Date: Tuesday, December 3, 2019 @ 13:43:45 Author: maximbaz Revision: 534938
neomutt: switch from openssl to gnutls dependency Neomutt can be compiled against openssl (via --ssl) or gnutls (via --gnutls). We used to depend on openssl, this commit changes the dependency to gnutls for the following reasons: 1. When attempting to compile against both openssl and gnutls, neomutt itself prefers to use gnutls. 2. Using gnutls allows to use certificate pinning in neomutt via ":set ssl_ca_certificates_file=..." Debian package is also compiled against gnutls, I used it as inspiration for a smooth transition. Namely, to preserve neomutt's integration with default CA cert bundle (by ca-certificates package), the default value for "ssl_ca_certificates_file" is configured in system config file /etc/neomuttrc. Added: neomutt/trunk/default-ca-certificates.patch Modified: neomutt/trunk/PKGBUILD -------------------------------+ PKGBUILD | 20 ++++++++++++++------ default-ca-certificates.patch | 12 ++++++++++++ 2 files changed, 26 insertions(+), 6 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-12-03 13:08:35 UTC (rev 534937) +++ PKGBUILD 2019-12-03 13:43:45 UTC (rev 534938) @@ -5,22 +5,30 @@ # Contributor: Leonidas Spyropoulos <[email protected]> pkgname=neomutt pkgver=20191129 -pkgrel=1 +pkgrel=2 pkgdesc='A version of mutt with added features' url='https://neomutt.org/' license=('GPL') arch=('x86_64') -depends=('glibc' 'gpgme' 'lua' 'notmuch-runtime' 'krb5' 'openssl' +depends=('glibc' 'gpgme' 'lua' 'notmuch-runtime' 'krb5' 'gnutls' 'libsasl' 'ncurses' 'libidn2' 'lmdb' 'gdbm' 'kyotocabinet') -optdepends=('python: keybase.py') +optdepends=('python: keybase.py' + 'ca-certificates: default CA certificates') makedepends=('git' 'gnupg' 'libxslt' 'docbook-xsl' 'w3m') _github='https://github.com/neomutt/neomutt' source=("$pkgname-$pkgver.tar.gz::$_github/archive/$pkgver.tar.gz" - "$pkgname-$pkgver.tar.gz.sig::$_github/releases/download/$pkgver/$pkgver.tar.gz.sig") + "$pkgname-$pkgver.tar.gz.sig::$_github/releases/download/$pkgver/$pkgver.tar.gz.sig" + "default-ca-certificates.patch") sha256sums=('c339e17b676d0a9a8db6dd1c9acac3db4b217c6b19050e5a1eec99b1b0b59a2f' - 'SKIP') + 'SKIP' + '410a364ae8249c969fc321f0f50ecb4603e9443bd73b31f58c8487e6b8b510e0') validpgpkeys=('86C2397270DD7A561263CA4E5FAF0A6EE7371805') # Richard Russon (flatcap) <[email protected]> +prepare() { + cd "$pkgname-$pkgver" + patch -Np1 -i "$srcdir/default-ca-certificates.patch" +} + build() { cd "$pkgname-$pkgver" ./configure \ @@ -31,7 +39,7 @@ --lua \ --notmuch \ --gss \ - --ssl \ + --gnutls \ --sasl \ --with-ui=ncurses \ --with-idn2=/usr \ Added: default-ca-certificates.patch =================================================================== --- default-ca-certificates.patch (rev 0) +++ default-ca-certificates.patch 2019-12-03 13:43:45 UTC (rev 534938) @@ -0,0 +1,12 @@ +--- a/doc/neomuttrc.head ++++ b/doc/neomuttrc.head.new +@@ -48,6 +48,9 @@ bind browser y exit + # be undone with unmime_lookup. + mime_lookup application/octet-stream + ++# System-wide CA file managed by the ca-certificates package ++set ssl_ca_certificates_file="/etc/ssl/certs/ca-certificates.crt" ++ + ## + ## *** DEFAULT SETTINGS FOR THE ATTACHMENTS PATCH *** + ##
