From: sgn <sgn@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] ca-certificates: pull certs from nss
Date: Thu, 22 Jul 2021 16:37:27 +0200 [thread overview]
Message-ID: <20210722143727.Af2hwcRLvym_OkNXxGzPJ9zO351IKiKqzeZXt61Mb9Y@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-32014@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]
There is an updated pull request by sgn against master on the void-packages repository
https://github.com/sgn/void-packages ca-certificates-pull-from-nss
https://github.com/void-linux/void-packages/pull/32014
ca-certificates: pull certs from nss
<!-- Mark items with [x] where applicable -->
#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)
#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [ ] I generally don't use the affected packages but briefly tested this PR
<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!--
#### Does it build and run successfully?
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
- [ ] aarch64-musl
- [ ] armv7l
- [ ] armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/32014.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-ca-certificates-pull-from-nss-32014.patch --]
[-- Type: text/x-diff, Size: 4525 bytes --]
From d32683abaef986a723fcaaa6c5bc1d43e7dcefb7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Fri, 16 Jul 2021 23:41:15 +0700
Subject: [PATCH] ca-certificates: update to 20210119+3.68
---
.../patches/drop-python-dependency.patch | 17 +++++++++
.../update-ca-certificates-destdir.patch | 4 +-
srcpkgs/ca-certificates/template | 37 ++++++++++---------
3 files changed, 39 insertions(+), 19 deletions(-)
create mode 100644 srcpkgs/ca-certificates/patches/drop-python-dependency.patch
diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
new file mode 100644
index 000000000000..4d9140384ba5
--- /dev/null
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@@ -0,0 +1,17 @@
+--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
++++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+@@ -2,8 +2,12 @@
+ # Makefile
+ #
+
+-all:
+- python3 certdata2pem.py
++certdata2pem: certdata2pem.c
++ $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $^ -o $@
++
++all: certdata2pem
++ ./certdata2pem
++ ./remove-expired-certs.sh
+
+ clean:
+ -rm -f *.crt
diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
index 34008701e304..831708b769ff 100644
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@@ -1,5 +1,5 @@
---- a/sbin/update-ca-certificates 2015-05-29 11:09:43.922158838 +0200
-+++ b/sbin/update-ca-certificates 2015-05-29 11:10:06.842632933 +0200
+--- a/work/sbin/update-ca-certificates 2015-05-29 11:09:43.922158838 +0200
++++ b/work/sbin/update-ca-certificates 2015-05-29 11:10:06.842632933 +0200
@@ -24,12 +24,12 @@
verbose=0
fresh=0
diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template
index 854e76a613cd..6d0c2523882b 100644
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@@ -1,26 +1,28 @@
# Template file for 'ca-certificates'
pkgname=ca-certificates
-version=20210119
-revision=2
+version=20210119+3.68
+revision=1
+_nss_version=${version#*+}
bootstrap=yes
conf_files="/etc/ca-certificates.conf"
-wrksrc="work"
+create_wrksrc=yes
+build_wrksrc="work"
hostmakedepends="openssl"
depends="openssl<=2.0_1 run-parts"
-short_desc="Common CA certificates for SSL/TLS"
+short_desc="Common CA certificates for SSL/TLS from Mozilla"
maintainer="Orphaned <orphan@voidlinux.org>"
license="GPL-2.0-or-later, MPL-2.0"
-homepage="https://tracker.debian.org/pkg/ca-certificates"
-distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version}.tar.xz"
-checksum=daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+homepage="https://wiki.mozilla.org/NSS:Root_certs"
+distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
+ ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
+checksum="daa3afae563711c30a0586ddae4336e8e3974c2b627faaca404c4e0141b64665
+ c402b32cac83034ec1c3d826ef4306cd14a066d7d9a6f4c30d82b3bc043c725b"
post_extract() {
- $BUILD_CC $BUILD_CFLAGS ${FILESDIR}/certdata2pem.c -o ${wrksrc}/mozilla/certdata2pem
- cp ${FILESDIR}/remove-expired-certs.sh ${wrksrc}/mozilla
- vsed -i ${wrksrc}/mozilla/Makefile \
- -e 's,python3 certdata2pem.py,./certdata2pem,g'
- vsed -i ${wrksrc}/mozilla/Makefile \
- -e "s;\(.*\)\(certdata2pem.*\);\1\2\n\1./remove-expired-certs.sh;"
+ cp ${FILESDIR}/* $build_wrksrc/mozilla
+ cp nss-${_nss_version}/nss/lib/ckfw/builtins/certdata.txt \
+ nss-${_nss_version}/nss/lib/ckfw/builtins/nssckbi.h \
+ $build_wrksrc/mozilla
}
do_build() {
@@ -28,15 +30,16 @@ do_build() {
}
do_install() {
+ # Cleanup previous run failure
+ rm -f ${DESTDIR}/usr/sbin
vmkdir usr/share/${pkgname}
vmkdir usr/bin
- vmkdir usr/sbin
+ ln -s bin ${DESTDIR}/usr/sbin
vmkdir etc/ssl/certs
make install DESTDIR=${DESTDIR}
- install -Dm644 sbin/update-ca-certificates.8 \
- ${DESTDIR}/usr/share/man/man8/update-ca-certificates.8
+ rm -f ${DESTDIR}/usr/sbin
+ vman sbin/update-ca-certificates.8
cd ${DESTDIR}/usr/share/ca-certificates
find . -name '*.crt' | sort | cut -b3- > ${DESTDIR}/etc/ca-certificates.conf
- mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
ln -s /etc/ssl/certs/ca-certificates.crt ${DESTDIR}/etc/ssl/certs.pem
}
next prev parent reply other threads:[~2021-07-22 14:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-17 2:13 [PR PATCH] ca-certificates: update to 20210119+3.67 sgn
2021-07-18 0:58 ` [PR PATCH] [Updated] " sgn
2021-07-18 21:29 ` [PR REVIEW] ca-certificates: pull certs from nss ericonr
2021-07-19 1:14 ` sgn
2021-07-19 1:14 ` [PR PATCH] [Updated] " sgn
2021-07-19 14:46 ` [PR REVIEW] " sgn
2021-07-19 14:49 ` [PR PATCH] [Updated] " sgn
2021-07-22 14:35 ` sgn
2021-07-22 14:37 ` sgn [this message]
2021-07-22 14:39 ` [PR PATCH] [Merged]: " sgn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210722143727.Af2hwcRLvym_OkNXxGzPJ9zO351IKiKqzeZXt61Mb9Y@z \
--to=sgn@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).