From a49e28c78cc0977fbac8ecbe5036a7c084dc8ceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= Date: Tue, 9 May 2023 22:53:18 +0700 Subject: [PATCH] ca-certificates: update to 20230311+3.89.1. Also stop remove expired certs, for reproducibility. --- .../files/remove-expired-certs.sh | 51 ------------------- .../patches/busybox-flags.patch | 14 ----- .../patches/drop-python-dependency.patch | 7 ++- .../update-ca-certificates-destdir.patch | 9 ++-- srcpkgs/ca-certificates/template | 11 ++-- 5 files changed, 12 insertions(+), 80 deletions(-) delete mode 100755 srcpkgs/ca-certificates/files/remove-expired-certs.sh delete mode 100644 srcpkgs/ca-certificates/patches/busybox-flags.patch diff --git a/srcpkgs/ca-certificates/files/remove-expired-certs.sh b/srcpkgs/ca-certificates/files/remove-expired-certs.sh deleted file mode 100755 index 92cda666cad..00000000000 --- a/srcpkgs/ca-certificates/files/remove-expired-certs.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# Begin remove-expired-certs.sh -# -# Version 20120211 - -# Make sure the date is parsed correctly on all systems -mydate() -{ - local y=$( echo $1 | cut -d" " -f4 ) - local M=$( echo $1 | cut -d" " -f1 ) - local d=$( echo $1 | cut -d" " -f2 ) - local m - - [ -z "${d}" ] && d="0" - [ "${d}" -lt 10 ] && d="0${d}" - - case $M in - Jan) m="01";; - Feb) m="02";; - Mar) m="03";; - Apr) m="04";; - May) m="05";; - Jun) m="06";; - Jul) m="07";; - Aug) m="08";; - Sep) m="09";; - Oct) m="10";; - Nov) m="11";; - Dec) m="12";; - esac - - certdate="${y}${m}${d}" -} - -DIR="$1" -[ -z "$DIR" ] && DIR=$(pwd) - -today=$(date +%Y%m%d) - -find ${DIR} -type f -a -iname "*.crt" -printf "%p\n" | while read cert; do - notafter=$(/usr/bin/openssl x509 -enddate -in "${cert}" -noout) - date=$( echo ${notafter} | sed 's/^notAfter=//' ) - mydate "$date" - - if [ ${certdate} -lt ${today} ]; then - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - echo "EXPIRED CERTIFICATE FOUND $certdate: \"$(basename ${cert})\"" - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" - rm -f "${cert}" - fi -done diff --git a/srcpkgs/ca-certificates/patches/busybox-flags.patch b/srcpkgs/ca-certificates/patches/busybox-flags.patch deleted file mode 100644 index 0f109e1b0bc..00000000000 --- a/srcpkgs/ca-certificates/patches/busybox-flags.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates ---- a/work/sbin/update-ca-certificates -+++ b/work/sbin/update-ca-certificates -@@ -81,8 +81,8 @@ trap cleanup 0 - # Helper files. (Some of them are not simple arrays because we spawn - # subshells later on.) - TEMPBUNDLE="${ETCCERTSDIR}/${CERTBUNDLE}.new" --ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" --REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")" -+ADDED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")" -+REMOVED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink - # in /etc/ssl/certs to the certificate file and its inclusion into the diff --git a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch index 4d9140384ba..409d6fde69f 100644 --- a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch +++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch @@ -1,6 +1,6 @@ ---- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile -+++ ca-certificates-20210119+3.67/work/mozilla/Makefile -@@ -2,8 +2,12 @@ +--- a/ca-certificates/mozilla/Makefile ++++ b/ca-certificates/mozilla/Makefile +@@ -2,8 +2,11 @@ # Makefile # @@ -11,7 +11,6 @@ + +all: certdata2pem + ./certdata2pem -+ ./remove-expired-certs.sh clean: -rm -f *.crt diff --git a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch index 831708b769f..5181c28f6c2 100644 --- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch +++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch @@ -1,14 +1,13 @@ ---- a/work/sbin/update-ca-certificates 2015-05-29 11:09:43.922158838 +0200 -+++ b/work/sbin/update-ca-certificates 2015-05-29 11:10:06.842632933 +0200 +--- a/ca-certificates/sbin/update-ca-certificates ++++ b/ca-certificates/sbin/update-ca-certificates @@ -24,12 +24,12 @@ verbose=0 fresh=0 default=0 -CERTSCONF=/etc/ca-certificates.conf --CERTSDIR=/usr/share/ca-certificates --LOCALCERTSDIR=/usr/local/share/ca-certificates +CERTSCONF=$DESTDIR/etc/ca-certificates.conf -+CERTSDIR=/usr/share/ca-certificates + CERTSDIR=/usr/share/ca-certificates +-LOCALCERTSDIR=/usr/local/share/ca-certificates +LOCALCERTSDIR=$DESTDIR/usr/local/share/ca-certificates CERTBUNDLE=ca-certificates.crt -ETCCERTSDIR=/etc/ssl/certs diff --git a/srcpkgs/ca-certificates/template b/srcpkgs/ca-certificates/template index 3a158856127..4326cc79f1a 100644 --- a/srcpkgs/ca-certificates/template +++ b/srcpkgs/ca-certificates/template @@ -1,22 +1,21 @@ # Template file for 'ca-certificates' pkgname=ca-certificates -version=20211016+3.86 +version=20230311+3.89.1 revision=1 _nss_version=${version#*+} bootstrap=yes conf_files="/etc/ca-certificates.conf" -create_wrksrc=yes -build_wrksrc="work" +build_wrksrc="ca-certificates" hostmakedepends="openssl" depends="openssl run-parts" short_desc="Common CA certificates for SSL/TLS from Mozilla" -maintainer="Orphaned " +maintainer="Đoàn Trần Công Danh " license="GPL-2.0-or-later, MPL-2.0" homepage="https://wiki.mozilla.org/NSS:Root_certs" distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz" -checksum="2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88 - 3f385fc686476bbba811035fa6821b542475d55747b18c20c221d4d66573b975" +checksum="83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3 + 3adaedb9e70c3c5f40603bf60a01e336190a6dbe01929d395f16b01fe84a0156" post_extract() { cp ${FILESDIR}/* $build_wrksrc/mozilla