[gnome-continuous-yocto/gnomeostree-3.22-krogoth: 218/246] openssl: Ensure SSL certificates are stored on sysconfdir

[Emmanuele Bassi <ebassi src gnome org>]

commit 8aea6ad597063fce98aefdd0b13cd834b718247a
Author: Otavio Salvador <otavio ossystems com br>
Date:   Mon May 23 17:45:27 2016 -0300

    openssl: Ensure SSL certificates are stored on sysconfdir
    
    Debian and other generic distributions has moved the certificates for
    sysconfdir (/etc/ssl) and made the libdir content to link for it.
    
    This provides several advantages specially for read-only
    rootfs. Another benefit is that it ensures foreign implementations
    (e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
    the certificates) to find the content correctly.
    
    (From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
    
    (From OE-Core rev: 735f4528b5046024f118658cda8ee340ff8aa082)
    
    Signed-off-by: Otavio Salvador <otavio ossystems com br>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
    Signed-off-by: Armin Kuster <akuster808 gmail com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-connectivity/openssl/openssl.inc |   17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)
---
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index a10c45e..20dd740 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -43,8 +43,8 @@ RDEPENDS_${PN}-misc = "${@bb.utils.contains('PACKAGECONFIG', 'perl', 'perl', '',
 # package RRECOMMENDS on this package.  This will enable the configuration
 # file to be installed for both the base openssl package and the libcrypto
 # package since the base openssl package depends on the libcrypto package.
-FILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
-CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
+FILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
+CONFFILES_openssl-conf = "${sysconfdir}/ssl/openssl.cnf"
 RRECOMMENDS_libcrypto += "openssl-conf"
 RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 
@@ -185,6 +185,17 @@ do_install () {
        else
                rm -f ${D}${libdir}/ssl/misc/CA.pl ${D}${libdir}/ssl/misc/tsget
        fi
+
+       # Create SSL structure
+       install -d ${D}${sysconfdir}/ssl/
+       mv ${D}${libdir}/ssl/openssl.cnf \
+          ${D}${libdir}/ssl/certs \
+          ${D}${libdir}/ssl/private \
+          \
+          ${D}${sysconfdir}/ssl/
+       ln -sf ${sysconfdir}/ssl/certs ${D}${libdir}/ssl/certs
+       ln -sf ${sysconfdir}/ssl/private ${D}${libdir}/ssl/private
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${libdir}/ssl/openssl.cnf
 }
 
 do_install_ptest () {
@@ -198,7 +209,7 @@ do_install_ptest () {
        cp -r certs ${D}${PTEST_PATH}
        mkdir -p ${D}${PTEST_PATH}/apps
        ln -sf ${libdir}/ssl/misc/CA.sh  ${D}${PTEST_PATH}/apps
-       ln -sf ${libdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
+       ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps
        ln -sf ${bindir}/openssl         ${D}${PTEST_PATH}/apps
        cp apps/server2.pem             ${D}${PTEST_PATH}/apps
        mkdir -p ${D}${PTEST_PATH}/util