sato/webkit/{webkitgtk_2.44.3.bb => webkitgtk_2.44.4.bb} (98%)

diff --git a/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.44.4.bb
similarity index 98%
rename from meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
rename to meta/recipes-sato/webkit/webkitgtk_2.44.4.bb
index a8f825e164..ac9ff41c91 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.44.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.44.4.bb
@@ -17,7 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
            file://t6-not-declared.patch \
            file://30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch \
            "
-SRC_URI[sha256sum] = "dc82d042ecaca981a4852357c06e5235743319cf10a94cd36ad41b97883a0b54"
+SRC_URI[sha256sum] = "2ce4ec1b78413035037aba8326b31ed72696626b7bea7bace5e46ac0d8cbe796"
 
 inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gi-docgen
 

From patchwork Mon Nov 10 10:21:40 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74095
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3BA7ECCFA13
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:03 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45177.1762770119495889142
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:21:59 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=eWGj1djW;
 spf=pass (domain: gmail.com, ip: 209.85.216.49,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-340e525487eso1872775a91.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:21:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770119; x=1763374919;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=seGSPMOh/g7dH34AmYZ5c/Qvq8TfifTO0i14ZVdqTeQ=;
        b=eWGj1djWv6+n/QK2wYvrrztuogWbtlkcO+HyUhNsM99KiKhlT/hvevAviY47ZIXoDL
         SwLq3V/s31NLgKKB+0x93GKpn07w9V4AeVggRYlXkn+sbWqLD7KLeMGp/cXOd2Y5NQNf
         43oYY4qoQVujRfLHYBfV4vhxs+XoirZTx5fq1oj6gQYg/xXoEqa536CT5oiuiDaNaUhf
         xz8UP3XpDTtLaTnnf59BRlQBcLTujweLrDlJVAdEFOM0lS65aUvu4ZblpWwNT45i3d83
         yXLte5crzV39Cqg5WlwgUkTh93grAVVwPvq3zGbmHvXXmaHdyYBU1z+71qnPb8KPi3O6
         vefg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770119; x=1763374919;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=seGSPMOh/g7dH34AmYZ5c/Qvq8TfifTO0i14ZVdqTeQ=;
        b=fxbUZfP5ASHL74HccsU7+7s5q6eahESsJ+sr/D/Pq9V/2E7kliUQPXWiAC0i9VepXb
         fC64WnBrBAYOxUynSXEOur7qEJDcgUdiEJ62kOhW2Mu5wzuQ6FTXDl6SBT8+7lKpAgQO
         4eURvlC5fI0NYJteE00TwaspYYeH+KJX/ZlQ5xEZXcCjjvS9vE7ubS14YoR52AwWE44L
         1cNB5+tlPRHUMOYk3De9bwaOU0pDqQe1onOU8RNRFOQ/VQJUVoYpSuff7ojz9McYWOpj
         KIHVjeE3EhTtSOAxPDlmHlxBjxZH57deUrePDai7rJgc+oXWRO3L0CG/H/8XnORPjGhs
         tCsA==
X-Gm-Message-State: AOJu0YzcYpx7rOGMUZq7+q0EYdbarMMuP5iygz0zSkS4X4A/DO4+uf7O
	/9PzuRvOOR8Rjv55995Mu+poLlZzhJ2W2wdypfyl5HpDcTllCQQzSh3RIePEaw==
X-Gm-Gg: ASbGncvuiyEo48LMR+U7SS+24oNJD6lkOrFoBOTRNvFNexOcWfX7XlzGN3bTpepN1c3
	pzOmfNM3fnsBXJ7vGQjm9R33iK727kbIrHn6CVucblvNHwTOmLn9gTCPIFaAbBHEimwlZb8kvHQ
	ZGzm6l62WHAoXU8EFoIhtNw3WxxXw9L0hdNfrwXaZuhF5rzDR1smKhffbJ0tjYZ0n67FG/jpKPd
	v/+UMelBtkY6P5rvrVwGUnHjqoYGCTnFyM2BMka1EabcYfZJEh4CRvQgRZLuBWH0ITGrE5QGv9s
	NB7HE64uqPC6ac/ZzZpJRM1Fonf9gqfn2umWdbEgU7kBbqpR6jU+mA6a1Cd6LTb7qME6yPIQshL
	/j5PxPwHQiO/1qz8/J9I8QkKK7gPitfyeTMAUztB61nv+4TOXP0hq3pCeKfwZzPLLwgza4p0SbP
	cq/D2aKhBVVUGwT5XvX1MwH/gcGZ4gUuD5QAQ=
X-Google-Smtp-Source: 
 AGHT+IF1BymrsZNvR2GoZsg55SILaOVxmqj044Ux/VQMfbHLU1JvitWSkdeVDa1RhqtSmIRTLeOQ9Q==
X-Received: by 2002:a17:90b:2d48:b0:340:c179:3666 with SMTP id
 98e67ed59e1d1-3436cb73c8fmr8012388a91.8.1762770118715;
        Mon, 10 Nov 2025 02:21:58 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.21.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:21:58 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 2/9] wireless-regdb: upgrade 2024.10.07 ->
 2025.10.07
Date: Mon, 10 Nov 2025 23:21:40 +1300
Message-ID: <20251110102149.2915435-2-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:03 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226105

From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...ireless-regdb_2024.10.07.bb => wireless-regdb_2025.10.07.bb} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2024.10.07.bb => wireless-regdb_2025.10.07.bb} (94%)

diff --git a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2025.10.07.bb
similarity index 94%
rename from meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
rename to meta/recipes-kernel/wireless-regdb/wireless-regdb_2025.10.07.bb
index 0e4100fba7..68ae3b0464 100644
--- a/meta/recipes-kernel/wireless-regdb/wireless-regdb_2024.10.07.bb
+++ b/meta/recipes-kernel/wireless-regdb/wireless-regdb_2025.10.07.bb
@@ -5,7 +5,7 @@ LICENSE = "ISC"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=07c4f6dea3845b02a18dc00c8c87699c"
 
 SRC_URI = "https://www.kernel.org/pub/software/network/${BPN}/${BP}.tar.xz"
-SRC_URI[sha256sum] = "f76f2bd79a653e9f9dd50548d99d03a4a4eb157da056dfd5892f403ec28fb3d5"
+SRC_URI[sha256sum] = "d4c872a44154604c869f5851f7d21d818d492835d370af7f58de8847973801c3"
 
 inherit bin_package allarch
 

From patchwork Mon Nov 10 10:21:41 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74098
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1EB08CCFA13
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:13 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.45254.1762770123426154973
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:03 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=YP6l/zP9;
 spf=pass (domain: gmail.com, ip: 209.85.216.50,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f50.google.com with SMTP id
 98e67ed59e1d1-341988c720aso2326529a91.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770123; x=1763374923;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=lYt5aoqHFChQ1JPmKg3bMBm5uoSKHlvkBu59oz0ljaI=;
        b=YP6l/zP94z13AoO6Soe30N5/2COeFrKkbApUaRaO+0z5aNWOua5S0d4WEjF10x8AQj
         HNDREiCYSqPojvRnKkUVfK6kKOBjrbp1fyQx+IDzCBKP8Kcrkiz14ZEmEtvLE05mHRZN
         K6mSF2xkPSwruQNrwpa6NRb41QH2vh8bpsv3x+4rz7pspUOcHUugZlemQoPNkCE82U38
         I6tlL6U3Ip5/2tjA8TvX70kuqroRzM4qYD3R/9quBPoOhzQBG5C+XpdKJfhqmRl8m+Mp
         gelCzCm3Ig8ugKdvvVY25lE2wYj91TnLAZwYJdMsLY6dUoEPalSTnEcMIaD++SShaVAE
         wpLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770123; x=1763374923;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=lYt5aoqHFChQ1JPmKg3bMBm5uoSKHlvkBu59oz0ljaI=;
        b=OPbYf50cFccqJ7Kk3XpkjwO6g4uYtKhl6JIHZQJ+Ff1FRFGjmLhW7mcRZAIC4K52aH
         EIlZGfEOV60YQxJGfsOwLBE74dsRdMQyFXJMOH3Cyvt899rFWGi7pjuDbPwVoUDms6e0
         aoiruN/Ralaryd5l9vzImSKRO7Lxc4Ac58BxEWWwMQOEpcq2uwcswYcAcGhsp5a1Zxix
         ALhqKiNP2uz0uM/nmOqwhUb8vrNyPjNB6OCiLjY2oslz3PrVSbBu16zSFc/iy2WBER9d
         wcQB1SOIdBF6deTKmbPT0myGZ3mmfBWdUeltmSEgisVM5HVFcP7nr9BpIPC84DYFrpfo
         scHQ==
X-Gm-Message-State: AOJu0YyDUbkdS3/XWQOivzoeEDRnhGiTjTaylM78PtOw3XDbi0lceimS
	PvgiaRvrOpPRF5Bh7ZwVOrzvDA/LhpEYOC4JZiYMR6YrA/wGgt2NYhwvxvOz6w==
X-Gm-Gg: ASbGncuSgls2P6vhXl4+yD4Dsf5EkdCCSmkmCHp8MwW/jzKrCuvwsNHax427+bbMWGT
	fnCq5N1j3AX4oR57NQ7G9MBF2cK/zb2rq1UeU00n3bZbicHm7z+72N8tjQDY/+wVkVdN1Ziy89r
	1S9rfJqsR6vSK2KExG6lD5n47yOuJ71scf6FWl4VlAJC09uFVhrtWEdP4+Od3q2k91zEzbRW3mK
	zbc5G6Gi2TAhRg6+NqtSsl8JcuEM3qpkwChyQxwIHn1Q8lP6KoV8z7ik5rTI5HXL+R1t9WNT7/g
	lTxNNxX1w0dW+YpIzrbSVfBzCRWnkwGrbDHd3ZT32d/xCxPu71PDxu6kBGvMUe49K54RUu9DKB+
	E7s3+aguIVV6sOnvRVeDqEkbW4yqXvgLmZXDESDd12N296fX7bBQ2kPilcXtQ8jPDEqKdq/YTCk
	VvlGtST1ukPdGVTpCs9ynFg4pd
X-Google-Smtp-Source: 
 AGHT+IEYZivkbqx23FcHHPo41+U7texPXWPngFrNBbCdTx2Kyj/541ToGUoBkAmvFuIk5mPSTAKx0g==
X-Received: by 2002:a17:90b:3512:b0:313:1c7b:fc62 with SMTP id
 98e67ed59e1d1-3436cb91aebmr9605171a91.22.1762770122234;
        Mon, 10 Nov 2025 02:22:02 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.21.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:01 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: "Theodore A. Roth" <troth@openavr.org>,
	"Theodore A . Roth" <theodore_roth@trimble.com>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 3/9] ca-certificates: update 20211016 ->
 20240203
Date: Mon, 10 Nov 2025 23:21:41 +1300
Message-ID: <20251110102149.2915435-3-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226106

From: "Theodore A. Roth" <troth@openavr.org>

The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian
Trixie (testing).

Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce19168885a04b0d77e81c1fd1c4262b195a47d4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...mozilla-certdata2pem.py-print-a-warning-for-e.patch | 10 +++++-----
 ...ca-certificates-don-t-use-Debianisms-in-run-p.patch |  6 +++---
 ...ficates_20211016.bb => ca-certificates_20240203.bb} |  2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)
 rename meta/recipes-support/ca-certificates/{ca-certificates_20211016.bb => ca-certificates_20240203.bb} (98%)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
index 5c4a32f526..78898f5150 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog
 index 531e4d0..4006509 100644
 --- a/debian/changelog
 +++ b/debian/changelog
-@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
+@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low
      - "Trustis FPS Root CA"
      - "Staat der Nederlanden Root CA - G3"
    * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
@@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644
  Build-Depends: debhelper-compat (= 13), po-debconf
 -Build-Depends-Indep: python3, openssl, python3-cryptography
 +Build-Depends-Indep: python3, openssl
- Standards-Version: 4.5.0.2
+ Standards-Version: 4.6.2
+ Rules-Requires-Root: no
  Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
- Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
 diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
 index ede23d4..7d796f1 100644
 --- a/mozilla/certdata2pem.py
@@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644
          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
              continue
 -
--        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
--        if cert.not_valid_after < datetime.datetime.now():
+-        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+-        if cert.not_valid_after < datetime.datetime.utcnow():
 -            print('!'*74)
 -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
 -            print('!'*74)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
index 4a8ae5f4b5..1feefeb96a 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates
 ===================================================================
 --- git.orig/sbin/update-ca-certificates
 +++ git/sbin/update-ca-certificates
-@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ]
+@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
  then
  
    echo "Running hooks in $HOOKSDIR..."
 -  VERBOSE_ARG=
 -  [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
--  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
-+  eval run-parts --test "$HOOKSDIR" | while read hook
+-  eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
++  eval run-parts --test "$HOOKSDIR" | while read -r hook
    do
      ( cat "$ADDED"
        cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
similarity index 98%
rename from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
index 99abe60613..b198ea77a9 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
@@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8"
+SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
            file://0002-update-ca-certificates-use-SYSROOT.patch \

From patchwork Mon Nov 10 10:21:42 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74099
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2BAE6CD13D3
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:13 +0000 (UTC)
Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com
 [209.85.216.53])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45181.1762770126440029318
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:06 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=IZ/PStVQ;
 spf=pass (domain: gmail.com, ip: 209.85.216.53,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f53.google.com with SMTP id
 98e67ed59e1d1-3437c093ef5so1130851a91.0
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770126; x=1763374926;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=QLfl/5dcgLmg9godtGqvLLQJBqFZndu1oAmDU3OYoO0=;
        b=IZ/PStVQyE8fCOoQtDRaZOr7nqYfyYg6hnHhUUs//8XwVXCe89GQWJeVfQrIQAw9ok
         6QA3OYF/7DyCU1getQnCpdXxVupe7Jri+fLRiPYYkceKvmcEo3h/tFKKXh8EbMeP5qvq
         eT5MBbYdf+9lKOfNE9pAKPcyL6KwjUyuJMxwCfPMOOkVvKlB1H3PCj/bMftLUcTI64D7
         w8X9DDaPbjvKt8D9TBPd72BszCWUA0X+Goj5i/V6Pf2VX/Q17dTZrpuHLP+DkneU5cdi
         /sNsnYkC/kDdvIYadQeK0y60OGUdbJCLsWUB8G6HtmlAKbKTDBqOqllRinImTnVxs3Wc
         P39Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770126; x=1763374926;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=QLfl/5dcgLmg9godtGqvLLQJBqFZndu1oAmDU3OYoO0=;
        b=pxEGraenqOzH337YrGrOpafUX8D7NO4GuS4SsmS14IfCBm5naMaBDlEdF991VikBFg
         KPDD5vba3I1QJEuIluqytGf22tVSmHOH9A1XYu9VA6FI4cLMwRgSbRKCNqYI0VBwnBdu
         CvjANICQCDLfkLqlZNVQLtldkq9Boo7Z+atUN6MneMLELpnBIo4z+zr0+OhWKhiVfid5
         F813BXuEwQlaxVYiStjBVWhcHvrOi4DkmQJDh5MsVkcsFuh35wIdpkSA4rcDwVrddPhI
         XHy+D0SHD30zWMCUVoXBIzFBE+BT6lMigtC86mS0YjmdMiKMhokbRFteLnTmI+fPqitk
         feIA==
X-Gm-Message-State: AOJu0YwwcLxtOKb7WXGeqR5FLTO5Z9VG8JAEtPhzcs1L8aDfYnHKWhwO
	fgduibvBHSljLDgQoQ+HVOIrLiS2RXk/hxW/kKy+GpuCEJaUBbxMj0SQXmJQSg==
X-Gm-Gg: ASbGncs7mK8qU9YEkGFRkR4tBWN8MZBVZBCMSpJlqiYvsx8y5SZ9BlyYcraG35ZGhuz
	bOpqtg2jRBzy4eWXkQf6NGuc9epNb4awK5cswfEDQ2W2mFWKrTKR4YAFoDHuUSxH4VJb2N2XyYb
	MGjNcKbpbMZl+77nhfFrerjOAPlTmmcSI6K8l1qo8AVWGaL0xJeSudNef7Cf7d6a8AS9/QfUxay
	AWB0CNKSgI3JlrVW0mgmtKV1KPcRdEIZ4+xjKWJ/WeLinNyHDbYHlV6DpgZR5xQqA4L0q0P7aZf
	2VlbXBBnJzFIfqIajYmkBPGqnv0uif6oiqiRNkdaZ72XcPL7rZXIlxVYVcQArWBUNpuHv/gmtSJ
	bZwfCw56rF57DyqLSobCqRwgj0D19HWROvhNTetJ8wvjfb2nDBDrHm7bbV2f87Z9UkcSCxyua5P
	RsZf1Fb/kZHZf/lwC2HoE668YW
X-Google-Smtp-Source: 
 AGHT+IEKlT7qovP/3R7FJLuetSG3nKkUuzwxFJMrT7qKpbITR0aHGWeIuZPl5UrfqkZarGrFL40+Tw==
X-Received: by 2002:a17:90b:3e4b:b0:32b:baaa:21b0 with SMTP id
 98e67ed59e1d1-3436cb73f36mr9678499a91.6.1762770125565;
        Mon, 10 Nov 2025 02:22:05 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:05 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: "Theodore A. Roth" <troth@openavr.org>,
	"Theodore A . Roth" <theodore_roth@trimble.com>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 4/9] ca-certificates: Add comment for
 provenance of SRCREV
Date: Mon, 10 Nov 2025 23:21:42 +1300
Message-ID: <20251110102149.2915435-4-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226107

From: "Theodore A. Roth" <troth@openavr.org>

Provide references for how the SRCREV was arrived at for the 20240203
release.

Signed-off-by: Theodore A. Roth <troth@openavr.org>
Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6916cdb0f05f6644edb1e432a9421595abb9f0ca)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../ca-certificates/ca-certificates_20240203.bb            | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
index b198ea77a9..ac0756471c 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
@@ -14,6 +14,13 @@ DEPENDS:class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
+# Since there is no TAG in the git repository, the SRCREV was determined
+# through comparison of the git repository and the data on the following
+# package informatin pages:
+#
+# * https://packages.debian.org/trixie/ca-certificates
+# * https://packages.ubuntu.com/noble/ca-certificates
+#
 SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
 
 SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \

From patchwork Mon Nov 10 10:21:43 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74097
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1EB45CCFA1E
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:13 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.45257.1762770129089250491
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:09 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=ndOh7mDm;
 spf=pass (domain: gmail.com, ip: 209.85.216.49,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-343514c7854so2561380a91.1
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770128; x=1763374928;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=WsH5apOwNefFtNHK2Dbc4/dutooe2JAS6s7qJgK2BxE=;
        b=ndOh7mDm7ncSziudjzFEduWmPGMiRYFXM3nZCtg+VaFWSzi9lJF727Yh/Yi5L4C5HS
         TgGIEfWjDNRQUABYAQ3BtN9OxUSh98D7CWDt/12kevu0Q1KLgWH5raHarWlvx6hzHAkP
         SuUMVlg6S3HtMxMkb0zHUkymmiwOhBAjoEcn9TvqTGuqF5YNLGCP+S7z14Wqjr0pmOML
         sRQid1XxduLyYVsvK1K6zDw/opkHJ8bi/SuQmMH47/YhTStauQm5yB+JFg7ef4ZiDxc+
         oyDp6p29Db5f9/BSaGM98Kwlvbl3AyNNJneeSoE+XUqh6SiOe2FeP+9SLl6jCpRbYb2i
         EQPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770128; x=1763374928;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=WsH5apOwNefFtNHK2Dbc4/dutooe2JAS6s7qJgK2BxE=;
        b=EG3oJEf+5JaazdiHfJGqeUhc4vf6rWkWaLQ8/3hNJNLq15QR85nlj56yAjs6OhtgCc
         tYaMh8Terq61IHcf+Vpab9lPVrJO4Vv8pkjPzYZxZwhk19sIgGZFd9FZPy0GLiS9KkzI
         aXcAxLj2/KtEC+L8lkg+c9OhwBLj1lTzoxjQ5GrCmQeQff/7lj93Qw+Nz3r67TyJoQBt
         rqc0uK6Ph/IuUMh7llsKbLe1IYwhFACGdCu0vZCFL93flom6V6QIYHT+ae+Kc7Tfh8k6
         I++BJYrqdUDdmKSeOAx0L9LkjWqvzC1NZ+Un8CPvSbQmf6aHwtrjjUIIgfP1xCHqqq64
         aP1A==
X-Gm-Message-State: AOJu0Ywd6pmKERuI7XGhSgV+poAN1TPHODR5uWssdf5HoyjS91JmlJzR
	tehV5JwKO9gzUqRXK6rCx+D0VsAkyjJDSJWMQoF+civy9RMebUx743yNCP1jug==
X-Gm-Gg: ASbGncu6jGogUMEg8FnxNAV8zQ9dwqMJ32x7yqvGmtV9zhnoakeLY5w9QaXXJRleq3z
	nRNuQBuRV1jYMgqnoCVcCSzT/KrT3NDsIgLvjbDpCPnYqG0PPwYXXnfkFOEaI0FpWs6N8BYd+0J
	1uPGrPydSbluanOiUb0bdmJeDxGeYUM4QNDYUyXs6c82v+1ACSoc/YEFewGCRpOiC+g9cbyYxyp
	3ZdI0tOetpWszY29+NCUpPEANT2KCS12gi1Arv/+93JybSYb0/YZYUzRc0ZCAq8giYaq8u/8kBb
	EmXKFnHfQz+dR97dugA3m6zmhUB9RWcKop1MmQ7cVnQoQN9jcwR09aveV58DyC767l6Gqb0T0b+
	+JJh6IEizEgg4KwR9zO0++wj10iJe/L7dMV8xeg8GImhXzl0EnnDtv2ykDe2j0aomXBdCddvMtZ
	wkmcVQEqJ4khr/Ug==
X-Google-Smtp-Source: 
 AGHT+IGtziW38wEUTv7sy0C0lkUcQf1kwJ3bgKjE649FoSCJUJ9AqeROgY3UdxJNlLK0Eq/AlhaAnw==
X-Received: by 2002:a17:90a:ac0e:b0:343:747e:2ca4 with SMTP id
 98e67ed59e1d1-343747e2ff9mr6508226a91.9.1762770128325;
        Mon, 10 Nov 2025 02:22:08 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:08 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 5/9] ca-certificates: get sources from
 debian tarballs
Date: Mon, 10 Nov 2025 23:21:43 +1300
Message-ID: <20251110102149.2915435-5-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226108

From: Alexander Kanavin <alex@linutronix.de>

git repo no longer has tags for recent versions which means
we had missed several of them, and wouldn't be able to get
notifications about any future releases.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81f013fd1312551628701bf36ac62746a2606dbd)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../ca-certificates/ca-certificates_20240203.bb | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
index ac0756471c..eff1d97bc5 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
@@ -14,26 +14,15 @@ DEPENDS:class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-# Since there is no TAG in the git repository, the SRCREV was determined
-# through comparison of the git repository and the data on the following
-# package informatin pages:
-#
-# * https://packages.debian.org/trixie/ca-certificates
-# * https://packages.ubuntu.com/noble/ca-certificates
-#
-SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8"
-
-SRC_URI = "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master \
+SRC_URI[sha256sum] = "3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6"
+SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
            file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
            file://default-sysroot.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
            file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
            "
-UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+)"
-
-S = "${WORKDIR}/git"
-
+S = "${WORKDIR}/ca-certificates"
 inherit allarch
 
 EXTRA_OEMAKE = "\

From patchwork Mon Nov 10 10:21:44 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74100
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2B89ACD13D2
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:13 +0000 (UTC)
Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com
 [209.85.216.52])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45185.1762770131851205189
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:11 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=C2dAgM8Y;
 spf=pass (domain: gmail.com, ip: 209.85.216.52,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f52.google.com with SMTP id
 98e67ed59e1d1-340e525487eso1872895a91.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770131; x=1763374931;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=jUVIN1Zew1NoSH/x3l+A3+LGHJGMkIwOdCZJ6XbKYz8=;
        b=C2dAgM8YKdOSRjLraUDbcRE4FV2MGPFXGcEzZdmTq3Sy9BWdV+WfRYX1gFIFme3XSu
         CcTDt3SWZiYPDd2veD+R4g6m3mzNlTHf0EYlbvEJF53tUw7nrx7qY95pxrW7h9eyViG8
         ppHfmIlVmn6coj0p9zRxxE+b5b1ZyEAkapdXO+nKmOmVbdlr5lEEmg3SaXh0EZwuIF04
         +1wo2DlijJhbPgHYt3Vh04KgoUB0Na3hrFuggIgMOZqstjGDPLvGqy5YhjPNQnXnzEbV
         BbPxT9ui8ecJQNu25ADGf8bA1YT2EiNum7cZjeSpObEm3nmFbJ4BalnEGkK23y3BI1Kk
         /8Kg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770131; x=1763374931;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=jUVIN1Zew1NoSH/x3l+A3+LGHJGMkIwOdCZJ6XbKYz8=;
        b=rc93Uu85jYg1q/aEC+dYhch4fg/9x4QkRH/ekjCvXB6PPlqyiEkYlL0xTyjqyhu/xI
         MnzXL6cGMKn7HT2k/Ew/6ZQsdpeGWDhqelkIBqFKfLxlR0JR7D8Wx6FeQJ1GjAsuZppu
         0tQt77JiuL4AgXBC9xUX0k/eX40ZcBWw9lzJ9n7Qq+JbS+FIgn3//3hPlagrXsn/JVwJ
         17i96DrU4+ypGRbE7Eu3DAte8NueAHauHMLiVPIsBzpup7IgPel2/9IuXvc1AbpBaNQc
         5/zlc22r6N6rzdOoUtiq6lkn2FhM4JoGys36UYv7544md4iixbcsIbOShI6PAHu6BNEW
         MAjw==
X-Gm-Message-State: AOJu0YxufzO0TOlmQsb/fthbPvJZIMySNPVt4QfZx9rMu/gQvNd9KEcL
	bW6nGZ2ECUN9zHsj2biUsr6urJYph94dV8OXAjgUkDrZsQ2B571+z6NoYL6+uQ==
X-Gm-Gg: ASbGncvOqOlC0fTKqNeqLOFgME4TLzgjOjxtKuOjBVOUywKaLhH275kQnxbzHbOlMQj
	8jV1HtOekU1EdVMIt/etQRwAKYd/lsHRygLM01DkqoQ2ySFvU8XZGxf7ofrCRm67chLqzO2o858
	PB/lpXHV6ml6rxk4R2v6MdzIYmxquYT8zpft7o2gbcfHBZhBckyHjjOSYMP/xTC981HthJiRNpv
	H54OKjcZjBwIq49GsN/UAE3svsNJ0P/wt83ERfoS/ZKJQzmMgaVnzhc11jUfsRn1TmeYPtYvk+w
	cyx0nSFaUMIjzLrdG2zD7gz0yQe9fXbZ6D8bT+0a4SftCt/zJaaMKlxiGEfDdKlFFZMAKe2cDPO
	XqnhvA6HBSflLBsSD/pWRRzRbhxT1VzIv92iAb/N1kyfHPMEcCL4S+UvO3Zey9Gh8TUJ3pzKgCG
	dRzsJ/9/w06wKv5oqw9TBUIKH7
X-Google-Smtp-Source: 
 AGHT+IFvlniJHlurX8DV0r29KT/4jvX+lOohoFwbmYNqHbTQ5NYq2nckbVe/8Prj4Wil02zAyvh04g==
X-Received: by 2002:a17:90b:3e4b:b0:341:8ab4:3cf2 with SMTP id
 98e67ed59e1d1-3436cbf886fmr9622516a91.24.1762770130915;
        Mon, 10 Nov 2025 02:22:10 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:10 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 6/9] ca-certificates: upgrade 20240203 ->
 20241223
Date: Mon, 10 Nov 2025 23:21:44 +1300
Message-ID: <20251110102149.2915435-6-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:13 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226109

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 48a236c2f78fee5e6db19c6be23b4a18df025607)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...certdata2pem.py-print-a-warning-for-e.patch | 13 +++++--------
 ...ficates-don-t-use-Debianisms-in-run-p.patch | 14 +++++++++-----
 ...02-update-ca-certificates-use-SYSROOT.patch | 18 +++++++++---------
 ...ficates-use-relative-symlinks-from-ET.patch |  4 ++--
 .../ca-certificates/default-sysroot.patch      | 16 ++++++++++++----
 ...20240203.bb => ca-certificates_20241223.bb} |  2 +-
 6 files changed, 38 insertions(+), 29 deletions(-)
 rename meta/recipes-support/ca-certificates/{ca-certificates_20240203.bb => ca-certificates_20241223.bb} (97%)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
index 78898f5150..da2a247e51 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -1,4 +1,4 @@
-From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
+From 630736f427c0a1bd0be0b5a2f6d51d63b2c4c9fd Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Mon, 18 Oct 2021 12:05:49 +0200
 Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
@@ -16,10 +16,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
  3 files changed, 1 insertion(+), 13 deletions(-)
 
 diff --git a/debian/changelog b/debian/changelog
-index 531e4d0..4006509 100644
+index 52d41ca..bdb2c8a 100644
 --- a/debian/changelog
 +++ b/debian/changelog
-@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low
+@@ -138,7 +138,6 @@ ca-certificates (20211004) unstable; urgency=low
      - "Trustis FPS Root CA"
      - "Staat der Nederlanden Root CA - G3"
    * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
@@ -28,7 +28,7 @@ index 531e4d0..4006509 100644
   -- Julien Cristau <jcristau@debian.org>  Thu, 07 Oct 2021 17:12:47 +0200
  
 diff --git a/debian/control b/debian/control
-index 4434b7a..5c6ba24 100644
+index b5f2ab0..d0e830e 100644
 --- a/debian/control
 +++ b/debian/control
 @@ -3,7 +3,7 @@ Section: misc
@@ -41,7 +41,7 @@ index 4434b7a..5c6ba24 100644
  Rules-Requires-Root: no
  Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
 diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index ede23d4..7d796f1 100644
+index 4df86a2..7d796f1 100644
 --- a/mozilla/certdata2pem.py
 +++ b/mozilla/certdata2pem.py
 @@ -21,16 +21,12 @@
@@ -75,6 +75,3 @@ index ede23d4..7d796f1 100644
          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
                                        .replace(' ', '_')\
                                        .replace('(', '=')\
--- 
-2.20.1
-
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
index 1feefeb96a..cad30929f5 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -1,3 +1,8 @@
+From 348163df412e53b1b7ec3e81ae5f22caa0227c37 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@intel.com>
+Date: Mon, 6 Jul 2015 15:19:41 +0100
+Subject: [PATCH] ca-certificates: remove Debianism in run-parts invocation
+
 ca-certificates is a package from Debian, but some host distros such as Fedora
 have a leaner run-parts provided by cron which doesn't support --verbose or the
  -- separator between arguments and paths.
@@ -9,7 +14,6 @@ This solves errors such as
 | [...]/usr/sbin/update-ca-certificates: line 230: Not a directory: --: command not found
 | E: Not a directory: -- exited with code 127.
 
-
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@intel.com>
 Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
@@ -17,10 +21,10 @@ Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
  sbin/update-ca-certificates | 4 +---
  1 file changed, 1 insertion(+), 3 deletions(-)
 
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 36cdd9a..2d3e1fe 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
 @@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
  then
  
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
index 792b4030b2..48c69f0cbc 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
@@ -1,19 +1,19 @@
-Upstream-Status: Pending
-
-From 724cb153ca0f607fb38b3a8db3ebb2742601cd81 Mon Sep 17 00:00:00 2001
+From cdb53438bae194c1281c31374a901ad7ee460408 Mon Sep 17 00:00:00 2001
 From: Andreas Oberritter <obi@opendreambox.org>
 Date: Tue, 19 Mar 2013 17:14:33 +0100
-Subject: [PATCH 2/2] update-ca-certificates: use $SYSROOT
+Subject: [PATCH] update-ca-certificates: use $SYSROOT
+
+Upstream-Status: Pending
 
 Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
 ---
- sbin/update-ca-certificates |   14 +++++++-------
+ sbin/update-ca-certificates | 14 +++++++-------
  1 file changed, 7 insertions(+), 7 deletions(-)
 
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 5a0a1da..36cdd9a 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
index 4bd967f788..214f88909a 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
@@ -1,4 +1,4 @@
-From a9fc13b2aee55655d58fcb77a3180fa99f96438a Mon Sep 17 00:00:00 2001
+From 38d47c53749c6f16d5d7993410b256116e0ee0b8 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
 Date: Wed, 28 Mar 2018 16:45:05 +0100
 Subject: [PATCH] update-ca-certificates: use relative symlinks from
@@ -45,7 +45,7 @@ Signed-off-by: André Draszik <andre.draszik@jci.com>
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 00f80c7..7e911a9 100755
+index f7d0dbf..97a589c 100755
 --- a/sbin/update-ca-certificates
 +++ b/sbin/update-ca-certificates
 @@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
index f8b0791bea..c2a54c0096 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
@@ -1,13 +1,21 @@
+From 50aadd3eb1c4be43d3decdeb60cede2de5a687be Mon Sep 17 00:00:00 2001
+From: Christopher Larson <chris_larson@mentor.com>
+Date: Fri, 23 Aug 2013 12:26:14 -0700
+Subject: [PATCH] ca-certificates: add recipe (version 20130610)
+
 Upstream-Status: Pending
 
 update-ca-certificates: find SYSROOT relative to its own location
 
 This makes the script relocatable.
+---
+ sbin/update-ca-certificates | 33 +++++++++++++++++++++++++++++++++
+ 1 file changed, 33 insertions(+)
 
-Index: git/sbin/update-ca-certificates
-===================================================================
---- git.orig/sbin/update-ca-certificates
-+++ git/sbin/update-ca-certificates
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 2d3e1fe..f7d0dbf 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
 @@ -66,6 +66,39 @@ do
    shift
  done
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb b/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
similarity index 97%
rename from meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
index eff1d97bc5..bbdc7dd68d 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
@@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRC_URI[sha256sum] = "3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6"
+SRC_URI[sha256sum] = "dd8286d0a9dd35c756fea5f1df3fed1510fb891f376903891b003cd9b1ad7e03"
 SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
            file://0002-update-ca-certificates-use-SYSROOT.patch \
            file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \

From patchwork Mon Nov 10 10:21:45 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74102
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 284D7CCF9E3
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:23 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45186.1762770134881081441
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=hDhIDG5F;
 spf=pass (domain: gmail.com, ip: 209.85.216.54,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-340bcc92c7dso2577168a91.0
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770134; x=1763374934;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=OBWJoWnM1uoP/yRJjK95DMscm/PSlXtrbbMPhto7nkY=;
        b=hDhIDG5FSk1bzPhZ7c7Nj8XCHK6Wa3ySPPAA6pUOSd3jvwlCkLb9Gz8J9hjRr8FEvN
         pLdXOcoNCAc9ntLjc8dUUIJeqh/oaDp/hFOO6UgWRy/VLZB0mpbxLg2BW0Qmv0r1sP+M
         LMYSyJ7t55LIvehyyNoJvPlu8I1jxMiWD7KDPir1TYUZRtsLrib6xipuE8pWbabbc4d6
         9b/qpmVhWl+NWnXuov4Kmt0BtXjjsjYlWK7Ii41PzcqsNsJFomFhg8e7pQnWQGu2t/dH
         1Uncg5BU6hVgkte5e/H4nhdx2YoKr+MjrMrYhCEPbsl0XQovpv2rieo4bHIvyJ8gxrnV
         itew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770134; x=1763374934;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=OBWJoWnM1uoP/yRJjK95DMscm/PSlXtrbbMPhto7nkY=;
        b=bCgv+Ud6XVJ8YnOe5tSOs2zai51VN7lG5UaRPrQsKfOthOPmbr4288gnqISeKQbIXF
         233UpGaiJ9aGkrzt2KmT1cuFazmNBCbiYBPAgQkc39flyx1zLINOZYjHn4l9ogo261OQ
         zCw+Cdi267xXdyLHeDBMSHkn2BDMo58RzM9M8dcm34CK2KOXnl3xj9AFXdhBV5XrdaMd
         h7TGycaavAyDqSOZ+UKC6lAcgC/L+OHcU6m0grgY8CcxV8LTSXIy/Or+lTWz8BVtGLa6
         QdOSHqfkIsMi4l+7qtEII8fYAT4T7BS8wuP0IJzdL59dHgm2jCoXFQDrv0O3B87JVqOp
         KdSQ==
X-Gm-Message-State: AOJu0YzHwmpbXcvxf7w8XDyjoihKbHV998LEOPVvHxe2LxIg9meq12MC
	RYtR1U+C3cZy/hmgRMaduJWtx5dCQ0qfbzGct7sGcBm3BDz9qBCa0kGbBzWkDw==
X-Gm-Gg: ASbGncunGTlZMybLvtnQGIjBAzfWWgCTjX7necShvJuk+2Lq5bzff6Wh7vNECaLyflc
	9/bvZUW2qd4Zbq2wvSws5dyyHLiZIZJ/qzlqcT/xNGNNfFbP73dRXZxYoHCnUX9TplTdunM9Cgd
	N5J+b84p27AX2ljo3N1Cvg1a1rBlN3OCl0UDS1YRjSGioeSr8+PGoabflA/EUle/Cm9Vg4tUtrH
	Aoop/DwVokBV2IFqtOK4eMLSHZY3OBHQLU6aGN2h3GT8d02oiZrQyKaHQveDWklHt5jeJsYHeoJ
	FJjtLExvUtbTEOgI9RKuXULpNWayGLl3niJMU4biGeHq2V+/tGTG7ZScftqP95jS4IgDveg5zZD
	5TY82HZnYdvaeMTOlPJk3nVeYZA2gza8NaHt8gOSaRuxlzZPd2NvteuFR6bqsmVhz6oV7DVmKyt
	4toszzo2tQDxUVmQ==
X-Google-Smtp-Source: 
 AGHT+IECu+GXgYmKQDP4dEgqAhFgkylNIUB4CYOQfqJ4mcSlNeYe2OkNzDLEgaU4+te796ZsL5Cqkg==
X-Received: by 2002:a17:90b:35c2:b0:343:3898:e7c7 with SMTP id
 98e67ed59e1d1-3436ac9d9cfmr11459465a91.12.1762770134002;
        Mon, 10 Nov 2025 02:22:14 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.11
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:13 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>,
	Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 7/9] ca-certificates: submit sysroot patch
 upstream, drop default-sysroot.patch
Date: Mon, 10 Nov 2025 23:21:45 +1300
Message-ID: <20251110102149.2915435-7-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226110

From: Alexander Kanavin <alex@linutronix.de>

ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
was using a non-standard environment variable, and was replaced
with a patch that adds a command line option (and then this
was submitted upstream). ca-certificates recipe was tweaked accordingly,
and nothing else in core or meta-oe is using update-ca-certificates.

Drop default-sysroot.patch as the use case is unclear: sysroot
is explicitly specified in all known invocations of update-ca-certificate,
and if there's a place where it isn't, then update-ca-certificates
will error out trying to write to /etc, and should be fixed to
explicitly specify the sysroot.

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 90d9f0ba674d4fe8e9291f0513c13dff3775c545)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...ca-certificates-add-a-sysroot-option.patch | 36 ++++++++++++
 ...2-update-ca-certificates-use-SYSROOT.patch | 46 ---------------
 ...icates-use-relative-symlinks-from-ET.patch | 18 +++---
 .../ca-certificates/default-sysroot.patch     | 58 -------------------
 .../ca-certificates_20241223.bb               |  9 ++-
 5 files changed, 49 insertions(+), 118 deletions(-)
 create mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch

diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
new file mode 100644
index 0000000000..ba5bb69657
--- /dev/null
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
@@ -0,0 +1,36 @@
+From d6bb773745c2e95fd1a414e916fbed64e0d8df66 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex@linutronix.de>
+Date: Mon, 31 Mar 2025 17:42:25 +0200
+Subject: [PATCH] sbin/update-ca-certificates: add a --sysroot option
+
+This allows using the script in cross-compilation environments
+where the script needs to prefix the sysroot to every other
+directory it operates on. There are individual options
+to set those directories, but using a common prefix option
+instead is a lot less clutter and more robust.
+
+Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/13]
+Signed-off-by: Alexander Kanavin <alex@linutronix.de>
+---
+ sbin/update-ca-certificates | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
+index 4bb77a0..1e737b9 100755
+--- a/sbin/update-ca-certificates
++++ b/sbin/update-ca-certificates
+@@ -59,6 +59,14 @@ do
+     --hooksdir)
+       shift
+       HOOKSDIR="$1";;
++    --sysroot)
++      shift
++      SYSROOT="$1"
++      CERTSCONF="$1/${CERTSCONF}"
++      CERTSDIR="$1/${CERTSDIR}"
++      LOCALCERTSDIR="$1/${LOCALCERTSDIR}"
++      ETCCERTSDIR="$1/${ETCCERTSDIR}"
++      HOOKSDIR="$1/${HOOKSDIR}";;
+     --help|-h|*)
+       echo "$0: [--verbose] [--fresh]"
+       exit;;
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
deleted file mode 100644
index 48c69f0cbc..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/0002-update-ca-certificates-use-SYSROOT.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From cdb53438bae194c1281c31374a901ad7ee460408 Mon Sep 17 00:00:00 2001
-From: Andreas Oberritter <obi@opendreambox.org>
-Date: Tue, 19 Mar 2013 17:14:33 +0100
-Subject: [PATCH] update-ca-certificates: use $SYSROOT
-
-Upstream-Status: Pending
-
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
----
- sbin/update-ca-certificates | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 5a0a1da..36cdd9a 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -24,12 +24,12 @@
- verbose=0
- fresh=0
- default=0
--CERTSCONF=/etc/ca-certificates.conf
--CERTSDIR=/usr/share/ca-certificates
--LOCALCERTSDIR=/usr/local/share/ca-certificates
-+CERTSCONF=$SYSROOT/etc/ca-certificates.conf
-+CERTSDIR=$SYSROOT/usr/share/ca-certificates
-+LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
- CERTBUNDLE=ca-certificates.crt
--ETCCERTSDIR=/etc/ssl/certs
--HOOKSDIR=/etc/ca-certificates/update.d
-+ETCCERTSDIR=$SYSROOT/etc/ssl/certs
-+HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
- 
- while [ $# -gt 0 ];
- do
-@@ -92,9 +92,9 @@ add() {
-   PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
-                                                   -e 's/[()]/=/g' \
-                                                   -e 's/,/_/g').pem"
--  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
-+  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
-   then
--    ln -sf "$CERT" "$PEM"
-+    ln -sf "${CERT##$SYSROOT}" "$PEM"
-     echo "+$PEM" >> "$ADDED"
-   fi
-   # Add trailing newline to certificate, if it is missing (#635570)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
index 214f88909a..929945b56f 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0003-update-ca-certificates-use-relative-symlinks-from-ET.patch
@@ -1,4 +1,4 @@
-From 38d47c53749c6f16d5d7993410b256116e0ee0b8 Mon Sep 17 00:00:00 2001
+From a69933f96a8675369de702bdb55e57dc21f65e7f Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Andr=C3=A9=20Draszik?= <andre.draszik@jci.com>
 Date: Wed, 28 Mar 2018 16:45:05 +0100
 Subject: [PATCH] update-ca-certificates: use relative symlinks from
@@ -45,26 +45,26 @@ Signed-off-by: André Draszik <andre.draszik@jci.com>
  1 file changed, 4 insertions(+), 2 deletions(-)
 
 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index f7d0dbf..97a589c 100755
+index 1e737b9..8510082 100755
 --- a/sbin/update-ca-certificates
 +++ b/sbin/update-ca-certificates
-@@ -29,6 +29,7 @@ CERTSDIR=$SYSROOT/usr/share/ca-certificates
- LOCALCERTSDIR=$SYSROOT/usr/local/share/ca-certificates
+@@ -30,6 +30,7 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
  CERTBUNDLE=ca-certificates.crt
- ETCCERTSDIR=$SYSROOT/etc/ssl/certs
+ ETCCERTSDIR=/etc/ssl/certs
+ HOOKSDIR=/etc/ca-certificates/update.d
 +FSROOT=../../../ # to get from $ETCCERTSDIR to the root of the file system
- HOOKSDIR=$SYSROOT/etc/ca-certificates/update.d
  
  while [ $# -gt 0 ];
-@@ -125,9 +126,10 @@ add() {
+ do
+@@ -100,9 +101,10 @@ add() {
    PEM="$ETCCERTSDIR/$(basename "$CERT" .crt | sed -e 's/ /_/g' \
                                                    -e 's/[()]/=/g' \
                                                    -e 's/,/_/g').pem"
--  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${CERT##$SYSROOT}" ]
+-  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
 +  DST="$(echo ${CERT} | sed -e "s|^$SYSROOT||" -e "s|^/|$FSROOT|" )"
 +  if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "${DST}" ]
    then
--    ln -sf "${CERT##$SYSROOT}" "$PEM"
+-    ln -sf "$CERT" "$PEM"
 +    ln -sf "${DST}" "$PEM"
      echo "+$PEM" >> "$ADDED"
    fi
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch b/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
deleted file mode 100644
index c2a54c0096..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/default-sysroot.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 50aadd3eb1c4be43d3decdeb60cede2de5a687be Mon Sep 17 00:00:00 2001
-From: Christopher Larson <chris_larson@mentor.com>
-Date: Fri, 23 Aug 2013 12:26:14 -0700
-Subject: [PATCH] ca-certificates: add recipe (version 20130610)
-
-Upstream-Status: Pending
-
-update-ca-certificates: find SYSROOT relative to its own location
-
-This makes the script relocatable.
----
- sbin/update-ca-certificates | 33 +++++++++++++++++++++++++++++++++
- 1 file changed, 33 insertions(+)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 2d3e1fe..f7d0dbf 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -66,6 +66,39 @@ do
-   shift
- done
- 
-+if [ -z "$SYSROOT" ]; then
-+  local_which () {
-+    if [ $# -lt 1 ]; then
-+      return 1
-+    fi
-+
-+    (
-+      IFS=:
-+      for entry in $PATH; do
-+        if [ -x "$entry/$1" ]; then
-+          echo "$entry/$1"
-+          exit 0
-+        fi
-+      done
-+      exit 1
-+    )
-+  }
-+
-+  case "$0" in
-+    */*)
-+      sbindir=$(cd ${0%/*} && pwd)
-+      ;;
-+    *)
-+      sbindir=$(cd $(dirname $(local_which $0)) && pwd)
-+      ;;
-+  esac
-+  prefix=${sbindir%/*}
-+  SYSROOT=${prefix%/*}
-+  if [ ! -d "$SYSROOT/usr/share/ca-certificates" ]; then
-+    SYSROOT=
-+  fi
-+fi
-+
- if [ ! -s "$CERTSCONF" ]
- then
-   fresh=1
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb b/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
index bbdc7dd68d..676e9e0c78 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
@@ -16,9 +16,8 @@ PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
 SRC_URI[sha256sum] = "dd8286d0a9dd35c756fea5f1df3fed1510fb891f376903891b003cd9b1ad7e03"
 SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
-           file://0002-update-ca-certificates-use-SYSROOT.patch \
            file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
-           file://default-sysroot.patch \
+           file://0002-sbin-update-ca-certificates-add-a-sysroot-option.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
            file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
            "
@@ -62,7 +61,7 @@ do_install:append:class-target () {
 }
 
 pkg_postinst:${PN}:class-target () {
-    SYSROOT="$D" $D${sbindir}/update-ca-certificates
+    $D${sbindir}/update-ca-certificates --sysroot $D
 }
 
 CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
@@ -71,11 +70,11 @@ CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"
 # we just run update-ca-certificate from do_install() for nativesdk.
 CONFFILES:${PN}:append:class-nativesdk = " ${sysconfdir}/ssl/certs/ca-certificates.crt"
 do_install:append:class-nativesdk () {
-    SYSROOT="${D}${SDKPATHNATIVE}" ${D}${sbindir}/update-ca-certificates
+    ${D}${sbindir}/update-ca-certificates --sysroot ${D}${SDKPATHNATIVE}
 }
 
 do_install:append:class-native () {
-    SYSROOT="${D}${base_prefix}" ${D}${sbindir}/update-ca-certificates
+    ${D}${sbindir}/update-ca-certificates --sysroot ${D}${base_prefix}
 }
 
 RDEPENDS:${PN}:append:class-target = " openssl-bin openssl"

From patchwork Mon Nov 10 10:21:46 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74103
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2E845CD13D2
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:23 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45187.1762770137550052287
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:17 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=cj7pBZKz;
 spf=pass (domain: gmail.com, ip: 209.85.216.48,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-3418ad69672so1867382a91.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770137; x=1763374937;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=EZ1bM1vRZ/GJSfd99GJMpzu4W6Q0ncAFANPSw0OOE/Q=;
        b=cj7pBZKzISHnGRmgaY9/C1hjAhiMIRnqU0f2LpCjtQD2BuFRtEun+LqmYeAV+dfu5H
         WLfCYE0V+/x88Jy6dJp7ez2iSrQwg+cFUcR60zuFwytW+K39+foni4WLgyJD5YCdvVwZ
         uW2Rg9o7k5v112mKzWs3jt1a1Vczcz5ECEQ44AESi9+botPboCb6TPXkNVHHQe0gDAnu
         JAVOOZxhq3lBoLeCozyE5IORfzGfmqEoA/vCMIyh6ZRcZnIl5XC//MEl+s3mQCYi+ywp
         1LyjmwoPFXBiEUIqzF/Ol7aS2d1I5I/y7P4wZwBEr2iNdzc611ME90RyaYtrK8psb6qQ
         /qtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770137; x=1763374937;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=EZ1bM1vRZ/GJSfd99GJMpzu4W6Q0ncAFANPSw0OOE/Q=;
        b=Ha6G1Bhfowr4BJilxjwr2RmX22UNYlcJXKaQQVCDQ+VY6+yY9gxpoJ5FE/H5EmaR9u
         3s0wr6HXk27fAi4JHht6vMgoj9iUbC5SkbfiMUafvKJoAaHZUyreVWxwzZFH+8uUdNn/
         /4+TGku8hgNL3TD6HkZCvNuHSsK38B94y+uk6mmrXhlHrRdnZNqmFrUApVLGw+keVZYk
         +bXyUQ8U6Ld0jN8NJQupAEI/lO4pc+5kE0L8IzuCLtsi70BNln0c7gOi4j0cFHnJO4Ek
         mOkyaSnpji/jQNfec5TIOJWGeb4BY5AKHVQ0tFc8jRWQiavx6CNOXiKzirSs2xYHyRJU
         B0dA==
X-Gm-Message-State: AOJu0YzSyGNzKTDGpd4NnRUQhO+zlqNSnFY9Z/tN1MUPs+OsONdZF1jR
	UArglzMh6TGgTy85b1pTHnBEQs5EBauH/UmEWTlfo7r0oXxZFdtmP9MImrIa6g==
X-Gm-Gg: ASbGnctErTPJ0H8SnFNT2ABpty5RqblZtP+ZxShVKhBgDTraYBwj0HpbXmniapANs3u
	IUW63I+bLLs2x2iG8k/msEr/Y5oDZYk7AxvXWgpoJXSboHlD4LtySf7QkMBOPUinDtJ8DMcC1fI
	78sVm5Y6EBewKGOg3c17/cBSOZZbKOAtHLeb2z/07Axk0XY0tAgWMnn28QklDKSHc8iCTQGouLN
	pi27SNnZZEqoKVFnmwVkX/iYdPlCpffNL2YFZQyC4kYITxe+BVkSr43pti9YNnq/JuYFQqYEQpx
	Ka/P+y7s3dRot+7ZyPSnLwEEkVHGHx+eXyVV3He1WpTjWrCeZPUmaPLA1ppjwEegyy1SnpJH/Pc
	wRoe2+BNtyYAzSv04Da8HQFyc+9V4iHmRQdc7WREU50zkVOM6gyBU+qZ0afGarhtD+sh20BLHiR
	BJXWcJfTlmS2Z7QM74Mk1a5bz0
X-Google-Smtp-Source: 
 AGHT+IFxUaWv68dKFovGuUt77E3HDFS2Cvr9uWplUkWmF2QOxwgmu2pMDgJq+oW4MZwyjYod08GYDg==
X-Received: by 2002:a17:90b:3a83:b0:341:88c5:2073 with SMTP id
 98e67ed59e1d1-3436cb0d1fbmr8419280a91.2.1762770136795;
        Mon, 10 Nov 2025 02:22:16 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:16 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Wang Mingyu <wangmy@fujitsu.com>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 8/9] ca-certificates: upgrade 20241223 ->
 20250419
Date: Mon, 10 Nov 2025 23:21:46 +1300
Message-ID: <20251110102149.2915435-8-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226111

From: Wang Mingyu <wangmy@fujitsu.com>

0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
refreshed for 20250419

0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
removed since it's included in 20250419

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e39cc1fb7234bf2b37856296d3c0d10ddf8cae64)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...ertdata2pem.py-print-a-warning-for-e.patch |  6 ++--
 ...icates-don-t-use-Debianisms-in-run-p.patch |  6 ++--
 ...ca-certificates-add-a-sysroot-option.patch | 36 -------------------
 ...0241223.bb => ca-certificates_20250419.bb} |  3 +-
 4 files changed, 7 insertions(+), 44 deletions(-)
 delete mode 100644 meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
 rename meta/recipes-support/ca-certificates/{ca-certificates_20241223.bb => ca-certificates_20250419.bb} (94%)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
index da2a247e51..1226508c98 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch
@@ -1,4 +1,4 @@
-From 630736f427c0a1bd0be0b5a2f6d51d63b2c4c9fd Mon Sep 17 00:00:00 2001
+From 743774cd53ed1c45bb660eddacf6dadb5ee3e145 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Mon, 18 Oct 2021 12:05:49 +0200
 Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
@@ -16,10 +16,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
  3 files changed, 1 insertion(+), 13 deletions(-)
 
 diff --git a/debian/changelog b/debian/changelog
-index 52d41ca..bdb2c8a 100644
+index dbe3e9c..496e05d 100644
 --- a/debian/changelog
 +++ b/debian/changelog
-@@ -138,7 +138,6 @@ ca-certificates (20211004) unstable; urgency=low
+@@ -156,7 +156,6 @@ ca-certificates (20211004) unstable; urgency=low
      - "Trustis FPS Root CA"
      - "Staat der Nederlanden Root CA - G3"
    * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
index cad30929f5..1a29da756f 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
+++ b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch
@@ -1,4 +1,4 @@
-From 348163df412e53b1b7ec3e81ae5f22caa0227c37 Mon Sep 17 00:00:00 2001
+From 63086d41f76b1c3357e23c6509df72d3f75af20c Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@intel.com>
 Date: Mon, 6 Jul 2015 15:19:41 +0100
 Subject: [PATCH] ca-certificates: remove Debianism in run-parts invocation
@@ -22,10 +22,10 @@ Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
  1 file changed, 1 insertion(+), 3 deletions(-)
 
 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 36cdd9a..2d3e1fe 100755
+index 91d8024..1e737b9 100755
 --- a/sbin/update-ca-certificates
 +++ b/sbin/update-ca-certificates
-@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ]
+@@ -210,9 +210,7 @@ if [ -d "$HOOKSDIR" ]
  then
  
    echo "Running hooks in $HOOKSDIR..."
diff --git a/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch b/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
deleted file mode 100644
index ba5bb69657..0000000000
--- a/meta/recipes-support/ca-certificates/ca-certificates/0002-sbin-update-ca-certificates-add-a-sysroot-option.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From d6bb773745c2e95fd1a414e916fbed64e0d8df66 Mon Sep 17 00:00:00 2001
-From: Alexander Kanavin <alex@linutronix.de>
-Date: Mon, 31 Mar 2025 17:42:25 +0200
-Subject: [PATCH] sbin/update-ca-certificates: add a --sysroot option
-
-This allows using the script in cross-compilation environments
-where the script needs to prefix the sysroot to every other
-directory it operates on. There are individual options
-to set those directories, but using a common prefix option
-instead is a lot less clutter and more robust.
-
-Upstream-Status: Submitted [https://salsa.debian.org/debian/ca-certificates/-/merge_requests/13]
-Signed-off-by: Alexander Kanavin <alex@linutronix.de>
----
- sbin/update-ca-certificates | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
-index 4bb77a0..1e737b9 100755
---- a/sbin/update-ca-certificates
-+++ b/sbin/update-ca-certificates
-@@ -59,6 +59,14 @@ do
-     --hooksdir)
-       shift
-       HOOKSDIR="$1";;
-+    --sysroot)
-+      shift
-+      SYSROOT="$1"
-+      CERTSCONF="$1/${CERTSCONF}"
-+      CERTSDIR="$1/${CERTSDIR}"
-+      LOCALCERTSDIR="$1/${LOCALCERTSDIR}"
-+      ETCCERTSDIR="$1/${ETCCERTSDIR}"
-+      HOOKSDIR="$1/${HOOKSDIR}";;
-     --help|-h|*)
-       echo "$0: [--verbose] [--fresh]"
-       exit;;
diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb b/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
similarity index 94%
rename from meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
rename to meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
index 676e9e0c78..f06a30bd6d 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20241223.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
@@ -14,10 +14,9 @@ DEPENDS:class-nativesdk = "openssl-native"
 # Need rehash from openssl and run-parts from debianutils
 PACKAGE_WRITE_DEPS += "openssl-native debianutils-native"
 
-SRC_URI[sha256sum] = "dd8286d0a9dd35c756fea5f1df3fed1510fb891f376903891b003cd9b1ad7e03"
+SRC_URI[sha256sum] = "33b44ef78653ecd3f0f2f13e5bba6be466be2e7da72182f737912b81798ba5d2"
 SRC_URI = "${DEBIAN_MIRROR}/main/c/ca-certificates/${BPN}_${PV}.tar.xz \
            file://0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch \
-           file://0002-sbin-update-ca-certificates-add-a-sysroot-option.patch \
            file://0003-update-ca-certificates-use-relative-symlinks-from-ET.patch \
            file://0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch \
            "

From patchwork Mon Nov 10 10:21:47 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 74101
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 28522CCFA1E
	for <webhook@archiver.kernel.org>; Mon, 10 Nov 2025 10:22:23 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.45191.1762770140665975969
 for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:20 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=BCeiSD3c;
 spf=pass (domain: gmail.com, ip: 209.85.216.54,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-343684a06b2so1762786a91.1
        for <openembedded-core@lists.openembedded.org>;
 Mon, 10 Nov 2025 02:22:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1762770140; x=1763374940;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Wc3bbpE3UGszUcIXyQoVz4pl3GoUY9hzvslfIE9o7dg=;
        b=BCeiSD3cY98iUKovMMEnNJyig9wTLRFQ7ZlTS5d15NCfkQBDF4LxWmWNmB/sdAoKvn
         uFTohUi5mTgZ2dfFSMNvT8tGWd2kWsAI/Mm6/dfdKj3rV8O7zLsGjyh1ch/wy17HcTqq
         DxPSaYhAXd9EPgJEMvN43nw6r+znq+LzF+S8ldaC3kK8Q/xQXNma86hNYpcfSskLOySJ
         Q0UMVU/Az5CXFJk43XhgXIeB285VhC8UL45kpZFODwyDs98oPPs1LCRKIFObxr7Af/Gr
         0uwphk6Nl3MzQQE1mra72uQfiqzfPbPnkxMhCiJcnqedtTFHlv36PiuJWKe51GjRA9YC
         j3ew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1762770140; x=1763374940;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=Wc3bbpE3UGszUcIXyQoVz4pl3GoUY9hzvslfIE9o7dg=;
        b=i2bGBPD0HRTgD1AeJro3ezV1aB8dZCUja5kTjP1yPCmNArKtX28BxtogvpuHg4AG4N
         A2RoCzTDSzAbTKcpZHHg+edBR4hoDUyBHP1J/gMk0Kabj5hYigqY7eUj47vSB+WnBOTH
         EZ5WvaHFqPkB/4FgK1o5JrCqoOAUfbQz8eZ0zlBSpllgbzXSW5XhB8JTK2P0RwH9TqzX
         jJ8BamEpnGahb9YYaupDIE5RU48XQo6UaLcMwQl/TFSiKvWKe/11jeMDa9IODDy8UYuF
         mZnsq8PJViA71dL2xLlYW3gqa7hxVHSB1YTpj7bQy2Bb9zIvWSfM5mNXRGG4zuGPegWw
         /qYw==
X-Gm-Message-State: AOJu0YzUlKNXUFvLkLVDnq1+8/DDLUrS/28VeFGE+kqj6OCSwUhKBwlX
	1MCLFG9x6xQQ+bKNBJZLOuiuZlprTAHKCjq4Y2OUe9tBDNwsHfFQhK93bHgbQw==
X-Gm-Gg: ASbGncvP+/MOkKulaEuLlddZsOmAU4Z+yuLCkGNwsXvyjgk4QF8LVvnHxOm1PTByMQF
	CtXqDGJayeJR64SuinaON//fmvSxRiv/d3b9yjgViKlvuNpYPFxXVhLUC+zWeG4+LHBvT+i1Awt
	mx3SwyUSxUQDrfeACF5UEVA20UKGJMRNCqB4gaDmw7/PdZ6tCaq0ZNBILLOmeNm9P25mx+efZwt
	2sbzN4AfuNwU8Gi/0HPC1FNK07uO1GdZQkK4wrxS335mA7c9wjOwZHmTaDTOjLUfrBqMqBxKEzW
	/G+XLbu6LIGqaRRKoPgAmVFoKDgol47npgu/HMB5/jqFuAYkURrIK38NxXSUKFL7haHJZYDA1lS
	VjeX8g0iL0zVunOcq3Z6BhgJF/uLL61sAZBfrh+TsEK3OxR32zmv0I8rbaA7WZNFqFlnfj7uJIZ
	M2oXkYxCC2CcMatbmZi+3nKyASIyLouo29Bxg=
X-Google-Smtp-Source: 
 AGHT+IGZBjeCh3ou3lECLbWIgK7GttayMwRInUQ0JnQVmgP9lmEDQtS+Ub9ToIfgw9Q2sqCO5zHvPA==
X-Received: by 2002:a17:90b:3bc6:b0:336:b563:993a with SMTP id
 98e67ed59e1d1-3436cbf7f73mr9545460a91.23.1762770139919;
        Mon, 10 Nov 2025 02:22:19 -0800 (PST)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.248])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-343705c1354sm6999894a91.18.2025.11.10.02.22.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 Nov 2025 02:22:19 -0800 (PST)
From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	WXbet <Wxbet@proton.me>,
	Richard Purdie <richard.purdie@linuxfoundation.org>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 9/9] ca-certificates: fix on-target
 postinstall script
Date: Mon, 10 Nov 2025 23:21:47 +1300
Message-ID: <20251110102149.2915435-9-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
References: <20251110102149.2915435-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 10 Nov 2025 10:22:23 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/226112

From: Gyorgy Sarvari <skandigraun@gmail.com>

When the package is installed directly on the machine (instead of
installing it in the rootfs directly), the postinstall script fails with
the following error:

/usr/sbin/update-ca-certificates: line 75: shift: shift count out of range

The reason is that the "update-ca-certificates" script is executed with
the "--sysroot" argument, and as the sysroot $D is passed. However on the
target system this variable doesn't exist, so the argument is passed without
this mandatory value, and the execution fails.

To avoid this error, check if the $D variable exists, and pass the --sysroot
argument only when it does.

Reported-by: WXbet <Wxbet@proton.me>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cf39461e97098a1b28693299677888ba7e8bfccf)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../ca-certificates/ca-certificates_20250419.bb                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb b/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
index f06a30bd6d..01f594095e 100644
--- a/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
+++ b/meta/recipes-support/ca-certificates/ca-certificates_20250419.bb
@@ -60,7 +60,8 @@ do_install:append:class-target () {
 }
 
 pkg_postinst:${PN}:class-target () {
-    $D${sbindir}/update-ca-certificates --sysroot $D
+    [ -n "$D" ] && sysroot_args="--sysroot $D"
+    $D${sbindir}/update-ca-certificates $sysroot_args
 }
 
 CONFFILES:${PN} += "${sysconfdir}/ca-certificates.conf"