Github messages for voidlinux
 help / color / mirror / Atom feed
* [PR PATCH] ca-certificates: update to 20210119+3.67.
@ 2021-07-17  2:13 sgn
  2021-07-18  0:58 ` [PR PATCH] [Updated] " sgn
                   ` (8 more replies)
  0 siblings, 9 replies; 10+ messages in thread
From: sgn @ 2021-07-17  2:13 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1651 bytes --]

There is a new pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: update to 20210119+3.67.
Fix #31161 

Still problematic
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 3872 bytes --]

From 9a6a4082e7b3cd3d97d8ba3df920d29ac83b65cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.67.

---
 .../patches/drop-python-dependency.patch      | 12 +++++++
 .../update-ca-certificates-destdir.patch      |  4 +--
 srcpkgs/ca-certificates/template              | 31 +++++++++++--------
 3 files changed, 32 insertions(+), 15 deletions(-)
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..8a73e0e2b794
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,12 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -3,7 +3,8 @@
+ #
+ 
+ all:
+-	python3 certdata2pem.py
++	./certdata2pem
++	./remove-expired-certs.sh
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..527e11d5823e 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,29 +1,34 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.67
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+build_wrksrc="work"
+create_wrksrc=yes
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ f6549a9148cd27b394b40c77fa73111d5ea23cdb51d796665de1b7458f88ce7f"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/remove-expired-certs.sh $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		$build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
+	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c \
+		-o mozilla/certdata2pem
 	make ${makejobs}
 }
 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Updated] ca-certificates: update to 20210119+3.67.
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
@ 2021-07-18  0:58 ` sgn
  2021-07-18 21:29 ` [PR REVIEW] ca-certificates: pull certs from nss ericonr
                   ` (7 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-18  0:58 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1622 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: update to 20210119+3.67.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 5568 bytes --]

From ca283741711022e00de72c9fc71dce6edf4a7675 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.67.

While we're at it, stop removing expired certificates in order to help
with reproducibility.
---
 .../files/remove-expired-certs.sh             | 51 -------------------
 .../patches/drop-python-dependency.patch      | 11 ++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 31 ++++++-----
 4 files changed, 31 insertions(+), 66 deletions(-)
 delete mode 100755 srcpkgs/ca-certificates/files/remove-expired-certs.sh
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/files/remove-expired-certs.sh b/srcpkgs/ca-certificates/files/remove-expired-certs.sh
deleted file mode 100755
index 92cda666cad3..000000000000
--- a/srcpkgs/ca-certificates/files/remove-expired-certs.sh
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-# Begin remove-expired-certs.sh
-#
-# Version 20120211
-
-# Make sure the date is parsed correctly on all systems
-mydate()
-{
-  local y=$( echo $1 | cut -d" " -f4 )
-  local M=$( echo $1 | cut -d" " -f1 )
-  local d=$( echo $1 | cut -d" " -f2 )
-  local m
-
-  [ -z "${d}" ] && d="0"
-  [ "${d}" -lt 10 ] && d="0${d}"
-
-  case $M in
-    Jan) m="01";;
-    Feb) m="02";;
-    Mar) m="03";;
-    Apr) m="04";;
-    May) m="05";;
-    Jun) m="06";;
-    Jul) m="07";;
-    Aug) m="08";;
-    Sep) m="09";;
-    Oct) m="10";;
-    Nov) m="11";;
-    Dec) m="12";;
-  esac
-
-  certdate="${y}${m}${d}"
-}
-
-DIR="$1"
-[ -z "$DIR" ] && DIR=$(pwd)
-
-today=$(date +%Y%m%d)
-
-find ${DIR} -type f -a -iname "*.crt" -printf "%p\n" | while read cert; do
-  notafter=$(/usr/bin/openssl x509 -enddate -in "${cert}" -noout)
-  date=$( echo ${notafter} |  sed 's/^notAfter=//' )
-  mydate "$date"
-
-  if [ ${certdate} -lt ${today} ]; then
-     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-     echo "EXPIRED CERTIFICATE FOUND $certdate: \"$(basename ${cert})\""
-     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-     rm -f "${cert}"
-  fi
-done
diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..2b71cd166b18
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,11 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -3,7 +3,7 @@
+ #
+ 
+ all:
+-	python3 certdata2pem.py
++	./certdata2pem
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..35de72536816 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,29 +1,34 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.67
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ f6549a9148cd27b394b40c77fa73111d5ea23cdb51d796665de1b7458f88ce7f"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/remove-expired-certs.sh $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		$build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
+	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c \
+		-o mozilla/certdata2pem
 	make ${makejobs}
 }
 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR REVIEW] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
  2021-07-18  0:58 ` [PR PATCH] [Updated] " sgn
@ 2021-07-18 21:29 ` ericonr
  2021-07-19  1:14 ` sgn
                   ` (6 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: ericonr @ 2021-07-18 21:29 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32014#discussion_r671900115

Comment:
Isn't this commit deleting this script?

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR REVIEW] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
  2021-07-18  0:58 ` [PR PATCH] [Updated] " sgn
  2021-07-18 21:29 ` [PR REVIEW] ca-certificates: pull certs from nss ericonr
@ 2021-07-19  1:14 ` sgn
  2021-07-19  1:14 ` [PR PATCH] [Updated] " sgn
                   ` (5 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-19  1:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 152 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/32014#discussion_r671930734

Comment:
Silly me!

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (2 preceding siblings ...)
  2021-07-19  1:14 ` sgn
@ 2021-07-19  1:14 ` sgn
  2021-07-19 14:46 ` [PR REVIEW] " sgn
                   ` (4 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-19  1:14 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 5505 bytes --]

From 215a6727ac9d589ffdabd5e995bd100cfe215851 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.67.

While we're at it, stop removing expired certificates in order to help
with reproducibility.
---
 .../files/remove-expired-certs.sh             | 51 -------------------
 .../patches/drop-python-dependency.patch      | 11 ++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 30 ++++++-----
 4 files changed, 30 insertions(+), 66 deletions(-)
 delete mode 100755 srcpkgs/ca-certificates/files/remove-expired-certs.sh
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/files/remove-expired-certs.sh b/srcpkgs/ca-certificates/files/remove-expired-certs.sh
deleted file mode 100755
index 92cda666cad3..000000000000
--- a/srcpkgs/ca-certificates/files/remove-expired-certs.sh
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-# Begin remove-expired-certs.sh
-#
-# Version 20120211
-
-# Make sure the date is parsed correctly on all systems
-mydate()
-{
-  local y=$( echo $1 | cut -d" " -f4 )
-  local M=$( echo $1 | cut -d" " -f1 )
-  local d=$( echo $1 | cut -d" " -f2 )
-  local m
-
-  [ -z "${d}" ] && d="0"
-  [ "${d}" -lt 10 ] && d="0${d}"
-
-  case $M in
-    Jan) m="01";;
-    Feb) m="02";;
-    Mar) m="03";;
-    Apr) m="04";;
-    May) m="05";;
-    Jun) m="06";;
-    Jul) m="07";;
-    Aug) m="08";;
-    Sep) m="09";;
-    Oct) m="10";;
-    Nov) m="11";;
-    Dec) m="12";;
-  esac
-
-  certdate="${y}${m}${d}"
-}
-
-DIR="$1"
-[ -z "$DIR" ] && DIR=$(pwd)
-
-today=$(date +%Y%m%d)
-
-find ${DIR} -type f -a -iname "*.crt" -printf "%p\n" | while read cert; do
-  notafter=$(/usr/bin/openssl x509 -enddate -in "${cert}" -noout)
-  date=$( echo ${notafter} |  sed 's/^notAfter=//' )
-  mydate "$date"
-
-  if [ ${certdate} -lt ${today} ]; then
-     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-     echo "EXPIRED CERTIFICATE FOUND $certdate: \"$(basename ${cert})\""
-     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
-     rm -f "${cert}"
-  fi
-done
diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..2b71cd166b18
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,11 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -3,7 +3,7 @@
+ #
+ 
+ all:
+-	python3 certdata2pem.py
++	./certdata2pem
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..0401196c6063 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,29 +1,33 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.67
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ f6549a9148cd27b394b40c77fa73111d5ea23cdb51d796665de1b7458f88ce7f"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		$build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
+	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c \
+		-o mozilla/certdata2pem
 	make ${makejobs}
 }
 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR REVIEW] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (3 preceding siblings ...)
  2021-07-19  1:14 ` [PR PATCH] [Updated] " sgn
@ 2021-07-19 14:46 ` sgn
  2021-07-19 14:49 ` [PR PATCH] [Updated] " sgn
                   ` (3 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-19 14:46 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 204 bytes --]

New review comment by sgn on void-packages repository

https://github.com/void-linux/void-packages/pull/32014#discussion_r672366019

Comment:
I think I'll restore the script. It uses wrapped date anyway.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (4 preceding siblings ...)
  2021-07-19 14:46 ` [PR REVIEW] " sgn
@ 2021-07-19 14:49 ` sgn
  2021-07-22 14:35 ` sgn
                   ` (2 subsequent siblings)
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-19 14:49 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 4526 bytes --]

From b21fa6ad6af9e95f75f4331406fe29fb970ad445 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.67.

---
 .../patches/drop-python-dependency.patch      | 17 +++++++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 37 ++++++++++---------
 3 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..4d9140384ba5
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,17 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -2,8 +2,12 @@
+ # Makefile
+ #
+ 
+-all:
+-	python3 certdata2pem.py
++certdata2pem: certdata2pem.c
++	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $^ -o $@
++
++all: certdata2pem
++	./certdata2pem
++	./remove-expired-certs.sh
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..d44c4804c127 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,26 +1,28 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.67
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ f6549a9148cd27b394b40c77fa73111d5ea23cdb51d796665de1b7458f88ce7f"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/* $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
@@ -28,15 +30,16 @@ do_build() {
 }
 
 do_install() {
+	# Cleanup previous run failure
+	rm -f ${DESTDIR}/usr/sbin
 	vmkdir usr/share/${pkgname}
 	vmkdir usr/bin
-	vmkdir usr/sbin
+	ln -s bin ${DESTDIR}/usr/sbin
 	vmkdir etc/ssl/certs
 	make install DESTDIR=${DESTDIR}
-	install -Dm644 sbin/update-ca-certificates.8 \
-		${DESTDIR}/usr/share/man/man8/update-ca-certificates.8
+	rm -f ${DESTDIR}/usr/sbin
+	vman sbin/update-ca-certificates.8
 	cd ${DESTDIR}/usr/share/ca-certificates
 	find . -name '*.crt' | sort | cut -b3- > ${DESTDIR}/etc/ca-certificates.conf
-	mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
 	ln -s /etc/ssl/certs/ca-certificates.crt ${DESTDIR}/etc/ssl/certs.pem
 }

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (5 preceding siblings ...)
  2021-07-19 14:49 ` [PR PATCH] [Updated] " sgn
@ 2021-07-22 14:35 ` sgn
  2021-07-22 14:37 ` sgn
  2021-07-22 14:39 ` [PR PATCH] [Merged]: " sgn
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-22 14:35 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 4525 bytes --]

From b4a5df0b1a8d0023508ab61e610f8c391abe6b74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.68

---
 .../patches/drop-python-dependency.patch      | 17 +++++++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 37 ++++++++++---------
 3 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..4d9140384ba5
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,17 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -2,8 +2,12 @@
+ # Makefile
+ #
+ 
+-all:
+-	python3 certdata2pem.py
++certdata2pem: certdata2pem.c
++	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $^ -o $@
++
++all: certdata2pem
++	./certdata2pem
++	./remove-expired-certs.sh
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..6d0c2523882b 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,26 +1,28 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.68
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ c402b32cac83034ec1c3d826ef4306cd14a066d7d9a6f4c30d82b3bc043c725b"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/* $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
@@ -28,15 +30,16 @@ do_build() {
 }
 
 do_install() {
+	# Cleanup previous run failure
+	rm -f ${DESTDIR}/usr/sbin
 	vmkdir usr/share/${pkgname}
 	vmkdir usr/bin
-	vmkdir usr/sbin
+	ln -s bin ${DESTDIR}/usr/sbin
 	vmkdir etc/ssl/certs
 	make install DESTDIR=${DESTDIR}
-	install -Dm644 sbin/update-ca-certificates.8 \
-		${DESTDIR}/usr/share/man/man8/update-ca-certificates.8
+	rm -f ${DESTDIR}/usr/sbin
+	vman sbin/update-ca-certificates.8
 	cd ${DESTDIR}/usr/share/ca-certificates
 	find . -name '*.crt' | sort | cut -b3- > ${DESTDIR}/etc/ca-certificates.conf
-	mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
 	ln -s /etc/ssl/certs/ca-certificates.crt ${DESTDIR}/etc/ssl/certs.pem
 }

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (6 preceding siblings ...)
  2021-07-22 14:35 ` sgn
@ 2021-07-22 14:37 ` sgn
  2021-07-22 14:39 ` [PR PATCH] [Merged]: " sgn
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-22 14:37 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 4525 bytes --]

From d32683abaef986a723fcaaa6c5bc1d43e7dcefb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.68

---
 .../patches/drop-python-dependency.patch      | 17 +++++++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 37 ++++++++++---------
 3 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..4d9140384ba5
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,17 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -2,8 +2,12 @@
+ # Makefile
+ #
+ 
+-all:
+-	python3 certdata2pem.py
++certdata2pem: certdata2pem.c
++	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $^ -o $@
++
++all: certdata2pem
++	./certdata2pem
++	./remove-expired-certs.sh
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..6d0c2523882b 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,26 +1,28 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.68
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ c402b32cac83034ec1c3d826ef4306cd14a066d7d9a6f4c30d82b3bc043c725b"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/* $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
@@ -28,15 +30,16 @@ do_build() {
 }
 
 do_install() {
+	# Cleanup previous run failure
+	rm -f ${DESTDIR}/usr/sbin
 	vmkdir usr/share/${pkgname}
 	vmkdir usr/bin
-	vmkdir usr/sbin
+	ln -s bin ${DESTDIR}/usr/sbin
 	vmkdir etc/ssl/certs
 	make install DESTDIR=${DESTDIR}
-	install -Dm644 sbin/update-ca-certificates.8 \
-		${DESTDIR}/usr/share/man/man8/update-ca-certificates.8
+	rm -f ${DESTDIR}/usr/sbin
+	vman sbin/update-ca-certificates.8
 	cd ${DESTDIR}/usr/share/ca-certificates
 	find . -name '*.crt' | sort | cut -b3- > ${DESTDIR}/etc/ca-certificates.conf
-	mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
 	ln -s /etc/ssl/certs/ca-certificates.crt ${DESTDIR}/etc/ssl/certs.pem
 }

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PR PATCH] [Merged]: ca-certificates: pull certs from nss
  2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
                   ` (7 preceding siblings ...)
  2021-07-22 14:37 ` sgn
@ 2021-07-22 14:39 ` sgn
  8 siblings, 0 replies; 10+ messages in thread
From: sgn @ 2021-07-22 14:39 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 1447 bytes --]

There's a merged pull request on the void-packages repository

ca-certificates: pull certs from nss
https://github.com/void-linux/void-packages/pull/32014

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-07-22 14:39 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
2021-07-18  0:58 ` [PR PATCH] [Updated] " sgn
2021-07-18 21:29 ` [PR REVIEW] ca-certificates: pull certs from nss ericonr
2021-07-19  1:14 ` sgn
2021-07-19  1:14 ` [PR PATCH] [Updated] " sgn
2021-07-19 14:46 ` [PR REVIEW] " sgn
2021-07-19 14:49 ` [PR PATCH] [Updated] " sgn
2021-07-22 14:35 ` sgn
2021-07-22 14:37 ` sgn
2021-07-22 14:39 ` [PR PATCH] [Merged]: " sgn

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).