Date: Tuesday, December 3, 2019 @ 13:43:45
  Author: maximbaz
Revision: 534938

neomutt: switch from openssl to gnutls dependency

Neomutt can be compiled against openssl (via --ssl) or gnutls (via --gnutls).

We used to depend on openssl, this commit changes the dependency to gnutls for 
the following reasons:

1. When attempting to compile against both openssl and gnutls, neomutt itself 
prefers to use gnutls.
2. Using gnutls allows to use certificate pinning in neomutt via ":set 
ssl_ca_certificates_file=..."

Debian package is also compiled against gnutls, I used it as inspiration for a 
smooth transition.

Namely, to preserve neomutt's integration with default CA cert bundle (by 
ca-certificates package),
the default value for "ssl_ca_certificates_file" is configured in system config 
file /etc/neomuttrc.

Added:
  neomutt/trunk/default-ca-certificates.patch
Modified:
  neomutt/trunk/PKGBUILD

-------------------------------+
 PKGBUILD                      |   20 ++++++++++++++------
 default-ca-certificates.patch |   12 ++++++++++++
 2 files changed, 26 insertions(+), 6 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2019-12-03 13:08:35 UTC (rev 534937)
+++ PKGBUILD    2019-12-03 13:43:45 UTC (rev 534938)
@@ -5,22 +5,30 @@
 # Contributor: Leonidas Spyropoulos <artafi...@gmail.com>
 pkgname=neomutt
 pkgver=20191129
-pkgrel=1
+pkgrel=2
 pkgdesc='A version of mutt with added features'
 url='https://neomutt.org/'
 license=('GPL')
 arch=('x86_64')
-depends=('glibc' 'gpgme' 'lua' 'notmuch-runtime' 'krb5' 'openssl'
+depends=('glibc' 'gpgme' 'lua' 'notmuch-runtime' 'krb5' 'gnutls'
          'libsasl' 'ncurses' 'libidn2' 'lmdb' 'gdbm' 'kyotocabinet')
-optdepends=('python: keybase.py')
+optdepends=('python: keybase.py'
+            'ca-certificates: default CA certificates')
 makedepends=('git' 'gnupg' 'libxslt' 'docbook-xsl' 'w3m')
 _github='https://github.com/neomutt/neomutt'
 source=("$pkgname-$pkgver.tar.gz::$_github/archive/$pkgver.tar.gz"
-        
"$pkgname-$pkgver.tar.gz.sig::$_github/releases/download/$pkgver/$pkgver.tar.gz.sig")
+        
"$pkgname-$pkgver.tar.gz.sig::$_github/releases/download/$pkgver/$pkgver.tar.gz.sig"
+        "default-ca-certificates.patch")
 sha256sums=('c339e17b676d0a9a8db6dd1c9acac3db4b217c6b19050e5a1eec99b1b0b59a2f'
-            'SKIP')
+            'SKIP'
+            '410a364ae8249c969fc321f0f50ecb4603e9443bd73b31f58c8487e6b8b510e0')
 validpgpkeys=('86C2397270DD7A561263CA4E5FAF0A6EE7371805') # Richard Russon 
(flatcap) <r...@flatcap.org>
 
+prepare() {
+    cd "$pkgname-$pkgver"
+    patch -Np1 -i "$srcdir/default-ca-certificates.patch"
+}
+
 build() {
     cd "$pkgname-$pkgver"
     ./configure \
@@ -31,7 +39,7 @@
         --lua \
         --notmuch \
         --gss \
-        --ssl \
+        --gnutls \
         --sasl \
         --with-ui=ncurses \
         --with-idn2=/usr \

Added: default-ca-certificates.patch
===================================================================
--- default-ca-certificates.patch                               (rev 0)
+++ default-ca-certificates.patch       2019-12-03 13:43:45 UTC (rev 534938)
@@ -0,0 +1,12 @@
+--- a/doc/neomuttrc.head
++++ b/doc/neomuttrc.head.new
+@@ -48,6 +48,9 @@ bind browser y exit
+ # be undone with unmime_lookup.
+ mime_lookup application/octet-stream
+
++# System-wide CA file managed by the ca-certificates package
++set ssl_ca_certificates_file="/etc/ssl/certs/ca-certificates.crt"
++
+ ##
+ ## *** DEFAULT SETTINGS FOR THE ATTACHMENTS PATCH ***
+ ##

Reply via email to