[packages/ca-certificates] up to 20230311
atler
atler at pld-linux.org
Sun Mar 12 16:35:26 CET 2023
commit 9c97289131039baa464a302b57c1a31ac0fd013b
Author: Jan Palus <atler at pld-linux.org>
Date: Sun Mar 12 16:35:07 2023 +0100
up to 20230311
blacklist.patch | 9 ---------
ca-certificates-etc-certs.patch | 4 ++--
ca-certificates.spec | 24 ++++++++++--------------
py_cryptography35.patch | 29 -----------------------------
4 files changed, 12 insertions(+), 54 deletions(-)
---
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 4233376..3808a14 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -11,13 +11,13 @@
Summary: Common CA Certificates PEM files
Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
Name: ca-certificates
-%define ver_date 20211016
+%define ver_date 20230311
Version: %{ver_date}
-Release: 3
+Release: 1
License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
Group: Base
Source0: http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
-# Source0-md5: 5cce77de047611c4b9384d4ce52d9204
+# Source0-md5: fc1c3ec0067385f0be8ac7f6e670a0f8
Source2: http://www.certum.pl/keys/CA.pem
# Source2-md5: 35610177afc9c64e70f1ce62c1885496
Source14: http://www.certum.pl/CTNCA.pem
@@ -57,11 +57,9 @@ Source36: http://www.terena.org/activities/tcs/repository-g3/TERENA_SSL_High_Ass
Patch0: %{name}-undebianize.patch
Patch1: %{name}-more-certs.patch
Patch2: %{name}-etc-certs.patch
-Patch3: py_cryptography35.patch
-Patch4: blacklist.patch
-Patch5: %{name}-DESTDIR.patch
-Patch6: %{name}.d.patch
-Patch7: no-openssl-rehash.patch
+Patch3: %{name}-DESTDIR.patch
+Patch4: %{name}.d.patch
+Patch5: no-openssl-rehash.patch
URL: https://packages.debian.org/sid/ca-certificates
BuildRequires: openssl-tools
BuildRequires: python3
@@ -106,15 +104,13 @@ Skrypt i dane do odświeżania bazy certyfikatów CA.
%prep
%setup -qc
-cd work
+cd ca-certificates
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
-%patch6 -p1
-%patch7 -p1
%{__sed} -i -e 's, at openssldir@,%{openssldir},' sbin/update-ca-certificates*
@@ -137,7 +133,7 @@ install -d esteid
cp -pi %{SOURCE29} esteid/ESTEID-SK_2011.crt
%build
-cd work
+cd ca-certificates
install -d terena
openssl x509 -inform DER -in %{SOURCE23} -outform PEM -out terena/$(basename %{SOURCE23})
openssl x509 -inform DER -in %{SOURCE24} -outform PEM -out terena/$(basename %{SOURCE24})
@@ -180,7 +176,7 @@ make_sure_expired_and_rm() {
%install
rm -rf $RPM_BUILD_ROOT
-cd work
+cd ca-certificates
install -d $RPM_BUILD_ROOT{%{_datadir}/%{name},%{_sbindir},%{certsdir},/etc/pki/tls/certs,%{_sysconfdir}/ca-certificates.d}
%{__make} install \
DESTDIR=$RPM_BUILD_ROOT
@@ -254,7 +250,7 @@ end
%files
%defattr(644,root,root,755)
-%doc work/debian/{README.Debian,changelog}
+%doc ca-certificates/debian/{README.Debian,changelog}
%dir /etc/pki/tls
%dir /etc/pki/tls/certs
%dir /etc/ssl
diff --git a/blacklist.patch b/blacklist.patch
deleted file mode 100644
index 8cf9172..0000000
--- a/blacklist.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- work/mozilla/blacklist.txt.orig 2021-10-07 17:12:47.000000000 +0200
-+++ work/mozilla/blacklist.txt 2021-10-09 22:48:50.449155614 +0200
-@@ -10,3 +10,6 @@
-
- # Expired CA (#995432)
- "DST Root CA X3"
-+
-+# Negative serial number (python crytography fails to parse it)
-+"EC-ACC"
diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch
index 17c543c..597a163 100644
--- a/ca-certificates-etc-certs.patch
+++ b/ca-certificates-etc-certs.patch
@@ -17,8 +17,8 @@
# subshells later on.)
-TEMPBUNDLE="${ETCCERTSDIR}/${CERTBUNDLE}.new"
+TEMPBUNDLE="${CERTBUNDLE}.new"
- ADDED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
- REMOVED="$(mktemp --tmpdir "ca-certificates.tmp.XXXXXX")"
+ ADDED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
+ REMOVED="$(mktemp -p "${TMPDIR:-/tmp}" "ca-certificates.tmp.XXXXXX")"
@@ -62,7 +62,7 @@
# bundle.
diff --git a/py_cryptography35.patch b/py_cryptography35.patch
deleted file mode 100644
index f4015d6..0000000
--- a/py_cryptography35.patch
+++ /dev/null
@@ -1,29 +0,0 @@
---- work/mozilla/certdata2pem.py.orig 2021-10-07 17:12:47.000000000 +0200
-+++ work/mozilla/certdata2pem.py 2021-10-09 22:27:49.300281185 +0200
-@@ -29,7 +29,13 @@
- import io
-
- from cryptography import x509
-+import cryptography
-+from packaging import version
-
-+if version.parse(cryptography.__version__) >= version.parse("35.0.0"):
-+ use_bytes=True
-+else:
-+ use_bytes=False
-
- objects = []
-
-@@ -122,7 +128,11 @@
- if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
- continue
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if use_bytes:
-+ cka_value = bytes(obj['CKA_VALUE'])
-+ else:
-+ cka_value = obj['CKA_VALUE']
-+ cert = x509.load_der_x509_certificate(cka_value)
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ca-certificates.git/commitdiff/9c97289131039baa464a302b57c1a31ac0fd013b
More information about the pld-cvs-commit
mailing list