commit:     b2cae8b25d30cee6412433139fbc323f08cffb8a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 07:38:15 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 07:40:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2cae8b2

app-misc/ca-certificates: Fixed removal of untrusted certs (#616002).

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 .../ca-certificates/ca-certificates-20161130.3.30.2.ebuild     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild 
b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
index a72077ebef8..45efcd9d581 100644
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -138,9 +138,15 @@ src_compile() {
        fi
 
        if ! use insecure_certs ; then
+               elog "To prevent applications relying on system's trusted root 
certificate store"
+               elog "from using CAs where at least one major browser vendor 
Gentoo is following"
+               elog "has decided to apply trust level restrictions, the 
following"
+               elog "certificate(s) were removed:"
                # Remove untrusted certs from StartCom and WoSign (bug #598072)
-               rm "${c}"/mozilla/StartCom* || die
-               rm "${c}"/mozilla/WoSign* || die
+               elog "$(find "${c}" -type f \( \
+                       -iname '*startcom*' \
+                       -o -iname '*wosign*' \
+                       \) -printf '%P removed; see 
https://bugs.gentoo.org/598072 for details\n' -delete)"
        fi
 
        (

Reply via email to