Github messages for voidlinux
 help / color / mirror / Atom feed
From: sgn <sgn@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
Date: Thu, 22 Jul 2021 16:35:29 +0200	[thread overview]
Message-ID: <20210722143529.ZmImSr2vI6n8YQ2qK90c1SZ0dD3-2qVXRj3_WgD3Oao@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-32014@inbox.vuxu.org>

[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]

There is an updated pull request by sgn against master on the void-packages repository

https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014

ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 4525 bytes --]

From b4a5df0b1a8d0023508ab61e610f8c391abe6b74 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.68

---
 .../patches/drop-python-dependency.patch      | 17 +++++++++
 .../update-ca-certificates-destdir.patch      |  4 +-
 srcpkgs/ca-certificates/template              | 37 ++++++++++---------
 3 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch

diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..4d9140384ba5
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,17 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -2,8 +2,12 @@
+ # Makefile
+ #
+ 
+-all:
+-	python3 certdata2pem.py
++certdata2pem: certdata2pem.c
++	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $^ -o $@
++
++all: certdata2pem
++	./certdata2pem
++	./remove-expired-certs.sh
+ 
+ clean:
+ 	-rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
 @@ -24,12 +24,12 @@
  verbose=0
  fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..6d0c2523882b 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,26 +1,28 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.68
+revision=1
+_nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ c402b32cac83034ec1c3d826ef4306cd14a066d7d9a6f4c30d82b3bc043c725b"
 
 post_extract() {
-	$BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
-	cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e 's,python3 certdata2pem.py,./certdata2pem,g'
-	vsed -i ${wrksrc}/mozilla/Makefile \
-		-e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+	cp ${FILESDIR}/* $build_wrksrc/mozilla
+	cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+		nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+		$build_wrksrc/mozilla
 }
 
 do_build() {
@@ -28,15 +30,16 @@ do_build() {
 }
 
 do_install() {
+	# Cleanup previous run failure
+	rm -f ${DESTDIR}/usr/sbin
 	vmkdir usr/share/${pkgname}
 	vmkdir usr/bin
-	vmkdir usr/sbin
+	ln -s bin ${DESTDIR}/usr/sbin
 	vmkdir etc/ssl/certs
 	make install DESTDIR=${DESTDIR}
-	install -Dm644 sbin/update-ca-certificates.8 \
-		${DESTDIR}/usr/share/man/man8/update-ca-certificates.8
+	rm -f ${DESTDIR}/usr/sbin
+	vman sbin/update-ca-certificates.8
 	cd ${DESTDIR}/usr/share/ca-certificates
 	find . -name '*.crt' | sort | cut -b3- > ${DESTDIR}/etc/ca-certificates.conf
-	mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
 	ln -s /etc/ssl/certs/ca-certificates.crt ${DESTDIR}/etc/ssl/certs.pem
 }

  parent reply	other threads:[~2021-07-22 14:35 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-17  2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
2021-07-18  0:58 ` [PR PATCH] [Updated] " sgn
2021-07-18 21:29 ` [PR REVIEW] ca-certificates: pull certs from nss ericonr
2021-07-19  1:14 ` sgn
2021-07-19  1:14 ` [PR PATCH] [Updated] " sgn
2021-07-19 14:46 ` [PR REVIEW] " sgn
2021-07-19 14:49 ` [PR PATCH] [Updated] " sgn
2021-07-22 14:35 ` sgn [this message]
2021-07-22 14:37 ` sgn
2021-07-22 14:39 ` [PR PATCH] [Merged]: " sgn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210722143529.ZmImSr2vI6n8YQ2qK90c1SZ0dD3-2qVXRj3_WgD3Oao@z \
    --to=sgn@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).