1 |
commit: ce41bffad3bdb68f535d29f553955357d8b47369 |
2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Nov 26 11:09:16 2021 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Nov 28 14:39:01 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce41bffa |
7 |
|
8 |
app-misc/ca-certificates: Eliminate the dep on cryptography |
9 |
|
10 |
The dev-python/cryptography package is no longer portable, due to Rust, |
11 |
so avoid the dependency to make ca-certificates portable again. |
12 |
Apparently, it is used only for some upstream QA check. |
13 |
|
14 |
Closes: https://bugs.gentoo.org/827354 |
15 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
16 |
|
17 |
.../ca-certificates-20211016.3.72.ebuild | 11 ++++----- |
18 |
...ertificates-20211016.3.72-no-cryptography.patch | 27 ++++++++++++++++++++++ |
19 |
2 files changed, 32 insertions(+), 6 deletions(-) |
20 |
|
21 |
diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
22 |
index 86df307180a7..30183fb5044d 100644 |
23 |
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
24 |
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild |
25 |
@@ -62,8 +62,6 @@ CDEPEND="app-misc/c_rehash |
26 |
BDEPEND="${CDEPEND}" |
27 |
if ! ${PRECOMPILED} ; then |
28 |
BDEPEND+=" ${PYTHON_DEPS}" |
29 |
- # See bug #821706 |
30 |
- BDEPEND+=" $(python_gen_any_dep 'dev-python/cryptography[${PYTHON_USEDEP}]')" |
31 |
fi |
32 |
|
33 |
DEPEND="" |
34 |
@@ -76,10 +74,6 @@ RDEPEND="${CDEPEND} |
35 |
|
36 |
S=${WORKDIR} |
37 |
|
38 |
-python_check_deps() { |
39 |
- has_version -b "dev-python/cryptography[${PYTHON_USEDEP}]" |
40 |
-} |
41 |
- |
42 |
pkg_setup() { |
43 |
# For the conversion to having it in CONFIG_PROTECT_MASK, |
44 |
# we need to tell users about it once manually first. |
45 |
@@ -126,6 +120,11 @@ src_prepare() { |
46 |
|
47 |
default |
48 |
eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch |
49 |
+ |
50 |
+ pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die |
51 |
+ eapply "${FILESDIR}"/${P}-no-cryptography.patch |
52 |
+ popd >/dev/null || die |
53 |
+ |
54 |
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') |
55 |
sed -i \ |
56 |
-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \ |
57 |
|
58 |
diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch |
59 |
new file mode 100644 |
60 |
index 000000000000..fb98eb2828e7 |
61 |
--- /dev/null |
62 |
+++ b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch |
63 |
@@ -0,0 +1,27 @@ |
64 |
+Remove the dependency on non-portable dev-python/cryptography. |
65 |
+https://bugs.gentoo.org/821706#c4 by Alex Xu |
66 |
+ |
67 |
+--- a/mozilla/certdata2pem.py |
68 |
++++ b/mozilla/certdata2pem.py |
69 |
+@@ -28,8 +28,6 @@ |
70 |
+ import textwrap |
71 |
+ import io |
72 |
+ |
73 |
+-from cryptography import x509 |
74 |
+- |
75 |
+ |
76 |
+ objects = [] |
77 |
+ |
78 |
+@@ -122,12 +120,6 @@ |
79 |
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: |
80 |
+ continue |
81 |
+ |
82 |
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |
83 |
+- if cert.not_valid_after < datetime.datetime.now(): |
84 |
+- print('!'*74) |
85 |
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) |
86 |
+- print('!'*74) |
87 |
+- |
88 |
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ |
89 |
+ .replace(' ', '_')\ |
90 |
+ .replace('(', '=')\ |