commit: ce41bffad3bdb68f535d29f553955357d8b47369 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Fri Nov 26 11:09:16 2021 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Sun Nov 28 14:39:01 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce41bffa
app-misc/ca-certificates: Eliminate the dep on cryptography The dev-python/cryptography package is no longer portable, due to Rust, so avoid the dependency to make ca-certificates portable again. Apparently, it is used only for some upstream QA check. Closes: https://bugs.gentoo.org/827354 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> .../ca-certificates-20211016.3.72.ebuild | 11 ++++----- ...ertificates-20211016.3.72-no-cryptography.patch | 27 ++++++++++++++++++++++ 2 files changed, 32 insertions(+), 6 deletions(-) diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild index 86df307180a7..30183fb5044d 100644 --- a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild +++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild @@ -62,8 +62,6 @@ CDEPEND="app-misc/c_rehash BDEPEND="${CDEPEND}" if ! ${PRECOMPILED} ; then BDEPEND+=" ${PYTHON_DEPS}" - # See bug #821706 - BDEPEND+=" $(python_gen_any_dep 'dev-python/cryptography[${PYTHON_USEDEP}]')" fi DEPEND="" @@ -76,10 +74,6 @@ RDEPEND="${CDEPEND} S=${WORKDIR} -python_check_deps() { - has_version -b "dev-python/cryptography[${PYTHON_USEDEP}]" -} - pkg_setup() { # For the conversion to having it in CONFIG_PROTECT_MASK, # we need to tell users about it once manually first. @@ -126,6 +120,11 @@ src_prepare() { default eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch + + pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die + eapply "${FILESDIR}"/${P}-no-cryptography.patch + popd >/dev/null || die + local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g') sed -i \ -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \ diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch new file mode 100644 index 000000000000..fb98eb2828e7 --- /dev/null +++ b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch @@ -0,0 +1,27 @@ +Remove the dependency on non-portable dev-python/cryptography. +https://bugs.gentoo.org/821706#c4 by Alex Xu + +--- a/mozilla/certdata2pem.py ++++ b/mozilla/certdata2pem.py +@@ -28,8 +28,6 @@ + import textwrap + import io + +-from cryptography import x509 +- + + objects = [] + +@@ -122,12 +120,6 @@ + if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: + continue + +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) +- if cert.not_valid_after < datetime.datetime.now(): +- print('!'*74) +- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL']) +- print('!'*74) +- + bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\ + .replace(' ', '_')\ + .replace('(', '=')\