Bundle CA certs on linux if we have a single cert.pem file

[staticfloat]

This closes #13399

[wildart]

So you decided on a file which is probably covered by GPL.

cc @tkelman

[tkelman]

can you explain? thought this was from mozilla ca-certificates? though yes this should be mentioned in LICENSE.md, along with openssl while we're at it

[wildart]

E.g. ca-certificates package on Ubuntu, which generates pem files, is covered by GPL 2. Yes, certificates come from Mozilla but in a plain text (under MPL 2.0), however the script that transforms them into pem is GPL. So, what kind of licence covers pem file?

[Keno]

Definitely MPL 2.0. The FSF has always maintained that compilers etc. do not affect the license of the code being transformed.

[tkelman]

On CentOS 5 where we build the linux tarball binaries, the cert.pem file comes from the openssl package http://mirror.centos.org/centos/5/os/x86_64/CentOS/openssl-0.9.8e-27.el5_10.4.x86_64.rpm

[wildart]

case dismissed

[tkelman]

does need mentioning in license.md, but let's see if this fixes nightly travis

[josefsachsconning]

On Ubuntu, make now gives me

cat: /usr/lib/ssl/cert.pem: No such file or directory
cat: /usr/lib/ssl/cert.pem: No such file or directory
cat: /usr/lib/ssl/cert.pem: No such file or directory

I assume that's harmless, but maybe cat's stderr should be redirected to /dev/null?

[tkelman]

I think this may count as a useless use of cat, we should probably just test for the existence of the file rather than shelling out to cat and string-comparing the output to see if it's empty.

[StefanKarpinski]

I'm a little skeptical that cert files can even be copyrighted. They seems like data rather than code.

[staticfloat]

@tkelman What's a better way of testing for the existence of the file?

[tkelman]

we have a few other places where we shell out to if [ -e ]; then echo exists; fi that could probably work for this