This unfortunately made oe-core master before I had the chance to ask: how was the SRCREV determined? There is no '2024023' tag in the repo, so where did the tag and the hash come from?
I'd appreciate if you send a followup patch including the relevant links as a comment just above SRCREV line for future reference/updates. Alex On Wed, 24 Jul 2024 at 16:53, Theodore A. Roth <[email protected]> wrote: > > The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian > Trixie (testing). > > Signed-off-by: Theodore A. Roth <[email protected]> > Signed-off-by: Theodore A. Roth <[email protected]> > --- > ...mozilla-certdata2pem.py-print-a-warning-for-e.patch | 10 +++++----- > ...ca-certificates-don-t-use-Debianisms-in-run-p.patch | 6 +++--- > ...ficates_20211016.bb => ca-certificates_20240203.bb} | 2 +- > 3 files changed, 9 insertions(+), 9 deletions(-) > rename meta/recipes-support/ca-certificates/{ca-certificates_20211016.bb => > ca-certificates_20240203.bb} (98%) > > diff --git > a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch > > b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch > index 5c4a32f526..78898f5150 100644 > --- > a/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch > +++ > b/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch > @@ -19,7 +19,7 @@ diff --git a/debian/changelog b/debian/changelog > index 531e4d0..4006509 100644 > --- a/debian/changelog > +++ b/debian/changelog > -@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low > +@@ -120,7 +120,6 @@ ca-certificates (20211004) unstable; urgency=low > - "Trustis FPS Root CA" > - "Staat der Nederlanden Root CA - G3" > * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) > @@ -37,9 +37,9 @@ index 4434b7a..5c6ba24 100644 > Build-Depends: debhelper-compat (= 13), po-debconf > -Build-Depends-Indep: python3, openssl, python3-cryptography > +Build-Depends-Indep: python3, openssl > - Standards-Version: 4.5.0.2 > + Standards-Version: 4.6.2 > + Rules-Requires-Root: no > Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git > - Vcs-Browser: https://salsa.debian.org/debian/ca-certificates > diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py > index ede23d4..7d796f1 100644 > --- a/mozilla/certdata2pem.py > @@ -66,8 +66,8 @@ index ede23d4..7d796f1 100644 > if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]: > continue > - > -- cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) > -- if cert.not_valid_after < datetime.datetime.now(): > +- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE'])) > +- if cert.not_valid_after < datetime.datetime.utcnow(): > - print('!'*74) > - print('Trusted but expired certificate found: %s' % > obj['CKA_LABEL']) > - print('!'*74) > diff --git > a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch > > b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch > index 4a8ae5f4b5..1feefeb96a 100644 > --- > a/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch > +++ > b/meta/recipes-support/ca-certificates/ca-certificates/0001-update-ca-certificates-don-t-use-Debianisms-in-run-p.patch > @@ -21,14 +21,14 @@ Index: git/sbin/update-ca-certificates > =================================================================== > --- git.orig/sbin/update-ca-certificates > +++ git/sbin/update-ca-certificates > -@@ -191,9 +191,7 @@ if [ -d "$HOOKSDIR" ] > +@@ -202,9 +202,7 @@ if [ -d "$HOOKSDIR" ] > then > > echo "Running hooks in $HOOKSDIR..." > - VERBOSE_ARG= > - [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" > -- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook > -+ eval run-parts --test "$HOOKSDIR" | while read hook > +- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook > ++ eval run-parts --test "$HOOKSDIR" | while read -r hook > do > ( cat "$ADDED" > cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." > diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb > b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb > similarity index 98% > rename from meta/recipes-support/ca-certificates/ca-certificates_20211016.bb > rename to meta/recipes-support/ca-certificates/ca-certificates_20240203.bb > index 99abe60613..b198ea77a9 100644 > --- a/meta/recipes-support/ca-certificates/ca-certificates_20211016.bb > +++ b/meta/recipes-support/ca-certificates/ca-certificates_20240203.bb > @@ -14,7 +14,7 @@ DEPENDS:class-nativesdk = "openssl-native" > # Need rehash from openssl and run-parts from debianutils > PACKAGE_WRITE_DEPS += "openssl-native debianutils-native" > > -SRCREV = "07de54fdcc5806bde549e1edf60738c6bccf50e8" > +SRCREV = "ee6e0484031314090a11c04ee82689acb73d7ad8" > > SRC_URI = > "git://salsa.debian.org/debian/ca-certificates.git;protocol=https;branch=master > \ > file://0002-update-ca-certificates-use-SYSROOT.patch \ > -- > 2.34.1 >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#202570): https://lists.openembedded.org/g/openembedded-core/message/202570 Mute This Topic: https://lists.openembedded.org/mt/107524709/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
