subject:"\[gentoo\-commits\] repo\/gentoo\:master commit in\: app\-misc\/ca\-certificates\/files\/"

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

2024-03-01 Thread Sam James

commit: 2d839da180554b5e76f8a5869378fcf73fcfcf64
Author: Sam James  gentoo  org>
AuthorDate: Sat Mar  2 01:15:31 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Mar  2 01:15:31 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d839da1

app-misc/ca-certificates: add 20240203.3.98

Signed-off-by: Sam James  gentoo.org>

 app-misc/ca-certificates/Manifest  |   2 +
 .../ca-certificates-20240203.3.98.ebuild   | 201 +
 ...ca-certificates-drop-pointless-dependency.patch |  45 +
 3 files changed, 248 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest 
b/app-misc/ca-certificates/Manifest
index 8730e479b3ba..77c3d12321e3 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,6 @@
 DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B 
b807a6415126afdc11896efea8e6509d7ad58b26bc8562b276e93176e80bb8b467a5bd2ba948d3dbbeaf0e4477d93f3ea2b99d3186e856fb47d1033cb779d560
 SHA512 
00571bdc87897813fd7dbe024f3a186cfc9f0d4f55e92545a90888c9e5282f99cb8d75b5932c034731b911bf27a9b38fd7d062dd511eb1152acf8b2811490fa7
+DIST ca-certificates_20240203.tar.xz 263276 BLAKE2B 
44d22aa91fe589e2ae67cb32c6594f1252e99d4460969bf7c925e7047178168c8881c2c93d6c63171059239e34aeea73b95f135f6b60a4e2fa61caa1ddfa3c44
 SHA512 
e9d7b5283c2be9425d18eb4a9b54b1fa54db0b9d1bdb28f9c6db7f8b2e03fd93442ac973f9b024b7a148d71ac2789edbc1207c2048ce4be589eb1a5376640670
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 
2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c
 SHA512 
fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-3.97.tar.gz 76664827 BLAKE2B 
ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6
 SHA512 
1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
+DIST nss-3.98.tar.gz 76685475 BLAKE2B 
d382cc65e450b5b7d6b152952a8188822eab5fdbaa0faeefc3f98ef5aa70ed7534abcb7114aaa25c1e49f89dcda7cf75d85957d1a8e5ff964599362757138cb4
 SHA512 
4f335c5c284eff6424745cc15e32037715a915f6f61687ec36a8ffaef0e45d152602a1be275bbb2f14650c7d258d6488430cdcf512b18ba7cb73cd43ac625681
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 
7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d
 SHA512 
1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild 
b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
new file mode 100644
index ..d159923c9a9b
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+   # Compile from source ourselves.
+   PRECOMPILED=false
+
+   DEB_VER=$(ver_cut 1)
+   NSS_VER=$(ver_cut 2-)
+   RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+   # Debian precompiled version.
+   PRECOMPILED=true
+   inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates;
+NMU_PR=""
+if ${PRECOMPILED} ; then
+   
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+   SRC_URI="
+   
mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+   
https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+   cacert? (
+

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

2024-01-29 Thread Sam James

commit: 6e6ccafd58bc7401fa371d2f255d72ddae0131e6
Author: Eli Schwartz  gmail  com>
AuthorDate: Tue Jan 30 04:24:23 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Tue Jan 30 05:09:51 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e6ccafd

app-misc/ca-certificates: drop pointless dependency on debianutils

It is used internally by the debian script update-ca-certificates,
because on Debian, debianutils is "essential". But on Gentoo it is not,
and this is the only package that is essentially unavoidable and drags
it in. There is also kernel packages, but that is potentially
avoidable...

Patch out the script to use a trivial bash construct which is even
shorter than shelling out to an external program, and allows dropping
this dependency.

Signed-off-by: Eli Schwartz  gmail.com>
Signed-off-by: Sam James  gentoo.org>

 .../ca-certificates-20230311.3.96.1-r1.ebuild  | 201 +
 ...ertificates-drop-pointless-dependency-on-.patch |  46 +
 2 files changed, 247 insertions(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r1.ebuild 
b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r1.ebuild
new file mode 100644
index ..677373ebda39
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r1.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+   # Compile from source ourselves.
+   PRECOMPILED=false
+
+   DEB_VER=$(ver_cut 1)
+   NSS_VER=$(ver_cut 2-)
+   RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+   # Debian precompiled version.
+   PRECOMPILED=true
+   inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates;
+NMU_PR=""
+if ${PRECOMPILED} ; then
+   
SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+   SRC_URI="
+   
mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+   
https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+   cacert? (
+   
https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+   )
+   "
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos 
~x64-macos ~x64-solaris"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+   BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+   DEPEND+=" !/dev/null || die
+   eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+   popd >/dev/null || die
+   fi
+   fi
+
+   default
+   eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+   eapply -p2 
"${FILESDIR}"/0001-update-ca-certificates-drop-pointless-dependency-on-.patch
+
+   pushd "${S}/${PN}" >/dev/null || die
+   # We patch out the dep on cryptography as it's not particularly useful
+   # for us. Please see the discussion in bug #821706. Not to be removed 
lightly!
+   eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+   popd >/dev/null || die
+
+   local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+   sed -i \
+   -e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+   -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+   usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+   cd "image/${EPREFIX}" || die
+
+   if ! ${PRECOMPILED} ; then
+   local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+   # Grab the database from the nss sources.
+   cp

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

2016-03-20 Thread Mike Frysinger

commit: 899fae43aa70ee77e338e8fbaa5f83950a6b8213
Author: Mike Frysinger  gentoo  org>
AuthorDate: Mon Mar 21 00:05:05 2016 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Mon Mar 21 02:38:59 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=899fae43

app-misc/ca-certificates: drop old <20151214.3.21 versions

 app-misc/ca-certificates/Manifest  |   7 -
 .../ca-certificates-20140927.3.17.2.ebuild | 186 
 .../ca-certificates-20141019.3.17.4.ebuild | 186 
 .../ca-certificates-20141019.3.19-r1.ebuild| 190 
 .../ca-certificates-20141019.3.19.ebuild   | 186 
 .../ca-certificates-20150426.3.20-r1.ebuild| 189 
 .../ca-certificates-20150426.3.20.ebuild   | 193 -
 .../files/ca-certificates-20110502-root.patch  | 110 
 .../files/ca-certificates-20141019-root.patch  | 116 -
 ...ertificates-20150426-nss-certdata2pem-py3.patch |  97 ---
 10 files changed, 1460 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest 
b/app-misc/ca-certificates/Manifest
index ba808a2..60ecc83 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,11 +1,4 @@
-DIST ca-certificates_20140927.tar.xz 288824 SHA256 
e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 
3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b
 WHIRLPOOL 
e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270
-DIST ca-certificates_20141019.tar.xz 289092 SHA256 
684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 
5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b
 WHIRLPOOL 
6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
-DIST ca-certificates_20150426.tar.xz 303256 SHA256 
37dbaa93ed64cc4ae93ac295f9248fbc741bd51376438cfb1257f17efab5494f SHA512 
920dfc512c018c5338bf07b6a6afcb664d9bfba659d4233ca9e87471d5e0ed05de054c96f3d7e6091549aa6deb46106a79f7f982696081f9b2164e18133eb34d
 WHIRLPOOL 
6d068fa13ffdb1b232b1cdb99063e52e52ee9f4cd44917f4eca263f36b5d4fa3c261b45bbf51143fc08965937adc477afd88c9a909300b619d42ae72b4c4acd9
 DIST ca-certificates_20151214.tar.xz 293672 SHA256 
59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 
acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac
 WHIRLPOOL 
c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
 DIST ca-certificates_20160104.tar.xz 293632 SHA256 
09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 
4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a
 WHIRLPOOL 
8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 
82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 
2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00
 WHIRLPOOL 
c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.17.2.tar.gz 6927414 SHA256 
134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 
a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f
 WHIRLPOOL 
01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
-DIST nss-3.17.4.tar.gz 6924699 SHA256 
1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 
dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89
 WHIRLPOOL 
bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
-DIST nss-3.19.tar.gz 6951461 SHA256 
989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 
e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14
 WHIRLPOOL 
3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c
-DIST nss-3.20.tar.gz 692 SHA256 
5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/

2015-09-28 Thread Mike Frysinger

commit: 751d0f79973aa5c2918b386e814aa3eda17df27b
Author: Mike Frysinger  gentoo  org>
AuthorDate: Tue Sep 29 00:37:37 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Tue Sep 29 00:38:38 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=751d0f79

app-misc/ca-certificates: rework py3 patch a bit more #561586

Rework some of the codec logic to make sure we can read files when
in a non-UTF8 locale (like LANG=C), and it works w/py2.7 and py3.4.

 ...certificates-20150426-nss-certdata2pem-py3.patch | 21 ++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git 
a/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
 
b/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
index 300ce47..d639aef 100644
--- 
a/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
+++ 
b/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
@@ -3,6 +3,19 @@ https://bugs.gentoo.org/548374
 
 --- a/ca-certificates/mozilla/certdata2pem.py
 +++ b/ca-certificates/mozilla/certdata2pem.py
+@@ -31,7 +31,11 @@ objects = []
+ # Dirty file parser.
+ in_data, in_multiline, in_obj = False, False, False
+ field, type, value, obj = None, None, None, dict()
+-for line in open('certdata.txt', 'r'):
++try:
++f = open('certdata.txt', 'r', encoding='utf-8')
++except TypeError:
++f = open('certdata.txt', 'r')
++for line in f:
+ # Ignore the file header.
+ if not in_data:
+ if line.startswith('BEGINDATA'):
 @@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
  if type == 'MULTILINE_OCTAL':
  line = line.strip()
@@ -62,17 +75,19 @@ https://bugs.gentoo.org/548374
.replace(')', '=')\
.replace(',', '_')
 -bname = bname.decode('string_escape')
+-fname = bname + '.crt'
 +
 +# this is the only way to decode the way NSS stores multi-byte UTF-8
 +if bytes != str:
 +bname = bname.encode('utf-8')
 +bname = 
bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
- fname = bname + '.crt'
++fname = (bname + '.crt').encode('utf-8')
 +
  if os.path.exists(fname):
 -print "Found duplicate certificate name %s, renaming." % bname
-+print("Found duplicate certificate name %s, renaming." % bname)
- fname = bname + '_2.crt'
+-fname = bname + '_2.crt'
++print("Found duplicate certificate name %s, renaming." % fname)
++fname = (bname + '_2.crt').encode('utf-8')
  f = open(fname, 'w')
  f.write("-BEGIN CERTIFICATE-\n")
 -f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 
64)))

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

2015-09-26 Thread Mike Frysinger

commit: 6e28397b91d9a84ccc36f8fdb3499f747d50e3d9
Author: Mike Frysinger  gentoo  org>
AuthorDate: Sat Sep 26 16:23:38 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Sat Sep 26 17:45:28 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e28397b

app-misc/ca-certificates: add python 3 support #548374

Patch taken from Debian bug report.

 .../ca-certificates-20150426.3.20.ebuild   |  5 +-
 ...ertificates-20150426-nss-certdata2pem-py3.patch | 82 ++
 2 files changed, 86 insertions(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild 
b/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
index 2431504..c37ecde 100644
--- a/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
@@ -26,7 +26,7 @@
 #   
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS=CA%20Certificates=trunk
 
 EAPI="4"
-PYTHON_COMPAT=( python2_7 )
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
 
 inherit eutils python-any-r1
 
@@ -123,6 +123,9 @@ src_prepare() {
-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
usr/sbin/update-ca-certificates || die
+
+   cd "${S}"
+   epatch "${FILESDIR}"/${PN}-20150426-nss-certdata2pem-py3.patch #548374
 }
 
 src_compile() {

diff --git 
a/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
 
b/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
new file mode 100644
index 000..300ce47
--- /dev/null
+++ 
b/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
@@ -0,0 +1,82 @@
+https://bugs.debian.org/789753
+https://bugs.gentoo.org/548374
+
+--- a/ca-certificates/mozilla/certdata2pem.py
 b/ca-certificates/mozilla/certdata2pem.py
+@@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
+ if type == 'MULTILINE_OCTAL':
+ line = line.strip()
+ for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
+-value += chr(int(i.group(1), 8))
++value.append(int(i.group(1), 8))
+ else:
+ value += line
+ continue
+@@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'):
+ field, type = line_parts
+ value = None
+ else:
+-raise NotImplementedError, 'line_parts < 2 not supported.'
++raise NotImplementedError('line_parts < 2 not supported.')
+ if type == 'MULTILINE_OCTAL':
+ in_multiline = True
+-value = ""
++value = bytearray()
+ continue
+ obj[field] = value
+-if len(obj.items()) > 0:
++if len(obj) > 0:
+ objects.append(obj)
+ 
+ # Read blacklist.
+@@ -95,7 +95,7 @@ for obj in objects:
+ if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
+ continue
+ if obj['CKA_LABEL'] in blacklist:
+-print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
++print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
+ elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
+   'CKT_NSS_TRUSTED_DELEGATOR'):
+ trust[obj['CKA_LABEL']] = True
+@@ -104,13 +104,13 @@ for obj in objects:
+ trust[obj['CKA_LABEL']] = True
+ elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
+   'CKT_NSS_NOT_TRUSTED'):
+-print '!'*74
+-print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % 
obj['CKA_LABEL']
+-print '!'*74
++print('!'*74)
++print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % 
obj['CKA_LABEL'])
++print('!'*74)
+ else:
+-print "Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
++print("Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
+   (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
+-   obj['CKA_TRUST_EMAIL_PROTECTION'])
++   obj['CKA_TRUST_EMAIL_PROTECTION']))
+ 
+ for obj in objects:
+ if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
+@@ -121,13 +121,19 @@ for obj in objects:
+   .replace('(', '=')\
+   .replace(')', '=')\
+   .replace(',', '_')
+-bname = bname.decode('string_escape')
++
++# this is the only way to decode the way NSS stores multi-byte UTF-8
++if bytes != str:
++bname = bname.encode('utf-8')
++bname = 
bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
+ fname = bname + '.crt'
++
+ if os.path.exists(fname):
+-print "Found duplicate certificate name %s, renaming." % bname
++print("Found duplicate certificate name %s, renaming." % bname)

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

2015-09-26 Thread Mike Frysinger

commit: 26c99295c5d5ed67f6be2a04445d36be70f18ce3
Author: Mike Frysinger  gentoo  org>
AuthorDate: Sat Sep 26 16:23:19 2015 +
Commit: Mike Frysinger  gentoo  org>
CommitDate: Sat Sep 26 17:45:28 2015 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26c99295

app-misc/ca-certificates: version bump to 20150426.3.20

 app-misc/ca-certificates/Manifest  |   2 +
 .../ca-certificates-20150426.3.20.ebuild   | 190 +
 .../files/ca-certificates-20150426-root.patch  |  49 ++
 3 files changed, 241 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest 
b/app-misc/ca-certificates/Manifest
index 436f77d..901ae7e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,6 +1,8 @@
 DIST ca-certificates_20140927.tar.xz 288824 SHA256 
e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 
3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b
 WHIRLPOOL 
e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270
 DIST ca-certificates_20141019.tar.xz 289092 SHA256 
684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 
5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b
 WHIRLPOOL 
6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
+DIST ca-certificates_20150426.tar.xz 303256 SHA256 
37dbaa93ed64cc4ae93ac295f9248fbc741bd51376438cfb1257f17efab5494f SHA512 
920dfc512c018c5338bf07b6a6afcb664d9bfba659d4233ca9e87471d5e0ed05de054c96f3d7e6091549aa6deb46106a79f7f982696081f9b2164e18133eb34d
 WHIRLPOOL 
6d068fa13ffdb1b232b1cdb99063e52e52ee9f4cd44917f4eca263f36b5d4fa3c261b45bbf51143fc08965937adc477afd88c9a909300b619d42ae72b4c4acd9
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 
82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 
2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00
 WHIRLPOOL 
c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.17.2.tar.gz 6927414 SHA256 
134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 
a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f
 WHIRLPOOL 
01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
 DIST nss-3.17.4.tar.gz 6924699 SHA256 
1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 
dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89
 WHIRLPOOL 
bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
 DIST nss-3.19.tar.gz 6951461 SHA256 
989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 
e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14
 WHIRLPOOL 
3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c
+DIST nss-3.20.tar.gz 692 SHA256 
5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 
50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366
 WHIRLPOOL 
84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de

diff --git a/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild 
b/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
new file mode 100644
index 000..2431504
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

[gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/files/, app-misc/ca-certificates/

6 matches

Site Navigation

Mail list logo

Footer information