app-misc/ca-certificates: Make removal of untrusted certs optional.

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

2 files changed, 9 insertions, 4 deletions

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
index 93d3a8f0095e..c1d332aec3c9 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
@@ -58,7 +58,7 @@ fi
 LICENSE="MPL-1.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
+IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 DEPEND=""
@@ -136,9 +136,11 @@ src_compile() {
 		mv usr/share/doc/{ca-certificates,${PF}} || die
 	fi
 
-	# Remove untrusted certs from StartCom and WoSign (bug #598072)
-	rm "${c}"/mozilla/StartCom* || die
-	rm "${c}"/mozilla/WoSign* || die
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
 
 	(
 	echo "# Automatically generated by ${CATEGORY}/${PF}"
diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index f11c10f84792..f516f0769776 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -10,5 +10,8 @@
     Include root certs from CAcert (http://www.cacert.org/) and
     Software in the Public Interest (http://www.spi-inc.org/)
   </flag>
+  <flag name="insecure_certs">
+    Install certs which are known to *not* being trustworthy.
+  </flag>
 </use>
 </pkgmetadata>