Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
Date: Tue, 08 Aug 2017 07:41:03
Message-Id: 1502178052.a808a89ee2610c910958c27407f83b82cdb9533e.polynomial-c@gentoo
1 commit: a808a89ee2610c910958c27407f83b82cdb9533e
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Tue Aug 8 07:39:24 2017 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Tue Aug 8 07:40:52 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a808a89e
7
8 app-misc/ca-certificates: Removed old.
9
10 Package-Manager: Portage-2.3.6, Repoman-2.3.3
11
12 app-misc/ca-certificates/Manifest | 1 -
13 .../ca-certificates-20161130.3.30.1.ebuild | 182 ---------------------
14 .../ca-certificates-20161130.3.30.ebuild | 182 ---------------------
15 3 files changed, 365 deletions(-)
16
17 diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
18 index 0119c7af89d..a909c17ea2c 100644
19 --- a/app-misc/ca-certificates/Manifest
20 +++ b/app-misc/ca-certificates/Manifest
21 @@ -2,7 +2,6 @@ DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdb
22 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
23 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
24 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
25 -DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
26 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
27 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
28 DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
29
30 diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
31 deleted file mode 100644
32 index a72077ebef8..00000000000
33 --- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
34 +++ /dev/null
35 @@ -1,182 +0,0 @@
36 -# Copyright 1999-2017 Gentoo Foundation
37 -# Distributed under the terms of the GNU General Public License v2
38 -
39 -# The Debian ca-certificates package merely takes the CA database as it exists
40 -# in the nss package and repackages it for use by openssl.
41 -#
42 -# The issue with using the compiled debs directly is two fold:
43 -# - they do not update frequently enough for us to rely on them
44 -# - they pull the CA database from nss tip of tree rather than the release
45 -#
46 -# So we take the Debian source tools and combine them with the latest nss
47 -# release to produce (largely) the same end result. The difference is that
48 -# now we know our cert database is kept in sync with nss and, if need be,
49 -# can be sync with nss tip of tree more frequently to respond to bugs.
50 -
51 -# When triaging bugs from users, here's some handy tips:
52 -# - To see what cert is hitting errors, use openssl:
53 -# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
54 -# Focus on the errors written to stderr.
55 -#
56 -# - Look at the upstream log as to why certs were added/removed:
57 -# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
58 -#
59 -# - If people want to add/remove certs, tell them to file w/mozilla:
60 -# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
61 -
62 -EAPI="5"
63 -PYTHON_COMPAT=( python{2_7,3_4,3_5} )
64 -
65 -inherit eutils python-any-r1
66 -
67 -if [[ ${PV} == *.* ]] ; then
68 - # Compile from source ourselves.
69 - PRECOMPILED=false
70 - inherit versionator
71 -
72 - DEB_VER=$(get_version_component_range 1)
73 - NSS_VER=$(get_version_component_range 2-)
74 - RTM_NAME="NSS_${NSS_VER//./_}_RTM"
75 -else
76 - # Debian precompiled version.
77 - PRECOMPILED=true
78 - inherit unpacker
79 -fi
80 -
81 -DESCRIPTION="Common CA Certificates PEM files"
82 -HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
83 -NMU_PR=""
84 -if ${PRECOMPILED} ; then
85 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
86 -else
87 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
88 - https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
89 - cacert? (
90 - https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
91 - )"
92 -fi
93 -
94 -LICENSE="MPL-1.1"
95 -SLOT="0"
96 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
97 -IUSE="insecure_certs"
98 -${PRECOMPILED} || IUSE+=" cacert"
99 -
100 -DEPEND=""
101 -if ${PRECOMPILED} ; then
102 - DEPEND+=" !<sys-apps/portage-2.1.10.41"
103 -fi
104 -# c_rehash: we run `c_rehash`
105 -# debianutils: we run `run-parts`
106 -RDEPEND="${DEPEND}
107 - app-misc/c_rehash
108 - sys-apps/debianutils"
109 -
110 -if ! ${PRECOMPILED}; then
111 - DEPEND+=" ${PYTHON_DEPS}"
112 -fi
113 -
114 -S=${WORKDIR}
115 -
116 -pkg_setup() {
117 - # For the conversion to having it in CONFIG_PROTECT_MASK,
118 - # we need to tell users about it once manually first.
119 - [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
120 - || ewarn "You should run update-ca-certificates manually after etc-update"
121 -}
122 -
123 -src_unpack() {
124 - ${PRECOMPILED} || default
125 -
126 - # Do all the work in the image subdir to avoid conflicting with source
127 - # dirs in $WORKDIR. Need to perform everything in the offset #381937
128 - mkdir -p "image/${EPREFIX}"
129 - cd "image/${EPREFIX}" || die
130 -
131 - ${PRECOMPILED} && unpacker_src_unpack
132 -}
133 -
134 -src_prepare() {
135 - cd "image/${EPREFIX}" || die
136 - if ! ${PRECOMPILED} ; then
137 - mkdir -p usr/sbin
138 - cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
139 -
140 - if use cacert ; then
141 - pushd "${S}"/nss-${NSS_VER} >/dev/null
142 - epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
143 - popd >/dev/null
144 - fi
145 - fi
146 -
147 - epatch "${FILESDIR}"/${PN}-20150426-root.patch
148 - local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
149 - sed -i \
150 - -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
151 - -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
152 - usr/sbin/update-ca-certificates || die
153 -}
154 -
155 -src_compile() {
156 - cd "image/${EPREFIX}" || die
157 - if ! ${PRECOMPILED} ; then
158 - python_setup
159 - local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
160 - # Grab the database from the nss sources.
161 - cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
162 - emake -C "${d}"
163 -
164 - # Now move the files to the same places that the precompiled would.
165 - mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
166 - if use cacert ; then
167 - mkdir -p "${c}"/cacert.org
168 - mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
169 - fi
170 - mv "${d}"/*.crt "${c}"/mozilla/ || die
171 - else
172 - mv usr/share/doc/{ca-certificates,${PF}} || die
173 - fi
174 -
175 - if ! use insecure_certs ; then
176 - # Remove untrusted certs from StartCom and WoSign (bug #598072)
177 - rm "${c}"/mozilla/StartCom* || die
178 - rm "${c}"/mozilla/WoSign* || die
179 - fi
180 -
181 - (
182 - echo "# Automatically generated by ${CATEGORY}/${PF}"
183 - echo "# $(date -u)"
184 - echo "# Do not edit."
185 - cd "${c}"
186 - find * -name '*.crt' | LC_ALL=C sort
187 - ) > etc/ca-certificates.conf
188 -
189 - sh usr/sbin/update-ca-certificates --root "${S}/image" || die
190 -}
191 -
192 -src_install() {
193 - cp -pPR image/* "${D}"/ || die
194 - if ! ${PRECOMPILED} ; then
195 - cd ca-certificates
196 - doman sbin/*.8
197 - dodoc debian/README.* examples/ca-certificates-local/README
198 - fi
199 -
200 - echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
201 - doenvd 98ca-certificates
202 -}
203 -
204 -pkg_postinst() {
205 - if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
206 - # if the user has local certs, we need to rebuild again
207 - # to include their stuff in the db.
208 - # However it's too overzealous when the user has custom certs in place.
209 - # --fresh is to clean up dangling symlinks
210 - "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
211 - fi
212 -
213 - if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
214 - ewarn "Removing the following broken symlinks:"
215 - ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
216 - fi
217 -}
218
219 diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
220 deleted file mode 100644
221 index a72077ebef8..00000000000
222 --- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
223 +++ /dev/null
224 @@ -1,182 +0,0 @@
225 -# Copyright 1999-2017 Gentoo Foundation
226 -# Distributed under the terms of the GNU General Public License v2
227 -
228 -# The Debian ca-certificates package merely takes the CA database as it exists
229 -# in the nss package and repackages it for use by openssl.
230 -#
231 -# The issue with using the compiled debs directly is two fold:
232 -# - they do not update frequently enough for us to rely on them
233 -# - they pull the CA database from nss tip of tree rather than the release
234 -#
235 -# So we take the Debian source tools and combine them with the latest nss
236 -# release to produce (largely) the same end result. The difference is that
237 -# now we know our cert database is kept in sync with nss and, if need be,
238 -# can be sync with nss tip of tree more frequently to respond to bugs.
239 -
240 -# When triaging bugs from users, here's some handy tips:
241 -# - To see what cert is hitting errors, use openssl:
242 -# openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
243 -# Focus on the errors written to stderr.
244 -#
245 -# - Look at the upstream log as to why certs were added/removed:
246 -# https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
247 -#
248 -# - If people want to add/remove certs, tell them to file w/mozilla:
249 -# https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
250 -
251 -EAPI="5"
252 -PYTHON_COMPAT=( python{2_7,3_4,3_5} )
253 -
254 -inherit eutils python-any-r1
255 -
256 -if [[ ${PV} == *.* ]] ; then
257 - # Compile from source ourselves.
258 - PRECOMPILED=false
259 - inherit versionator
260 -
261 - DEB_VER=$(get_version_component_range 1)
262 - NSS_VER=$(get_version_component_range 2-)
263 - RTM_NAME="NSS_${NSS_VER//./_}_RTM"
264 -else
265 - # Debian precompiled version.
266 - PRECOMPILED=true
267 - inherit unpacker
268 -fi
269 -
270 -DESCRIPTION="Common CA Certificates PEM files"
271 -HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
272 -NMU_PR=""
273 -if ${PRECOMPILED} ; then
274 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
275 -else
276 - SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
277 - https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
278 - cacert? (
279 - https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
280 - )"
281 -fi
282 -
283 -LICENSE="MPL-1.1"
284 -SLOT="0"
285 -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
286 -IUSE="insecure_certs"
287 -${PRECOMPILED} || IUSE+=" cacert"
288 -
289 -DEPEND=""
290 -if ${PRECOMPILED} ; then
291 - DEPEND+=" !<sys-apps/portage-2.1.10.41"
292 -fi
293 -# c_rehash: we run `c_rehash`
294 -# debianutils: we run `run-parts`
295 -RDEPEND="${DEPEND}
296 - app-misc/c_rehash
297 - sys-apps/debianutils"
298 -
299 -if ! ${PRECOMPILED}; then
300 - DEPEND+=" ${PYTHON_DEPS}"
301 -fi
302 -
303 -S=${WORKDIR}
304 -
305 -pkg_setup() {
306 - # For the conversion to having it in CONFIG_PROTECT_MASK,
307 - # we need to tell users about it once manually first.
308 - [[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
309 - || ewarn "You should run update-ca-certificates manually after etc-update"
310 -}
311 -
312 -src_unpack() {
313 - ${PRECOMPILED} || default
314 -
315 - # Do all the work in the image subdir to avoid conflicting with source
316 - # dirs in $WORKDIR. Need to perform everything in the offset #381937
317 - mkdir -p "image/${EPREFIX}"
318 - cd "image/${EPREFIX}" || die
319 -
320 - ${PRECOMPILED} && unpacker_src_unpack
321 -}
322 -
323 -src_prepare() {
324 - cd "image/${EPREFIX}" || die
325 - if ! ${PRECOMPILED} ; then
326 - mkdir -p usr/sbin
327 - cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
328 -
329 - if use cacert ; then
330 - pushd "${S}"/nss-${NSS_VER} >/dev/null
331 - epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
332 - popd >/dev/null
333 - fi
334 - fi
335 -
336 - epatch "${FILESDIR}"/${PN}-20150426-root.patch
337 - local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
338 - sed -i \
339 - -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
340 - -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
341 - usr/sbin/update-ca-certificates || die
342 -}
343 -
344 -src_compile() {
345 - cd "image/${EPREFIX}" || die
346 - if ! ${PRECOMPILED} ; then
347 - python_setup
348 - local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
349 - # Grab the database from the nss sources.
350 - cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
351 - emake -C "${d}"
352 -
353 - # Now move the files to the same places that the precompiled would.
354 - mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
355 - if use cacert ; then
356 - mkdir -p "${c}"/cacert.org
357 - mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
358 - fi
359 - mv "${d}"/*.crt "${c}"/mozilla/ || die
360 - else
361 - mv usr/share/doc/{ca-certificates,${PF}} || die
362 - fi
363 -
364 - if ! use insecure_certs ; then
365 - # Remove untrusted certs from StartCom and WoSign (bug #598072)
366 - rm "${c}"/mozilla/StartCom* || die
367 - rm "${c}"/mozilla/WoSign* || die
368 - fi
369 -
370 - (
371 - echo "# Automatically generated by ${CATEGORY}/${PF}"
372 - echo "# $(date -u)"
373 - echo "# Do not edit."
374 - cd "${c}"
375 - find * -name '*.crt' | LC_ALL=C sort
376 - ) > etc/ca-certificates.conf
377 -
378 - sh usr/sbin/update-ca-certificates --root "${S}/image" || die
379 -}
380 -
381 -src_install() {
382 - cp -pPR image/* "${D}"/ || die
383 - if ! ${PRECOMPILED} ; then
384 - cd ca-certificates
385 - doman sbin/*.8
386 - dodoc debian/README.* examples/ca-certificates-local/README
387 - fi
388 -
389 - echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
390 - doenvd 98ca-certificates
391 -}
392 -
393 -pkg_postinst() {
394 - if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
395 - # if the user has local certs, we need to rebuild again
396 - # to include their stuff in the db.
397 - # However it's too overzealous when the user has custom certs in place.
398 - # --fresh is to clean up dangling symlinks
399 - "${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
400 - fi
401 -
402 - if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
403 - ewarn "Removing the following broken symlinks:"
404 - ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
405 - fi
406 -}