gentoo auto-resync : 06:10:2024 - 04:27:04

3 files changed, 107 insertions, 0 deletions

diff --git a/app-crypt/certbot/Manifest b/app-crypt/certbot/Manifest
index 52eebdc8d382..55c12efb7e98 100644
--- a/app-crypt/certbot/Manifest
+++ b/app-crypt/certbot/Manifest
@@ -1,6 +1,8 @@
+AUX certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch 1795 BLAKE2B 1c518f3e5a541f6e4e43e07db49d5e7e167fb492fb5820d8edacba10f2be8654b3941e1e2eaca274a65c9d00d16216fd6e8d10e3ef6701218186cd6e6a69cc57 SHA512 f98d83618ec89abe5a7a391ece39eca7d80155cf36441525190a2eb8a4c329b2d528d78685f8535490e89e5ca63179f394c8d6712c1df3194bddc242e9e0f700
 DIST certbot-2.10.0.gh.tar.gz 2322931 BLAKE2B cb84815ec2db2b4b365f2f2bdee1749263b540a1b67f9195280bdb122307337d294beb403bc05b236a94ed0782b0d093e2b8527a65cb69cac949fa627388e8bd SHA512 444981952140376808a9aa475a692df91e60fffc6d45902a3f809bc07311a7d6597ad56e712d3dae234450eb1c735db431182e784bc748511e68bf4f5f2d6cbd
 DIST certbot-2.11.0.gh.tar.gz 2322114 BLAKE2B d266483d1ffc9f9274df3d5e389ed961758e77e9455a7324132bb2bfe4896db663642a98ac7250d35fbbd60d6aef0d6d2a58f98ad17130958dcfcd61283c2479 SHA512 ba47fc98faaf47278c58e107356371c06039f70ad539d2ca1ac39462bb45c7a6c55ed525d8bd8b11cd35cf807f3423e19309022751a492ba19ded79cfbb6d7f4
 EBUILD certbot-2.10.0.ebuild 1528 BLAKE2B 545abbd95761600f13ec22cbcf996ca4b1a04a1fb08b0dadcefa9696a35a3765f009733c3a8b153e22d24df223cb778ac05684110188a7886ee3eed2498d472c SHA512 43c0107185d0e36b0630d5b69e77bc32d43c6dcfe254b5fb8d0f92ae105452f3ca4013a6f1a859a85e0e473855d898637eb1938e7fd67fe138eb29700c3cd839
+EBUILD certbot-2.11.0-r1.ebuild 1626 BLAKE2B 70815019ff06a3021bd457a17da96a715d03667a23dec8feff847585fbc9a8d1705387de1e4733b972c554b80e4235c9fc8f83adfa3e61f72a1c55a9fc76886d SHA512 2583eb6fa2063dd8fb44a7cd9d4756ebbef1ec4db9d17c7ad6969920c2def5ec1bf7269a99eb463485421391ca3267e917e22a153aa6f3d24c2be1bc75997be6
 EBUILD certbot-2.11.0.ebuild 1532 BLAKE2B 0fa348ecdb0750887cfd220ae9d55e147771b8fc503f2c8ee5d1004066ed1d4a3dccd804088271e09005939483871012f879e327ded91a5657a0205b7079ec89 SHA512 52bc685c1ab676c4f4dd96d40b3ea990a90b67a6d3977eca3e8bc3c7448f841d3a943458245ab16f217acb8db23882139d7fe6b871b2781e62d447c65d2f8c58
 EBUILD certbot-9999.ebuild 1532 BLAKE2B 0fa348ecdb0750887cfd220ae9d55e147771b8fc503f2c8ee5d1004066ed1d4a3dccd804088271e09005939483871012f879e327ded91a5657a0205b7079ec89 SHA512 52bc685c1ab676c4f4dd96d40b3ea990a90b67a6d3977eca3e8bc3c7448f841d3a943458245ab16f217acb8db23882139d7fe6b871b2781e62d447c65d2f8c58
 MISC metadata.xml 404 BLAKE2B 81266457a8db353ea7c650478797e49ba61828d9cf0116a94fc62e5ee7a87272b25660f45741cf98843cfc2a5c286284b59f568ad8f4ad33d2bce60bc04549dc SHA512 d7b1e2417cba958f59b05cac02fee15e361fe9657f28d53d6308011767637d838dc09dd4ce21ba56d5174af0fa4cb6a7fee5771f780d7127d9de5a9e628172fd
diff --git a/app-crypt/certbot/certbot-2.11.0-r1.ebuild b/app-crypt/certbot/certbot-2.11.0-r1.ebuild
new file mode 100644
index 000000000000..7787932d9c6a
--- /dev/null
+++ b/app-crypt/certbot/certbot-2.11.0-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1
+
+if [[ "${PV}" == *9999 ]]; then
+	inherit git-r3
+
+	EGIT_REPO_URI="https://github.com/certbot/certbot.git"
+	EGIT_SUBMODULES=()
+	EGIT_CHECKOUT_DIR="${WORKDIR}/${P}"
+else
+	SRC_URI="
+		https://github.com/certbot/certbot/archive/v${PV}.tar.gz
+			-> ${P}.gh.tar.gz
+	"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="Let’s Encrypt client to automate deployment of X.509 certificates"
+HOMEPAGE="
+	https://github.com/certbot/certbot/
+	https://pypi.org/project/certbot/
+	https://letsencrypt.org/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+LICENSE="Apache-2.0"
+SLOT="0"
+
+IUSE="selinux"
+
+BDEPEND="
+	test? (
+		dev-python/typing-extensions[${PYTHON_USEDEP}]
+	)
+"
+
+# See certbot/setup.py for acme >= dep
+RDEPEND="
+	>=app-crypt/acme-${PV}[${PYTHON_USEDEP}]
+	>=dev-python/ConfigArgParse-1.5.3[${PYTHON_USEDEP}]
+	>=dev-python/configobj-5.0.6[${PYTHON_USEDEP}]
+	>=dev-python/cryptography-3.2.1[${PYTHON_USEDEP}]
+	>=dev-python/distro-1.0.1[${PYTHON_USEDEP}]
+	>=dev-python/josepy-1.13.0[${PYTHON_USEDEP}]
+	>=dev-python/parsedatetime-2.4[${PYTHON_USEDEP}]
+	dev-python/pyrfc3339[${PYTHON_USEDEP}]
+	>=dev-python/pytz-2019.3[${PYTHON_USEDEP}]
+	selinux? ( sec-policy/selinux-certbot )
+"
+
+PATCHES=(
+	"${FILESDIR}"/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
+)
+
+distutils_enable_sphinx docs \
+	dev-python/sphinx-rtd-theme
+distutils_enable_tests pytest
+
+python_test() {
+	local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1
+	epytest
+}
diff --git a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
new file mode 100644
index 000000000000..b0d59594d03f
--- /dev/null
+++ b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
@@ -0,0 +1,36 @@
+https://github.com/certbot/certbot/issues/9967
+https://bugs.gentoo.org/937889
+--- a/certbot/ocsp.py
++++ b/certbot/ocsp.py
+@@ -4,6 +4,7 @@ from datetime import timedelta
+ import logging
+ import re
+ import subprocess
++import warnings
+ from subprocess import PIPE
+ from typing import Optional
+ from typing import Tuple
+@@ -235,12 +236,17 @@ def _check_ocsp_response(response_ocsp: 'ocsp.OCSPResponse', request_ocsp: 'ocsp
+     # https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391
+     # thisUpdate/nextUpdate are expressed in UTC/GMT time zone
+     now = datetime.now(pytz.UTC).replace(tzinfo=None)
+-    if not response_ocsp.this_update:
+-        raise AssertionError('param thisUpdate is not set.')
+-    if response_ocsp.this_update > now + timedelta(minutes=5):
+-        raise AssertionError('param thisUpdate is in the future.')
+-    if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
+-        raise AssertionError('param nextUpdate is in the past.')
++    with warnings.catch_warnings():
++        # Workaround for deprecation warnings w/ newer cryptography
++        # https://github.com/certbot/certbot/issues/9967 (bug #937889)
++        warnings.filterwarnings("ignore",category=DeprecationWarning)
++
++        if not response_ocsp.this_update:
++            raise AssertionError('param thisUpdate is not set.')
++        if response_ocsp.this_update > now + timedelta(minutes=5):
++            raise AssertionError('param thisUpdate is in the future.')
++        if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
++            raise AssertionError('param nextUpdate is in the past.')
+ 
+ 
+ def _check_ocsp_response_signature(response_ocsp: 'ocsp.OCSPResponse',