From cecb72cb8a6a23a1d780f6852500350ede3ee484 Mon Sep 17 00:00:00 2001
From: Paul Spooren <mail@aparcar.org>
Date: Tue, 5 Apr 2022 10:09:36 +0200
Subject: [PATCH] ca-certificates: reproducible ca-bundle file

The file was generated by a glob matching on all certificates. If the
filesystem was alphabetically sorted it would cause undeterministic
results. Instead use `find` and sort all found certificates.

Signed-off-by: Paul Spooren <mail@aparcar.org>
---
 package/system/ca-certificates/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
index 9fac32e7e3..d217f0ecef 100644
--- a/package/system/ca-certificates/Makefile
+++ b/package/system/ca-certificates/Makefile
@@ -64,7 +64,9 @@ endef
 
 define Package/ca-bundle/install
 	$(INSTALL_DIR) $(1)/etc/ssl/certs
-	cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
+	for CERTFILE in `find $(PKG_INSTALL_DIR)/usr/share/ca-certificates/ -name "*.crt" | sort`; do \
+		cat $$$$CERTFILE >> $(1)/etc/ssl/certs/ca-certificates.crt; \
+	done;
 	$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
 endef
 $(eval $(call BuildPackage,ca-bundle))
-- 
2.30.2