diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-03-02 05:41:39 +0000 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-03-02 05:41:39 +0000 |
commit | a4036575de835600b3085b97974d0766ef7c7bc2 (patch) | |
tree | 545e8444bbb80f76c5faf48f8fef3719b931fd44 /app-misc/ca-certificates/files | |
parent | 1331637681273dc8391d7a7caa6175405dceb735 (diff) |
gentoo auto-resync : 02:03:2024 - 05:41:39
Diffstat (limited to 'app-misc/ca-certificates/files')
2 files changed, 45 insertions, 27 deletions
diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch deleted file mode 100644 index fb98eb2828e7..000000000000 --- a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch +++ /dev/null @@ -1,27 +0,0 @@ -Remove the dependency on non-portable dev-python/cryptography. -https://bugs.gentoo.org/821706#c4 by Alex Xu - ---- a/mozilla/certdata2pem.py -+++ b/mozilla/certdata2pem.py -@@ -28,8 +28,6 @@ - import textwrap - import io - --from cryptography import x509 -- - - objects = [] - -@@ -122,12 +120,6 @@ - if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: - continue - -- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) -- if cert.not_valid_after < datetime.datetime.now(): -- print('!'*74) -- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) -- print('!'*74) -- - bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ - .replace(' ', '_')\ - .replace('(', '=')\ diff --git a/app-misc/ca-certificates/files/ca-certificates-20240203.3.98-update-ca-certificates-drop-pointless-dependency.patch b/app-misc/ca-certificates/files/ca-certificates-20240203.3.98-update-ca-certificates-drop-pointless-dependency.patch new file mode 100644 index 000000000000..55c082595579 --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20240203.3.98-update-ca-certificates-drop-pointless-dependency.patch @@ -0,0 +1,45 @@ +From c33e85bc2fe61e66e2fa5c2ab0efc4277b7cef5e Mon Sep 17 00:00:00 2001 +From: Eli Schwartz <eschwartz93@gmail.com> +Date: Mon, 29 Jan 2024 21:54:04 -0500 +Subject: [PATCH] update-ca-certificates: drop pointless dependency on external + run-parts + +This external program belongs to debianutils and hence is used +internally by the update-ca-certificates script synced from Debian. + +It has a couple utilities: +- it sorts files in a directory with LC_ALL=C +- it runs each of them in turn +- it can print them instead of running them + +Here, it's used for sorting and printing the scripts to run. They need +to each accept some stdin, so run-parts cannot actually be used for +dispatch. But this functionality works fine directly from a shell, so +the additional dependency honestly seems frivolous. In particular, this +is the only reason why all Debian systems have debianutils installed, +through openssl. (This is in contrast to Debian, where debianutils is +part of the essential system set and provides a vastly greater number of +programs than the ones Gentoo repackages.) + +It's very easy to replace with `printf %s\\n *`, so do so. Even if it +wasn't easy to replace with printf, it would be easy to replace with +`for x in *; "$x"; done` instead. +--- + image/usr/sbin/update-ca-certificates | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/image/usr/sbin/update-ca-certificates b/image/usr/sbin/update-ca-certificates +index bb5aa54..fbf1ee2 100755 +--- a/image/usr/sbin/update-ca-certificates ++++ b/image/usr/sbin/update-ca-certificates +@@ -218,8 +218,9 @@ then + echo "Running hooks in $HOOKSDIR..." + VERBOSE_ARG= + [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" +- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook ++ ( LC_ALL=C; printf %s\\n "$HOOKSDIR"/* ) | while read hook + do ++ [ -f "$hook" ] || continue + ( cat "$ADDED" + cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." + done |