update ca-certificates, fix som other things

board/GfA/Display001/BUILD

@@ -1 +1 @@
-642
+643

patches/0019-chroot-700_ssh_exclude_ssh.patch

@@ -0,0 +1,21 @@
+diff --git a/UpdateRootfs.sh.in b/UpdateRootfs.sh.in
+index e5247ab..6d45d3d 100644
+--- a/UpdateRootfs.sh.in
++++ b/UpdateRootfs.sh.in
+@@ -207,6 +207,7 @@ tar -C $GFA_PREFIX/ --exclude=./tmp --exclude=./etc/inittab \
+ 	--exclude=./etc/passwd --exclude=./etc/shadow \
+ 	--exclude=./etc/vncpwd --exclude=./etc/init.d/S99tincd \
+ 	--exclude=./etc/hostapd.conf \
++	--exclude=./root.ssh \
+ 	--exclude=./etc/init.d/M99tincd \
+ 	--exclude=./var/GfA/Display_GSM.ini \
+ 	--exclude=./var/cron/crontabs/root \
+@@ -345,6 +346,8 @@ GID_NOGROUP=`awk -F\: '/nogroup/ {print $3}' $GFA_PREFIX/etc/group`
+ 
+ chown -Rv ${UID_MY}:${GID_NOGROUP} $GFA_PREFIX/var/mysql
+ chown -Rv ${UID_PG}:${GID_PG} $GFA_PREFIX/var/lib/pgsql
++
++chmod 700 $GFA_PREFIX/root/.ssh
+ #==============================================================================
+ # Get Graphics resolution and set dtb to the right resolution
+ BASEBOARD=`cat /tmp/BASEBOARD`

patches/0020-update-ca-certificates-to20190110.patch

@@ -0,0 +1,71 @@
+diff --git a/package/ca-certificates/Config.in b/package/ca-certificates/Config.in
+index a278a62..6bb7182 100644
+--- a/package/ca-certificates/Config.in
++++ b/package/ca-certificates/Config.in
+@@ -6,6 +6,7 @@ config BR2_PACKAGE_CA_CERTIFICATES
+ 	  connections.
+ 
+ 	  It includes, among others, certificate authorities used by the
+-	  Debian infrastructure and those shipped with Mozilla's browsers.
++	  Debian infrastructure and those shipped with Mozilla's
++	  browsers.
+ 
+ 	  http://anonscm.debian.org/gitweb/?p=collab-maint/ca-certificates.git
+diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
+index b467316..e83902f 100644
+--- a/package/ca-certificates/ca-certificates.hash
++++ b/package/ca-certificates/ca-certificates.hash
+@@ -1,3 +1 @@
+-# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
+-sha1   4525a194736c6691dbd59fa87281b722837b4768                         ca-certificates_20160104.tar.xz
+-sha256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd ca-certificates_20160104.tar.xz
++sha256	ee4bf0f4c6398005f5b5ca4e0b87b82837ac5c3b0280a1cb3a63c47555c3a675	ca-certificates_20190110.tar.xz
+diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
+index f26be64..21e2c03 100644
+--- a/package/ca-certificates/ca-certificates.mk
++++ b/package/ca-certificates/ca-certificates.mk
+@@ -4,19 +4,19 @@
+ #
+ ################################################################################
+ 
+-CA_CERTIFICATES_VERSION = 20160104
++CA_CERTIFICATES_VERSION = 20190110
+ CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
+-CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20160104T220912Z/pool/main/c/ca-certificates
++CA_CERTIFICATES_SITE = http://snapshot.debian.org/archive/debian/20190510T144732Z/pool/main/c/ca-certificates
+ CA_CERTIFICATES_DEPENDENCIES = host-openssl
+ # ca-certificates can be built with either python 2 or python 3
+ # but it must be at least python 2.7
+ CA_CERTIFICATES_DEPENDENCIES += \
+ 	$(if $(BR2_PACKAGE_PYTHON3),host-python3,host-python)
+-CA_CERTIFICATES_LICENSE = GPLv2+ (script), MPLv2.0 (data)
++CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
+ CA_CERTIFICATES_LICENSE_FILES = debian/copyright
+ 
+ define CA_CERTIFICATES_BUILD_CMDS
+-	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) all
++	$(TARGET_MAKE_ENV) $(MAKE) -C $(@D) clean all
+ endef
+ 
+ define CA_CERTIFICATES_INSTALL_TARGET_CMDS
+@@ -31,13 +31,17 @@ define CA_CERTIFICATES_INSTALL_TARGET_CMDS
+ 	# Create symlinks to certificates under /etc/ssl/certs
+ 	# and generate the bundle
+ 	cd $(TARGET_DIR) ;\
+-	for i in `find usr/share/ca-certificates -name "*.crt"` ; do \
++	for i in `find usr/share/ca-certificates -name "*.crt" | LC_COLLATE=C sort` ; do \
+ 		ln -sf ../../../$$i etc/ssl/certs/`basename $${i} .crt`.pem ;\
+-		cat $$i >>etc/ssl/certs/ca-certificates.crt ;\
+-	done
++		cat $$i ;\
++	done >$(@D)/ca-certificates.crt
+ 
+ 	# Create symlinks to the certificates by their hash values
+ 	$(HOST_DIR)/usr/bin/c_rehash $(TARGET_DIR)/etc/ssl/certs
++
++	# Install the certificates bundle
++	$(INSTALL) -D -m 644 $(@D)/ca-certificates.crt \
++		$(TARGET_DIR)/etc/ssl/certs/ca-certificates.crt
+ endef
+ 
+ $(eval $(generic-package))