From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-908470-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 5959C1394B5
	for <garchives@archives.gentoo.org>; Fri, 28 Oct 2016 09:28:59 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BF957E09A9;
	Fri, 28 Oct 2016 09:28:56 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9359BE09A9
	for <gentoo-commits@lists.gentoo.org>; Fri, 28 Oct 2016 09:28:56 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 6569E34164A
	for <gentoo-commits@lists.gentoo.org>; Fri, 28 Oct 2016 09:28:54 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 8B843308
	for <gentoo-commits@lists.gentoo.org>; Fri, 28 Oct 2016 09:28:52 +0000 (UTC)
From: "Lars Wendler" <polynomial-c@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" <polynomial-c@gentoo.org>
Message-ID: <1477646928.171217a85eefea54a12de02af2bf684af0ff042e.polynomial-c@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild app-misc/ca-certificates/metadata.xml
X-VCS-Directories: app-misc/ca-certificates/
X-VCS-Committer: polynomial-c
X-VCS-Committer-Name: Lars Wendler
X-VCS-Revision: 171217a85eefea54a12de02af2bf684af0ff042e
X-VCS-Branch: master
Date: Fri, 28 Oct 2016 09:28:52 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 52e9ca0a-c8d3-4796-ba8b-ba3610f71e06
X-Archives-Hash: d47964e45265b9abe058fe518c7722fc

commit:     171217a85eefea54a12de02af2bf684af0ff042e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 09:28:33 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 09:28:48 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=171217a8

app-misc/ca-certificates: Make removal of untrusted certs optional.

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 ...7.1-r1.ebuild => ca-certificates-20160104.3.27.1-r2.ebuild} | 10 ++++++----
 app-misc/ca-certificates/metadata.xml                          |  3 +++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
similarity index 96%
rename from app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
rename to app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
index 93d3a8f..c1d332a 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
@@ -58,7 +58,7 @@ fi
 LICENSE="MPL-1.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
+IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 DEPEND=""
@@ -136,9 +136,11 @@ src_compile() {
 		mv usr/share/doc/{ca-certificates,${PF}} || die
 	fi
 
-	# Remove untrusted certs from StartCom and WoSign (bug #598072)
-	rm "${c}"/mozilla/StartCom* || die
-	rm "${c}"/mozilla/WoSign* || die
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
 
 	(
 	echo "# Automatically generated by ${CATEGORY}/${PF}"

diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index f11c10f..f516f07 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -10,5 +10,8 @@
     Include root certs from CAcert (http://www.cacert.org/) and
     Software in the Public Interest (http://www.spi-inc.org/)
   </flag>
+  <flag name="insecure_certs">
+    Install certs which are known to *not* being trustworthy.
+  </flag>
 </use>
 </pkgmetadata>