Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date: Thu, 20 Aug 2020 15:08:47
Message-Id: 1597936118.422bad9e2868d936cee3fc6f11706c7aeb1c76e6.whissi@gentoo
1 commit: 422bad9e2868d936cee3fc6f11706c7aeb1c76e6
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Thu Aug 20 15:08:30 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Thu Aug 20 15:08:38 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=422bad9e
7
8 app-misc/ca-certificates: drop old
9
10 Package-Manager: Portage-3.0.3, Repoman-3.0.0
11 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
12
13 app-misc/ca-certificates/Manifest | 2 -
14 .../ca-certificates-20190110.3.43.ebuild | 184 ---------------------
15 .../ca-certificates-20190110.3.53.ebuild | 184 ---------------------
16 3 files changed, 370 deletions(-)
17
18 diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
19 index e62e401ce09..77cdd3b812f 100644
20 --- a/app-misc/ca-certificates/Manifest
21 +++ b/app-misc/ca-certificates/Manifest
22 @@ -1,5 +1,3 @@
23 -DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
24 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
25 -DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
26 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
27 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0
28
29 diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
30 deleted file mode 100644
31 index 21fd74495d0..00000000000
32 --- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
33 +++ /dev/null
34 @@ -1,184 +0,0 @@
35 -# Copyright 1999-2020 Gentoo Authors
36 -# Distributed under the terms of the GNU General Public License v2
37 -
38 -# The Debian ca-certificates package merely takes the CA database as it exists
39 -# in the nss package and repackages it for use by openssl.
40 -#
41 -# The issue with using the compiled debs directly is two fold:
42 -# - they do not update frequently enough for us to rely on them
43 -# - they pull the CA database from nss tip of tree rather than the release
44 -#
45 -# So we take the Debian source tools and combine them with the latest nss
46 -# release to produce (largely) the same end result. The difference is that
47 -# now we know our cert database is kept in sync with nss and, if need be,
48 -# can be sync with nss tip of tree more frequently to respond to bugs.
49 -
50 -# When triaging bugs from users, here's some handy tips:
51 -# - To see what cert is hitting errors, use openssl:
52 -# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
53 -# Focus on the errors written to stderr.
54 -#
55 -# - Look at the upstream log as to why certs were added/removed:
56 -# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
57 -#
58 -# - If people want to add/remove certs, tell them to file w/mozilla:
59 -# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
60 -
61 -EAPI=6
62 -
63 -PYTHON_COMPAT=( python3_{6,7,8} )
64 -
65 -inherit eutils python-any-r1
66 -
67 -if [[ ${PV} == *.* ]] ; then
68 - # Compile from source ourselves.
69 - PRECOMPILED=false
70 - inherit eapi7-ver
71 -
72 - DEB_VER=$(ver_cut 1)
73 - NSS_VER=$(ver_cut 2-)
74 - RTM_NAME="NSS_${NSS_VER//./_}_RTM"
75 -else
76 - # Debian precompiled version.
77 - PRECOMPILED=true
78 - inherit unpacker
79 -fi
80 -
81 -DESCRIPTION="Common CA Certificates PEM files"
82 -HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
83 -NMU_PR=""
84 -if ${PRECOMPILED} ; then
85 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
86 -else
87 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
88 - https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
89 - cacert? (
90 - https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
91 - )"
92 -fi
93 -
94 -LICENSE="MPL-1.1"
95 -SLOT="0"
96 -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
97 -IUSE=""
98 -${PRECOMPILED} || IUSE+=" cacert"
99 -
100 -DEPEND=""
101 -if ${PRECOMPILED} ; then
102 - DEPEND+=" !<sys-apps/portage-2.1.10.41"
103 -fi
104 -# c_rehash: we run `c_rehash`
105 -# debianutils: we run `run-parts`
106 -RDEPEND="${DEPEND}
107 - app-misc/c_rehash
108 - sys-apps/debianutils"
109 -
110 -if ! ${PRECOMPILED}; then
111 - DEPEND+=" ${PYTHON_DEPS}"
112 -fi
113 -
114 -S=${WORKDIR}
115 -
116 -pkg_setup() {
117 - # For the conversion to having it in CONFIG_PROTECT_MASK,
118 - # we need to tell users about it once manually first.
119 - [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
120 - || ewarn "You should run update-ca-certificates manually after etc-update"
121 -}
122 -
123 -src_unpack() {
124 - ${PRECOMPILED} || default
125 -
126 - # Do all the work in the image subdir to avoid conflicting with source
127 - # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
128 - mkdir -p "image/${EPREFIX}" || die
129 - cd "image/${EPREFIX}" || die
130 -
131 - ${PRECOMPILED} && unpacker_src_unpack
132 -}
133 -
134 -src_prepare() {
135 - cd "image/${EPREFIX}" || die
136 - if ! ${PRECOMPILED} ; then
137 - mkdir -p usr/sbin || die
138 - cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
139 - usr/sbin/ || die
140 -
141 - if use cacert ; then
142 - pushd "${S}"/nss-${NSS_VER} >/dev/null || die
143 - eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
144 - popd >/dev/null || die
145 - fi
146 - fi
147 -
148 - default
149 - eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
150 - local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
151 - sed -i \
152 - -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
153 - -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
154 - -e 's/openssl rehash/c_rehash/' \
155 - usr/sbin/update-ca-certificates || die
156 -}
157 -
158 -src_compile() {
159 - cd "image/${EPREFIX}" || die
160 - if ! ${PRECOMPILED} ; then
161 - python_setup
162 - local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
163 - # Grab the database from the nss sources.
164 - cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
165 - emake -C "${d}"
166 -
167 - # Now move the files to the same places that the precompiled would.
168 - mkdir -p etc/ssl/certs \
169 - etc/ca-certificates/update.d \
170 - "${c}"/mozilla \
171 - || die
172 - if use cacert ; then
173 - mkdir -p "${c}"/cacert.org || die
174 - mv "${d}"/CAcert_Inc..crt \
175 - "${c}"/cacert.org/cacert.org_root.crt || die
176 - fi
177 - mv "${d}"/*.crt "${c}"/mozilla/ || die
178 - else
179 - mv usr/share/doc/{ca-certificates,${PF}} || die
180 - fi
181 -
182 - (
183 - echo "# Automatically generated by ${CATEGORY}/${PF}"
184 - echo "# $(date -u)"
185 - echo "# Do not edit."
186 - cd "${c}" || die
187 - find * -name '*.crt' | LC_ALL=C sort
188 - ) > etc/ca-certificates.conf
189 -
190 - sh usr/sbin/update-ca-certificates --root "${S}/image" || die
191 -}
192 -
193 -src_install() {
194 - cp -pPR image/* "${D}"/ || die
195 - if ! ${PRECOMPILED} ; then
196 - cd ${PN}-${DEB_VER} || die
197 - doman sbin/*.8
198 - dodoc debian/README.* examples/ca-certificates-local/README
199 - fi
200 -
201 - echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
202 - doenvd 98ca-certificates
203 -}
204 -
205 -pkg_postinst() {
206 - if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
207 - # if the user has local certs, we need to rebuild again
208 - # to include their stuff in the db.
209 - # However it's too overzealous when the user has custom certs in place.
210 - # --fresh is to clean up dangling symlinks
211 - "${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
212 - fi
213 -
214 - if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
215 - ewarn "Removing the following broken symlinks:"
216 - ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
217 - fi
218 -}
219
220 diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
221 deleted file mode 100644
222 index 0297708d122..00000000000
223 --- a/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
224 +++ /dev/null
225 @@ -1,184 +0,0 @@
226 -# Copyright 1999-2020 Gentoo Authors
227 -# Distributed under the terms of the GNU General Public License v2
228 -
229 -# The Debian ca-certificates package merely takes the CA database as it exists
230 -# in the nss package and repackages it for use by openssl.
231 -#
232 -# The issue with using the compiled debs directly is two fold:
233 -# - they do not update frequently enough for us to rely on them
234 -# - they pull the CA database from nss tip of tree rather than the release
235 -#
236 -# So we take the Debian source tools and combine them with the latest nss
237 -# release to produce (largely) the same end result. The difference is that
238 -# now we know our cert database is kept in sync with nss and, if need be,
239 -# can be sync with nss tip of tree more frequently to respond to bugs.
240 -
241 -# When triaging bugs from users, here's some handy tips:
242 -# - To see what cert is hitting errors, use openssl:
243 -# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
244 -# Focus on the errors written to stderr.
245 -#
246 -# - Look at the upstream log as to why certs were added/removed:
247 -# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
248 -#
249 -# - If people want to add/remove certs, tell them to file w/mozilla:
250 -# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
251 -
252 -EAPI=6
253 -
254 -PYTHON_COMPAT=( python3_{6,7,8} )
255 -
256 -inherit eutils python-any-r1
257 -
258 -if [[ ${PV} == *.* ]] ; then
259 - # Compile from source ourselves.
260 - PRECOMPILED=false
261 - inherit eapi7-ver
262 -
263 - DEB_VER=$(ver_cut 1)
264 - NSS_VER=$(ver_cut 2-)
265 - RTM_NAME="NSS_${NSS_VER//./_}_RTM"
266 -else
267 - # Debian precompiled version.
268 - PRECOMPILED=true
269 - inherit unpacker
270 -fi
271 -
272 -DESCRIPTION="Common CA Certificates PEM files"
273 -HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
274 -NMU_PR=""
275 -if ${PRECOMPILED} ; then
276 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
277 -else
278 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
279 - https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
280 - cacert? (
281 - https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
282 - )"
283 -fi
284 -
285 -LICENSE="MPL-1.1"
286 -SLOT="0"
287 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
288 -IUSE=""
289 -${PRECOMPILED} || IUSE+=" cacert"
290 -
291 -DEPEND=""
292 -if ${PRECOMPILED} ; then
293 - DEPEND+=" !<sys-apps/portage-2.1.10.41"
294 -fi
295 -# c_rehash: we run `c_rehash`
296 -# debianutils: we run `run-parts`
297 -RDEPEND="${DEPEND}
298 - app-misc/c_rehash
299 - sys-apps/debianutils"
300 -
301 -if ! ${PRECOMPILED}; then
302 - DEPEND+=" ${PYTHON_DEPS}"
303 -fi
304 -
305 -S=${WORKDIR}
306 -
307 -pkg_setup() {
308 - # For the conversion to having it in CONFIG_PROTECT_MASK,
309 - # we need to tell users about it once manually first.
310 - [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
311 - || ewarn "You should run update-ca-certificates manually after etc-update"
312 -}
313 -
314 -src_unpack() {
315 - ${PRECOMPILED} || default
316 -
317 - # Do all the work in the image subdir to avoid conflicting with source
318 - # dirs in ${WORKDIR}. Need to perform everything in the offset #381937
319 - mkdir -p "image/${EPREFIX}" || die
320 - cd "image/${EPREFIX}" || die
321 -
322 - ${PRECOMPILED} && unpacker_src_unpack
323 -}
324 -
325 -src_prepare() {
326 - cd "image/${EPREFIX}" || die
327 - if ! ${PRECOMPILED} ; then
328 - mkdir -p usr/sbin || die
329 - cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
330 - usr/sbin/ || die
331 -
332 - if use cacert ; then
333 - pushd "${S}"/nss-${NSS_VER} >/dev/null || die
334 - eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
335 - popd >/dev/null || die
336 - fi
337 - fi
338 -
339 - default
340 - eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
341 - local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
342 - sed -i \
343 - -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
344 - -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
345 - -e 's/openssl rehash/c_rehash/' \
346 - usr/sbin/update-ca-certificates || die
347 -}
348 -
349 -src_compile() {
350 - cd "image/${EPREFIX}" || die
351 - if ! ${PRECOMPILED} ; then
352 - python_setup
353 - local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
354 - # Grab the database from the nss sources.
355 - cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
356 - emake -C "${d}"
357 -
358 - # Now move the files to the same places that the precompiled would.
359 - mkdir -p etc/ssl/certs \
360 - etc/ca-certificates/update.d \
361 - "${c}"/mozilla \
362 - || die
363 - if use cacert ; then
364 - mkdir -p "${c}"/cacert.org || die
365 - mv "${d}"/CAcert_Inc..crt \
366 - "${c}"/cacert.org/cacert.org_root.crt || die
367 - fi
368 - mv "${d}"/*.crt "${c}"/mozilla/ || die
369 - else
370 - mv usr/share/doc/{ca-certificates,${PF}} || die
371 - fi
372 -
373 - (
374 - echo "# Automatically generated by ${CATEGORY}/${PF}"
375 - echo "# $(date -u)"
376 - echo "# Do not edit."
377 - cd "${c}" || die
378 - find * -name '*.crt' | LC_ALL=C sort
379 - ) > etc/ca-certificates.conf
380 -
381 - sh usr/sbin/update-ca-certificates --root "${S}/image" || die
382 -}
383 -
384 -src_install() {
385 - cp -pPR image/* "${D}"/ || die
386 - if ! ${PRECOMPILED} ; then
387 - cd ${PN}-${DEB_VER} || die
388 - doman sbin/*.8
389 - dodoc debian/README.* examples/ca-certificates-local/README
390 - fi
391 -
392 - echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
393 - doenvd 98ca-certificates
394 -}
395 -
396 -pkg_postinst() {
397 - if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
398 - # if the user has local certs, we need to rebuild again
399 - # to include their stuff in the db.
400 - # However it's too overzealous when the user has custom certs in place.
401 - # --fresh is to clean up dangling symlinks
402 - "${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
403 - fi
404 -
405 - if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
406 - ewarn "Removing the following broken symlinks:"
407 - ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
408 - fi
409 -}
Report Message
Find on MARC Find on Google Groups