| 1 |
commit: ce41bffad3bdb68f535d29f553955357d8b47369 |
| 2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Nov 26 11:09:16 2021 +0000 |
| 4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Nov 28 14:39:01 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce41bffa |
| 7 |
|
| 8 |
app-misc/ca-certificates: Eliminate the dep on cryptography |
| 9 |
|
| 10 |
The dev-python/cryptography package is no longer portable, due to Rust, |
| 11 |
so avoid the dependency to make ca-certificates portable again. |
| 12 |
Apparently, it is used only for some upstream QA check. |
| 13 |
|
| 14 |
Closes: https://bugs.gentoo.org/827354 |
| 15 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
| 16 |
|
| 17 |
.../ca-certificates-20211016.3.72.ebuild | 11 ++++----- |
| 18 |
...ertificates-20211016.3.72-no-cryptography.patch | 27 ++++++++++++++++++++++ |
| 19 |
2 files changed, 32 insertions(+), 6 deletions(-) |
| 20 |
|
| 21 |
diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
| 22 |
index 86df307180a7..30183fb5044d 100644 |
| 23 |
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
| 24 |
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
| 25 |
@@ -62,8 +62,6 @@ CDEPEND="app-misc/c_rehash |
| 26 |
BDEPEND="${CDEPEND}" |
| 27 |
if ! ${PRECOMPILED} ; then |
| 28 |
BDEPEND+=" ${PYTHON_DEPS}" |
| 29 |
- # See bug #821706 |
| 30 |
- BDEPEND+=" $(python_gen_any_dep 'dev-python/cryptography[${PYTHON_USEDEP}]')" |
| 31 |
fi |
| 32 |
|
| 33 |
DEPEND="" |
| 34 |
@@ -76,10 +74,6 @@ RDEPEND="${CDEPEND} |
| 35 |
|
| 36 |
S=${WORKDIR} |
| 37 |
|
| 38 |
-python_check_deps() { |
| 39 |
- has_version -b "dev-python/cryptography[${PYTHON_USEDEP}]" |
| 40 |
-} |
| 41 |
- |
| 42 |
pkg_setup() { |
| 43 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
| 44 |
# we need to tell users about it once manually first. |
| 45 |
@@ -126,6 +120,11 @@ src_prepare() { |
| 46 |
|
| 47 |
default |
| 48 |
eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch |
| 49 |
+ |
| 50 |
+ pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die |
| 51 |
+ eapply "${FILESDIR}"/${P}-no-cryptography.patch |
| 52 |
+ popd >/dev/null || die |
| 53 |
+ |
| 54 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
| 55 |
sed -i \ |
| 56 |
-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \ |
| 57 |
|
| 58 |
diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch |
| 59 |
new file mode 100644 |
| 60 |
index 000000000000..fb98eb2828e7 |
| 61 |
--- /dev/null |
| 62 |
+++ b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch |
| 63 |
@@ -0,0 +1,27 @@ |
| 64 |
+Remove the dependency on non-portable dev-python/cryptography. |
| 65 |
+https://bugs.gentoo.org/821706#c4 by Alex Xu |
| 66 |
+ |
| 67 |
+--- a/mozilla/certdata2pem.py |
| 68 |
++++ b/mozilla/certdata2pem.py |
| 69 |
+@@ -28,8 +28,6 @@ |
| 70 |
+ import textwrap |
| 71 |
+ import io |
| 72 |
+ |
| 73 |
+-from cryptography import x509 |
| 74 |
+- |
| 75 |
+ |
| 76 |
+ objects = [] |
| 77 |
+ |
| 78 |
+@@ -122,12 +120,6 @@ |
| 79 |
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
| 80 |
+ continue |
| 81 |
+ |
| 82 |
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |
| 83 |
+- if cert.not_valid_after < datetime.datetime.now(): |
| 84 |
+- print('!'*74) |
| 85 |
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
| 86 |
+- print('!'*74) |
| 87 |
+- |
| 88 |
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
| 89 |
+ .replace(' ', '_')\ |
| 90 |
+ .replace('(', '=')\ |
Archives