ca-certificates: update to 20230311+3.89.1.

Also stop remove expired certs, for reproducibility.
2023-05-09 22:53:18 +07:00 · 2023-05-09 22:53:18 +07:00 · a49e28c78c
parent 229997b87e
commit a49e28c78c
5 changed files with 12 additions and 80 deletions
--- a/srcpkgs/ca-certificates/files/remove-expired-certs.sh
+++ b/srcpkgs/ca-certificates/files/remove-expired-certs.sh
@ -1,51 +0,0 @@
 #!/bin/sh
 # Begin remove-expired-certs.sh
 #
 # Version 20120211
 # Make sure the date is parsed correctly on all systems
 mydate()
 {
  local y=$( echo $1 | cut -d" " -f4 )
  local M=$( echo $1 | cut -d" " -f1 )
  local d=$( echo $1 | cut -d" " -f2 )
  local m
  [ -z "${d}" ] && d="0"
  [ "${d}" -lt 10 ] && d="0${d}"
  case $M in
    Jan) m="01";;
    Feb) m="02";;
    Mar) m="03";;
    Apr) m="04";;
    May) m="05";;
    Jun) m="06";;
    Jul) m="07";;
    Aug) m="08";;
    Sep) m="09";;
    Oct) m="10";;
    Nov) m="11";;
    Dec) m="12";;
  esac
  certdate="${y}${m}${d}"
 }
 DIR="$1"
 [ -z "$DIR" ] && DIR=$(pwd)
 today=$(date +%Y%m%d)
 find ${DIR} -type f -a -iname "*.crt" -printf "%p\n" | while read cert; do
  notafter=$(/usr/bin/openssl x509 -enddate -in "${cert}" -noout)
  date=$( echo ${notafter} |  sed 's/^notAfter=//' )
  mydate "$date"
  if [ ${certdate} -lt ${today} ]; then
     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
     echo "EXPIRED CERTIFICATE FOUND $certdate: \"$(basename ${cert})\""
     echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
     rm -f "${cert}"
  fi
 done
--- a/srcpkgs/ca-certificates/patches/busybox-flags.patch
+++ b/srcpkgs/ca-certificates/patches/busybox-flags.patch
@ -1,14 +0,0 @@
 diff --git a/sbin/update-ca-certificates b/sbin/update-ca-certificates
 --- a/work/sbin/update-ca-certificates
 +++ b/work/sbin/update-ca-certificates
@@ -81,8 +81,8 @@ trap cleanup 0
 # Helper files.  (Some of them are not simple arrays because we spawn
 # subshells later on.)
 TEMPBUNDLE="${ETCCERTSDIR}/${CERTBUNDLE}.new"
 -ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
 -REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
 +ADDED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
 +REMOVED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
 # Adds a certificate to the list of trusted ones.  This includes a symlink
 # in /etc/ssl/certs to the certificate file and its inclusion into the
--- a/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
+++ b/srcpkgs/ca-certificates/patches/drop-python-dependency.patch
@ -1,6 +1,6 @@
--- ca-certificates-20210119+3.67.orig/work/mozilla/Makefile
+--- a/ca-certificates/mozilla/Makefile
-+++ ca-certificates-20210119+3.67/work/mozilla/Makefile
+++ b/ca-certificates/mozilla/Makefile
-@@ -2,8 +2,12 @@
+@@ -2,8 +2,11 @@
 # Makefile
 #
@ -11,7 +11,6 @@
 +
 +all: certdata2pem
 +	./certdata2pem
 +	./remove-expired-certs.sh
 clean:
 	-rm -f *.crt
--- a/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
+++ b/srcpkgs/ca-certificates/patches/update-ca-certificates-destdir.patch
@ -1,14 +1,13 @@
--- a/work/sbin/update-ca-certificates	2015-05-29 11:09:43.922158838 +0200
+--- a/ca-certificates/sbin/update-ca-certificates
-+++ b/work/sbin/update-ca-certificates	2015-05-29 11:10:06.842632933 +0200
+++ b/ca-certificates/sbin/update-ca-certificates
@@ -24,12 +24,12 @@
 verbose=0
 fresh=0
 default=0
 -CERTSCONF=/etc/ca-certificates.conf
 -CERTSDIR=/usr/share/ca-certificates
 -LOCALCERTSDIR=/usr/local/share/ca-certificates
 +CERTSCONF=$DESTDIR/etc/ca-certificates.conf
-+CERTSDIR=/usr/share/ca-certificates
+ CERTSDIR=/usr/share/ca-certificates
 -LOCALCERTSDIR=/usr/local/share/ca-certificates
 +LOCALCERTSDIR=$DESTDIR/usr/local/share/ca-certificates
 CERTBUNDLE=ca-certificates.crt
 -ETCCERTSDIR=/etc/ssl/certs
--- a/srcpkgs/ca-certificates/template
+++ b/srcpkgs/ca-certificates/template
@ -1,22 +1,21 @@
 # Template file for 'ca-certificates'
 pkgname=ca-certificates
-version=20211016+3.86
+version=20230311+3.89.1
 revision=1
 _nss_version=${version#*+}
 bootstrap=yes
 conf_files="/etc/ca-certificates.conf"
-create_wrksrc=yes
+build_wrksrc="ca-certificates"
 build_wrksrc="work"
 hostmakedepends="openssl"
 depends="openssl run-parts"
 short_desc="Common CA certificates for SSL/TLS from Mozilla"
-maintainer="Orphaned <orphan@voidlinux.org>"
+maintainer="Đoàn Trần Công Danh <congdanhqx@gmail.com>"
 license="GPL-2.0-or-later, MPL-2.0"
 homepage="https://wiki.mozilla.org/NSS:Root_certs"
 distfiles="${DEBIAN_SITE}/main/c/${pkgname}/${pkgname}_${version%+*}.tar.xz
 ${MOZILLA_SITE}/security/nss/releases/NSS_${_nss_version//\./_}_RTM/src/nss-${_nss_version}.tar.gz"
-checksum="2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88
+checksum="83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3
- 3f385fc686476bbba811035fa6821b542475d55747b18c20c221d4d66573b975"
+ 3adaedb9e70c3c5f40603bf60a01e336190a6dbe01929d395f16b01fe84a0156"
 post_extract() {
 	cp ${FILESDIR}/* $build_wrksrc/mozilla