public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-17  9:39 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-04-17  9:39 UTC (permalink / raw
  To: gentoo-commits

commit:     3232c76a2da9273bb3ec9a785cd1d9b9fd20e364
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 09:34:11 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 09:34:11 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3232c76a

app-misc/ca-certificates: Bump to version 20180409.3.36.1

Package-Manager: Portage-2.3.29, Repoman-2.3.9

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20180409.3.36.1.ebuild         | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index da8b816e732..0857b0caa8f 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,5 +1,6 @@
 DIST ca-certificates_20161130.tar.xz 298656 BLAKE2B 8574745d8ef62262b339035ca11d6c09110bfcdb8b74865bf5335236cfb48d26cbca0ab3be6544bd047655e09178edce18ae9f4367f075bffd216382ad7020b3 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f
 DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020fca9bcd5ef7066ae3cef195cbf9755f8b8e800a8e4076662fa1b7da600c2235e49048eb6e1166b0618fc7685221ab790fed3 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6
+DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
 DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74c1489bcecf0229b6f19f5bbcc66e9625ac74b655c55897450400090c19eac92c035276c8815fcf98bac945c SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild
new file mode 100644
index 00000000000..198af98ddbf
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2025-06-03  4:51 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2025-06-03  4:51 UTC (permalink / raw
  To: gentoo-commits

commit:     ee9f8fc2db116e0ea59d603f97f94de7690ca95c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  3 04:48:59 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jun  3 04:48:59 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee9f8fc2

app-misc/ca-certificates: add 20250419.3.112

I've used latest dev-libs/nss as the version scheme is slightly different
for stable right now (because entered 3 digits) and I don't see much
point in worrying about the distinction. Just use latest for now.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20250419.3.112.ebuild          | 200 +++++++++++++++++++++
 2 files changed, 202 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 77c3d12321e3..5eee818f96e5 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,5 +1,7 @@
 DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B b807a6415126afdc11896efea8e6509d7ad58b26bc8562b276e93176e80bb8b467a5bd2ba948d3dbbeaf0e4477d93f3ea2b99d3186e856fb47d1033cb779d560 SHA512 00571bdc87897813fd7dbe024f3a186cfc9f0d4f55e92545a90888c9e5282f99cb8d75b5932c034731b911bf27a9b38fd7d062dd511eb1152acf8b2811490fa7
 DIST ca-certificates_20240203.tar.xz 263276 BLAKE2B 44d22aa91fe589e2ae67cb32c6594f1252e99d4460969bf7c925e7047178168c8881c2c93d6c63171059239e34aeea73b95f135f6b60a4e2fa61caa1ddfa3c44 SHA512 e9d7b5283c2be9425d18eb4a9b54b1fa54db0b9d1bdb28f9c6db7f8b2e03fd93442ac973f9b024b7a148d71ac2789edbc1207c2048ce4be589eb1a5376640670
+DIST ca-certificates_20250419.tar.xz 277504 BLAKE2B 2a9ccd233c6129dbbb19527ebf7732b89d89d7cda96e427c7f0234e4854eb20fa28d3a16e39c7584de70bf59f70d016c96fe9e6b19026957e6789fde70926a68 SHA512 5a66a4aabbc18bce752b9e2d362309812cb685e24c0bb52cbb04cde3284b023034955c0ba8c9a3fa065392ab8372d166e6cb17b82fb336cb485e2b63485e9631
+DIST nss-3.112.tar.gz 76620428 BLAKE2B 0de17bfe86ac9e752c4f0c5a4f6db217a74e460850bf79d9bf1fc1b1b2279ad80fb8c4591bea0642d23fa532e71fdb8382ae1dbc797a3a14303439d1aa4868a6 SHA512 564ae4ded323d7213f224673b0ddc584dcfae71bbdd139310854e547d9ba2877ba45462da49f71ea2fae72caea1cf10fa51d9dfef656a21957256cadc5fa4b35
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
 DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
 DIST nss-3.98.tar.gz 76685475 BLAKE2B d382cc65e450b5b7d6b152952a8188822eab5fdbaa0faeefc3f98ef5aa70ed7534abcb7114aaa25c1e49f89dcda7cf75d85957d1a8e5ff964599362757138cb4 SHA512 4f335c5c284eff6424745cc15e32037715a915f6f61687ec36a8ffaef0e45d152602a1be275bbb2f14650c7d258d6488430cdcf512b18ba7cb73cd43ac625681

diff --git a/app-misc/ca-certificates/ca-certificates-20250419.3.112.ebuild b/app-misc/ca-certificates/ca-certificates-20250419.3.112.ebuild
new file mode 100644
index 000000000000..90d3ffb0e54d
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20250419.3.112.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..14} )
+
+inherit edo python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+S="${WORKDIR}"
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+${PRECOMPILED} || IUSE+=" cacert"
+
+BDEPEND="${COMMON_DEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="
+	${COMMON_DEPEND}
+	${DEPEND}
+"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}" || die
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20240203.3.98-update-ca-certificates-drop-pointless-dependency.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	edo sh usr/sbin/update-ca-certificates --sysroot "${S}/image"
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --sysroot "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-07-01 18:55 Mike Gilbert
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Gilbert @ 2024-07-01 18:55 UTC (permalink / raw
  To: gentoo-commits

commit:     05a5f0e6c4560da08790fdc016dd0a0eb29f0637
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Jul  1 16:15:42 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 18:53:24 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=05a5f0e6

app-misc/ca-certificates: update SRC_URI

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r2.ebuild | 2 +-
 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild    | 2 +-
 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild      | 2 +-
 app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r2.ebuild
index 677373ebda39..a5a495009b36 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1-r2.ebuild
@@ -48,7 +48,7 @@ else
 		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+			mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch
 		)
 	"
 fi

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index 66a2a76f3bf3..ce18cefa5e7e 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -48,7 +48,7 @@ else
 		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+			mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch
 		)
 	"
 fi

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 794e461537eb..2fdc4b9e08f5 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -48,7 +48,7 @@ else
 		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+			mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch
 		)
 	"
 fi

diff --git a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
index 9b49b1e38555..1fcb84d81e67 100644
--- a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
@@ -48,7 +48,7 @@ else
 		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+			mirror://gentoo/d1/nss-cacert-class1-class3-r2.patch
 		)
 	"
 fi


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-06-01  3:46 Ionen Wolkens
  0 siblings, 0 replies; 203+ messages in thread
From: Ionen Wolkens @ 2024-06-01  3:46 UTC (permalink / raw
  To: gentoo-commits

commit:     d398f451d2a6f73beb92816c43d3b18ca2537e3b
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Fri May 31 18:20:36 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Sat Jun  1 03:45:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d398f451

app-misc/ca-certificates: Stabilize 20240203.3.98 hppa, #930870

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
index 282195c08c72..9b49b1e38555 100644
--- a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-04-29  8:12 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-04-29  8:12 UTC (permalink / raw
  To: gentoo-commits

commit:     9b93eb821ef813bcf20236297b06a46390b639dc
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 29 08:12:39 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 29 08:12:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b93eb82

app-misc/ca-certificates: Stabilize 20240203.3.98 ppc, #930870

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
index b6a60d96ec29..68e9fd7c7c09 100644
--- a/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20240203.3.98.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-15 20:26 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-03-15 20:26 UTC (permalink / raw
  To: gentoo-commits

commit:     fdc60e4e0b3fc19f644a7424587f1553155cbbfb
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 15 20:26:39 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 15 20:26:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdc60e4e

app-misc/ca-certificates: Stabilize 20230311.3.97 hppa, #926991

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 756b51bf828b..794e461537eb 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  8:18 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-03-14  8:18 UTC (permalink / raw
  To: gentoo-commits

commit:     117f7faa4613ce975e15ff53054ff281bdbd4a7f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 08:18:33 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 08:18:33 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=117f7faa

app-misc/ca-certificates: Stabilize 20230311.3.97 ppc64, #926991

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index a8af8e6f8fc2..756b51bf828b 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  7:48 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-03-14  7:48 UTC (permalink / raw
  To: gentoo-commits

commit:     12b9491dc4e392b83fe9b98fe3e87a9202c9840f
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 07:48:11 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 07:48:11 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=12b9491d

app-misc/ca-certificates: Stabilize 20230311.3.97 amd64, #926991

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 1f831bd3c4e3..a8af8e6f8fc2 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  6:44 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-03-14  6:44 UTC (permalink / raw
  To: gentoo-commits

commit:     89363db4da4afa1dd836ddac18b5d49682674188
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 06:44:31 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 06:44:31 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89363db4

app-misc/ca-certificates: Stabilize 20230311.3.97 ppc, #926991

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 44aceaaae8ba..1f831bd3c4e3 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  6:23 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-03-14  6:23 UTC (permalink / raw
  To: gentoo-commits

commit:     4a53af0642c167ff6d336668b7fed3bbf281e172
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 06:23:21 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 06:23:21 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a53af06

app-misc/ca-certificates: Stabilize 20230311.3.97 x86, #926991

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 18073f041ff8..44aceaaae8ba 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  6:19 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-03-14  6:19 UTC (permalink / raw
  To: gentoo-commits

commit:     5b2b9df937ad6519e5d2eaffa010be0ad14ce666
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 06:18:57 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 06:18:57 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b2b9df9

app-misc/ca-certificates: Stabilize 20230311.3.97 sparc, #926991

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 3e77fcee7aac..18073f041ff8 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  6:11 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-03-14  6:11 UTC (permalink / raw
  To: gentoo-commits

commit:     1a38479ea2746a7587433290f803d1a2755a17fc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 06:11:23 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 06:11:23 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a38479e

app-misc/ca-certificates: Stabilize 20230311.3.97 arm64, #926991

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 2582a7939ef0..3e77fcee7aac 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-03-14  6:06 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-03-14  6:06 UTC (permalink / raw
  To: gentoo-commits

commit:     7b2f0a6e72c08bacf61ff76011e4ca99cfed14d5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 14 06:04:14 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 14 06:05:36 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b2f0a6e

app-misc/ca-certificates: Stabilize 20230311.3.97 arm, #926991

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
index 58f88b4eb1a9..2582a7939ef0 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -57,7 +57,7 @@ S="${WORKDIR}"
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 BDEPEND="${COMMON_DEPEND}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-08  1:36 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-02-08  1:36 UTC (permalink / raw
  To: gentoo-commits

commit:     86d46664305d2c6deb51425e973a23f328423a57
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  8 01:36:18 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb  8 01:36:18 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=86d46664

app-misc/ca-certificates: Stabilize 20230311.3.96.1 hppa, #923512

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index f362b4676010..66a2a76f3bf3 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-03  6:56 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-02-03  6:56 UTC (permalink / raw
  To: gentoo-commits

commit:     e403c6286571c16b322246e46c9e27edf8a1c223
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  3 06:54:45 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Feb  3 06:54:45 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e403c628

app-misc/ca-certificates: Stabilize 20230311.3.96.1 arm64, #923512

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index 934a9a846ad8..f362b4676010 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-02 16:27 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-02-02 16:27 UTC (permalink / raw
  To: gentoo-commits

commit:     b37c2f6e04fc0baddcceaaefd16cc8aeea1e4a03
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  2 16:26:59 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Feb  2 16:26:59 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b37c2f6e

app-misc/ca-certificates: Stabilize 20230311.3.96.1 amd64, #923512

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index d3c31f00b7d1..934a9a846ad8 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-02 13:34 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-02-02 13:34 UTC (permalink / raw
  To: gentoo-commits

commit:     869a2de042aef9a055dca94b43016dc4aab2ccf1
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  2 13:34:34 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Feb  2 13:34:34 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=869a2de0

app-misc/ca-certificates: Stabilize 20230311.3.96.1 x86, #923512

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index f85e23d1c345..d3c31f00b7d1 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-02  6:40 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-02-02  6:40 UTC (permalink / raw
  To: gentoo-commits

commit:     317bbc185f24677ea96bed905932c28ef29e4303
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  2 06:37:28 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb  2 06:38:39 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=317bbc18

app-misc/ca-certificates: Stabilize 20230311.3.96.1 ppc, #923512

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
index f4d4c6a7e891..f85e23d1c345 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.96.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-02-02  4:33 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-02-02  4:33 UTC (permalink / raw
  To: gentoo-commits

commit:     5b6ae65fbdf0a35e61649ba4040a49bd66020b27
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb  2 04:17:13 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb  2 04:33:19 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b6ae65f

app-misc/ca-certificates: add 20230311.3.97

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20230311.3.97.ebuild           | 201 +++++++++++++++++++++
 2 files changed, 202 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 31a1292df6f2..b29e8fddf298 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -7,4 +7,5 @@ DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762f
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
 DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-3.96.1.tar.gz 76715092 BLAKE2B 2a9ea65dd89cba82ea10a57887b10109369af81d4c2911c54cfd081a661498ad7f56ad419092539caaa16341045edcc50f5a3c74d87d66094dacbc91226a9d1c SHA512 fe8baefa767b711a108aafdb496a45d15d2296c3bdd0b1e4389c49197d1cf5365872ee41c23b6823285803887c74538d13347af87d64750551e9cbc87a9cb338
+DIST nss-3.97.tar.gz 76664827 BLAKE2B ede68cf0269edd8ffbe1e90682fb51c202d6298f8bfa5ebbd81e12785e29e6a6611ef3f0feceee73bea4d25ae12f251225649a73d249fdd90af179e07e39f3f6 SHA512 1ad6ac6ff626dc187f42b313c1088ef4b4ac0ee3e156d37824c36e778faa977e8f132302ac00d74aa8f9903e791a0fee6cecb5244d2601e0825cc125b6f33d6a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
new file mode 100644
index 000000000000..58f88b4eb1a9
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.97.ebuild
@@ -0,0 +1,201 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+S="${WORKDIR}"
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+${PRECOMPILED} || IUSE+=" cacert"
+
+BDEPEND="${COMMON_DEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="
+	${COMMON_DEPEND}
+	${DEPEND}
+"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	eapply -p2 "${FILESDIR}"/0001-update-ca-certificates-drop-pointless-dependency-on-.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-22 13:12 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-22 13:12 UTC (permalink / raw
  To: gentoo-commits

commit:     d8c7a09572ae45e3620652f5141c82c1cbb911f8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 22 13:11:52 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan 22 13:11:52 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8c7a095

app-misc/ca-certificates: Stabilize 20230311.3.95 hppa, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index 701e5a1bc215..fd06d2f92da7 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-18  0:28 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-18  0:28 UTC (permalink / raw
  To: gentoo-commits

commit:     093232c3837f033ac22cb7abe9dab718c4a63d10
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 18 00:27:25 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 00:27:25 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=093232c3

app-misc/ca-certificates: Stabilize 20230311.3.95 x86, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index b76c8059b290..701e5a1bc215 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-17  8:53 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2024-01-17  8:53 UTC (permalink / raw
  To: gentoo-commits

commit:     37cdcd03a40abf0d428c531849d19ce18f594ef6
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 17 08:53:28 2024 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 17 08:53:28 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=37cdcd03

app-misc/ca-certificates: Stabilize 20230311.3.95 ppc64, #922265

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index 792833531170..b76c8059b290 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-17  6:34 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-17  6:34 UTC (permalink / raw
  To: gentoo-commits

commit:     221fb0a8049dbd1d4abdc2df675ef0ebc4dc2f56
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 17 06:32:34 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 17 06:33:43 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=221fb0a8

app-misc/ca-certificates: Stabilize 20230311.3.95 amd64, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index b11f0a5a2fd3..792833531170 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-17  5:59 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-17  5:59 UTC (permalink / raw
  To: gentoo-commits

commit:     f140843bb6acbb084ae70a7ee359d8649d252370
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 17 05:58:52 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 17 05:58:58 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f140843b

app-misc/ca-certificates: Stabilize 20230311.3.95 arm64, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index c3fdce903dac..b11f0a5a2fd3 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-17  5:50 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-17  5:50 UTC (permalink / raw
  To: gentoo-commits

commit:     10e293069c40315d361ee0267b2a942fdf5c0a33
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 17 05:49:09 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 17 05:49:09 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10e29306

app-misc/ca-certificates: Stabilize 20230311.3.95 sparc, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index b52298ef11a3..c3fdce903dac 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-17  5:33 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2024-01-17  5:33 UTC (permalink / raw
  To: gentoo-commits

commit:     1a001cfe3cea101aa47ca36eb06930549ed3b3ee
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Jan 17 05:31:14 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jan 17 05:32:16 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a001cfe

app-misc/ca-certificates: Stabilize 20230311.3.95 arm, #922265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
index a5a1ffb07bb8..b52298ef11a3 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2024-01-03  2:20 Ionen Wolkens
  0 siblings, 0 replies; 203+ messages in thread
From: Ionen Wolkens @ 2024-01-03  2:20 UTC (permalink / raw
  To: gentoo-commits

commit:     585cc02515edb12182cd6ffde845a3de0858589d
Author:     Matoro Mahri <matoro_gentoo <AT> matoro <DOT> tk>
AuthorDate: Wed Jan  3 01:20:43 2024 +0000
Commit:     Ionen Wolkens <ionen <AT> gentoo <DOT> org>
CommitDate: Wed Jan  3 01:41:36 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=585cc025

app-misc/ca-certificates: Stabilize 20230311.3.93 hppa, #920465

Signed-off-by: Matoro Mahri <matoro_gentoo <AT> matoro.tk>
Signed-off-by: Ionen Wolkens <ionen <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index ddd3735e7051..66a2a76f3bf3 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 16:01 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-12-21 16:01 UTC (permalink / raw
  To: gentoo-commits

commit:     82b5baf95a1c7ae9cfb285790f479fbdbb5d1120
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 16:00:54 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 16:00:54 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82b5baf9

app-misc/ca-certificates: Stabilize 20230311.3.93 arm64, #920465

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index a1dffb63ce50..ddd3735e7051 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 15:15 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-12-21 15:15 UTC (permalink / raw
  To: gentoo-commits

commit:     cb8fb4fd0e940c5f1dd74d559b804b52f3fe36b8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 15:14:55 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 15:14:55 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb8fb4fd

app-misc/ca-certificates: Stabilize 20230311.3.93 ppc64, #920465

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index 6942dd11cac1..a1dffb63ce50 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 13:18 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-12-21 13:18 UTC (permalink / raw
  To: gentoo-commits

commit:     026584d208c8e32d726d5d199107e983f5dd3371
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 13:18:24 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 13:18:24 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=026584d2

app-misc/ca-certificates: Stabilize 20230311.3.93 x86, #920465

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index 82ed1b62ae7b..6942dd11cac1 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 12:56 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-12-21 12:56 UTC (permalink / raw
  To: gentoo-commits

commit:     c54a3818c31270c4976e67597c2dd5e3acd8a3cb
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 12:56:01 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 12:56:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c54a3818

app-misc/ca-certificates: Stabilize 20230311.3.93 arm, #920465

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index 19ef597c6728..82ed1b62ae7b 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 11:55 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-12-21 11:55 UTC (permalink / raw
  To: gentoo-commits

commit:     fcaf60e2e257f5a6e231be109fa70d11de1a7830
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 11:54:04 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 11:54:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcaf60e2

app-misc/ca-certificates: Stabilize 20230311.3.93 amd64, #920465

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index f0e2072e2946..19ef597c6728 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 11:55 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-12-21 11:55 UTC (permalink / raw
  To: gentoo-commits

commit:     4e7da03139b96a01a70a369de994dd9b282f12f8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 11:54:03 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 11:54:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e7da031

app-misc/ca-certificates: Stabilize 20230311.3.93 sparc, #920465

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index aa95af639b67..f0e2072e2946 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-21 11:12 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-12-21 11:12 UTC (permalink / raw
  To: gentoo-commits

commit:     d6beaccd87fdacbc0471ea61e8fd6ff6dd238552
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 21 11:12:30 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Thu Dec 21 11:12:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6beaccd

app-misc/ca-certificates: Stabilize 20230311.3.93 ppc, #920465

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index a5a1ffb07bb8..aa95af639b67 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-12-02  7:13 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-12-02  7:13 UTC (permalink / raw
  To: gentoo-commits

commit:     99eb656d5163e24391206d3cfb7488ebff13bd5e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  2 06:54:36 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec  2 07:10:15 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99eb656d

app-misc/ca-certificates: add 20230311.3.95

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20230311.3.95.ebuild           | 205 +++++++++++++++++++++
 2 files changed, 206 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 1433db38d3b9..a7c5a51ff423 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
 DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
+DIST nss-3.95.tar.gz 76571130 BLAKE2B 9d40b09c0c58901781abfad609dd45f44c2f4d1ce9d4f1592748cb64a9eb29b1ac84be54ebb19fa528d8b9fd08911f769a80f72d9e6dbb22e82e5b3581a30af1 SHA512 54567c063fc72bf1a29898bc8cc405e54aa086269021d864b10a3640e6b4ae0d632834db87766257fdb43740d9bc71e362d69cfe6924f5c72a6e1a99a91f8c3a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
new file mode 100644
index 000000000000..a5a1ffb07bb8
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.95.ebuild
@@ -0,0 +1,205 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-11-20 17:06 Robin H. Johnson
  0 siblings, 0 replies; 203+ messages in thread
From: Robin H. Johnson @ 2023-11-20 17:06 UTC (permalink / raw
  To: gentoo-commits

commit:     c2ab69874330db97a86bcbf07c1fde07e3d06e05
Author:     Brian Norris <briannorris <AT> chromium <DOT> org>
AuthorDate: Sat Nov 18 00:24:06 2023 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Nov 20 17:06:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2ab6987

app-misc/ca-certificates: Drop date from /etc/ca-certificates.conf

This only serves to make this package non-reproducible.

Signed-off-by: Brian Norris <briannorris <AT> chromium.org>
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/33879

 app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild | 1 -
 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 1 -
 app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild   | 1 -
 app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild   | 1 -
 app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild   | 1 -
 5 files changed, 5 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
index 6608eea43fa5..e90265a6db66 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
@@ -165,7 +165,6 @@ src_compile() {
 
 	(
 		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
 		echo "# Do not edit."
 		cd "${c}" || die
 		find * -name '*.crt' | LC_ALL=C sort

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 981bfa66576f..beb4469cc4a4 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -169,7 +169,6 @@ src_compile() {
 
 	(
 		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
 		echo "# Do not edit."
 		cd "${c}" || die
 		find * -name '*.crt' | LC_ALL=C sort

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild
index 070ceebeb42f..69f8eb0e076b 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.ebuild
@@ -169,7 +169,6 @@ src_compile() {
 
 	(
 		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
 		echo "# Do not edit."
 		cd "${c}" || die
 		find * -name '*.crt' | LC_ALL=C sort

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
index 83c66b14c12c..20894fd6dbae 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
@@ -169,7 +169,6 @@ src_compile() {
 
 	(
 		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
 		echo "# Do not edit."
 		cd "${c}" || die
 		find * -name '*.crt' | LC_ALL=C sort

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
index cd5ede09c08f..a5a1ffb07bb8 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -169,7 +169,6 @@ src_compile() {
 
 	(
 		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
 		echo "# Do not edit."
 		cd "${c}" || die
 		find * -name '*.crt' | LC_ALL=C sort


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-09-01  8:02 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-09-01  8:02 UTC (permalink / raw
  To: gentoo-commits

commit:     b69557536f8d69548ec9b99f30a7dda253fe0d63
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep  1 08:01:05 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep  1 08:01:05 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6955753

app-misc/ca-certificates: add 20230311.3.93

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20230311.3.93.ebuild           | 206 +++++++++++++++++++++
 2 files changed, 207 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 3a148c82e7d6..1433db38d3b9 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
+DIST nss-3.93.tar.gz 72281331 BLAKE2B 99e50f450a451f2b0bc0aad9b0fba405c987d88546d4aad6c490cb43dc274f23eb99d03d5fa8cf7ef16585abebfdae942fe1092d3f1c86816ba35e16ed3d490f SHA512 d96f13a70e825b39efadfe7c973c24c1e5ad43319bd813599010383e2b8434181f53489672f68fe79e2cb0c4d4ea0088499e588c3524eccf9298aafc57b94951
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
new file mode 100644
index 000000000000..cd5ede09c08f
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.93.ebuild
@@ -0,0 +1,206 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-06-05  3:59 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-06-05  3:59 UTC (permalink / raw
  To: gentoo-commits

commit:     8e079cf0227c90aabbf84ab14bfd065dc3675208
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  5 03:58:52 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun  5 03:58:52 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8e079cf0

app-misc/ca-certificates: destabilize 20230311.3.90

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
index 83c66b14c12c..cd5ede09c08f 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-06-05  3:57 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-06-05  3:57 UTC (permalink / raw
  To: gentoo-commits

commit:     1259f428693beec7513f8f73e29ea5fe9880caae
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  5 03:54:50 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jun  5 03:56:56 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1259f428

app-misc/ca-certificates: add 20230311.3.90

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20230311.3.90.ebuild           | 206 +++++++++++++++++++++
 2 files changed, 207 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6c74c5d06388..3a148c82e7d6 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,4 +3,5 @@ DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B b807a6415126afdc11896efea8e6
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
+DIST nss-3.90.tar.gz 72211928 BLAKE2B 9518bed4f8ca5f9dd1c3d15e255f9954fabc30762ff6db7e45ab54fd0d7d7a34e2c021ecc76b5dcac97c571914e9af116a8c1361a5f2f055a31db168518a99a7 SHA512 e41f4de73f4971c8f35dffe3926b6845ef12a1ce7e8f3fe682e643ddb791a009d079c1706f66d065333af884726840dbc96d4e44762f9c3e48b8d919c09ae625
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
new file mode 100644
index 000000000000..83c66b14c12c
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.90.ebuild
@@ -0,0 +1,206 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  7:15 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-05-13  7:15 UTC (permalink / raw
  To: gentoo-commits

commit:     00a04e6295b8a4d0284205a14da4244df7dd81a5
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 07:15:04 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 07:15:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00a04e62

app-misc/ca-certificates: Stabilize 20230311.3.89.1 sparc, #906232

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 6f83d9746c40..370ad7019d45 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  5:08 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  5:08 UTC (permalink / raw
  To: gentoo-commits

commit:     e939d49a634578ea88d242e05f20a687b5720e24
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 05:08:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 05:08:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e939d49a

app-misc/ca-certificates: Stabilize 20230311.3.89.1 amd64, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index f5fa7c85d5c1..6f83d9746c40 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     70e85ce17adbc98dae2c4b1c31bd88d87b627bd6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:07 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70e85ce1

app-misc/ca-certificates: Stabilize 20230311.3.89.1 arm, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 3970e9303805..f5fa7c85d5c1 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     4547f45ff881736195775aab41513fe1bb4cb60e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:03 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4547f45f

app-misc/ca-certificates: Stabilize 20230311.3.89.1 ppc64, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 36898235edda..5247eb70bea6 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     5581985f265a4b9252a2f899914299ad9938c778
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:06 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:06 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5581985f

app-misc/ca-certificates: Stabilize 20230311.3.89.1 ppc, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 1ef9b92c31a4..3970e9303805 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     f07f05b1de85676c46eaaf054b05c285e74c52e4
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:02 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:02 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f07f05b1

app-misc/ca-certificates: Stabilize 20230311.3.89.1 hppa, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index e7cac834cd5c..36898235edda 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     2a735bc288cfa8f162e15af6a8154e5e72d83855
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:01 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:01 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2a735bc2

app-misc/ca-certificates: Stabilize 20230311.3.89.1 x86, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 1de788f51cb2..e7cac834cd5c 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-13  3:17 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-13  3:17 UTC (permalink / raw
  To: gentoo-commits

commit:     df215e11564cb2d775dbf7b7571cdfbac81c24f1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May 13 03:17:04 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May 13 03:17:04 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df215e11

app-misc/ca-certificates: Stabilize 20230311.3.89.1 arm64, #906232

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
index 5247eb70bea6..1ef9b92c31a4 100644
--- a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -55,7 +55,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-06  8:48 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-06  8:48 UTC (permalink / raw
  To: gentoo-commits

commit:     be79515f448f27dd323e455d63440bfe2be9eff1
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May  6 08:48:02 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May  6 08:48:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be79515f

app-misc/ca-certificates: drop 20211016.3.89

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../ca-certificates-20211016.3.89.ebuild           | 202 ---------------------
 1 file changed, 202 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild
deleted file mode 100644
index 8255e1b91566..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild
+++ /dev/null
@@ -1,202 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# Where possible, bump to stable/LTS releases of NSS for the last part
-# of the version (when not using a pure Debian release).
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S="${WORKDIR}"
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# If the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-06  8:48 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-06  8:48 UTC (permalink / raw
  To: gentoo-commits

commit:     bfc4ff320e3f84268d492b8b50c5eed387c17852
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May  6 08:47:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May  6 08:48:28 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfc4ff32

app-misc/ca-certificates: add 20230311.3.89.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20230311.3.89.1.ebuild         | 206 +++++++++++++++++++++
 2 files changed, 207 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index b791487bc3a8..0669ca628b02 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d0
 DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
 DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
+DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
new file mode 100644
index 000000000000..1de788f51cb2
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20230311.3.89.1.ebuild
@@ -0,0 +1,206 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="
+		mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)
+	"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}" >/dev/null || die
+	# We patch out the dep on cryptography as it's not particularly useful
+	# for us. Please see the discussion in bug #821706. Not to be removed lightly!
+	eapply "${FILESDIR}"/${PN}-20230311.3.89-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-05-06  8:48 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-05-06  8:48 UTC (permalink / raw
  To: gentoo-commits

commit:     c2e9ad42532132dae21f2b4856a79d5a18eba47c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat May  6 08:47:35 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat May  6 08:48:29 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2e9ad42

app-misc/ca-certificates: drop 20211016.3.83, 20211016.3.86, 20211016.3.87-r1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   3 -
 .../ca-certificates-20211016.3.83.ebuild           | 203 ---------------------
 .../ca-certificates-20211016.3.86.ebuild           | 203 ---------------------
 .../ca-certificates-20211016.3.87-r1.ebuild        | 202 --------------------
 4 files changed, 611 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 0669ca628b02..6c74c5d06388 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,5 @@
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST ca-certificates_20230311.tar.xz 257772 BLAKE2B b807a6415126afdc11896efea8e6509d7ad58b26bc8562b276e93176e80bb8b467a5bd2ba948d3dbbeaf0e4477d93f3ea2b99d3186e856fb47d1033cb779d560 SHA512 00571bdc87897813fd7dbe024f3a186cfc9f0d4f55e92545a90888c9e5282f99cb8d75b5932c034731b911bf27a9b38fd7d062dd511eb1152acf8b2811490fa7
-DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
-DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
-DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-3.89.1.tar.gz 71624456 BLAKE2B fca6e09375ba2ce4a6f0bf189cabb9cdb1ba7cb5ebc1a49d47a2d6b509936a60d7f1867f71cdcfa6a81c0cbbf298513981a9b16ac23bbc464c7004bb40b830b4 SHA512 aeece4e8bc28113fc53997b29c89d40b4be74fee4f5d27c4e065d2fa6701038442f4eeeb1fcf98befedb03537a5a48a4701fe270f56197da57946529f9fa02dd
 DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
deleted file mode 100644
index 23b947a542d5..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ /dev/null
@@ -1,203 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# Where possible, bump to stable/LTS releases of NSS for the last part
-# of the version (when not using a pure Debian release).
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S="${WORKDIR}"
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# If the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
deleted file mode 100644
index 23b947a542d5..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ /dev/null
@@ -1,203 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# Where possible, bump to stable/LTS releases of NSS for the last part
-# of the version (when not using a pure Debian release).
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S="${WORKDIR}"
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# If the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
deleted file mode 100644
index 70bceab8cee4..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ /dev/null
@@ -1,202 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# Where possible, bump to stable/LTS releases of NSS for the last part
-# of the version (when not using a pure Debian release).
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S="${WORKDIR}"
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# If the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-24 13:49 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-24 13:49 UTC (permalink / raw
  To: gentoo-commits

commit:     7ce1c700ec9ec466351907608691f82880be421e
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 24 13:49:06 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 24 13:49:06 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ce1c700

app-misc/ca-certificates: Stabilize 20211016.3.88.1 sparc, #902583

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
index 1f90f7ab8fc0..64782f599f93 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-24 13:48 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-24 13:48 UTC (permalink / raw
  To: gentoo-commits

commit:     c6fa7388d9ce6323847f1c5bc7615f4b20dc8098
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 24 13:48:16 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 24 13:48:16 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6fa7388

app-misc/ca-certificates: Stabilize 20211016.3.88.1 arm64, #902583

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
index 09b03d141b09..1f90f7ab8fc0 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-22  9:37 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-03-22  9:37 UTC (permalink / raw
  To: gentoo-commits

commit:     1c44223b5492faf1226459eeaf91ff7525ebc055
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 22 09:37:40 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Mar 22 09:37:40 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c44223b

app-misc/ca-certificates: Stabilize 20211016.3.88.1 hppa, #902583

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
index d65c94919e2e..09b03d141b09 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  9:33 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-03-10  9:33 UTC (permalink / raw
  To: gentoo-commits

commit:     f692c359daa86c720ae9e9878a7c91f32c200c23
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 09:27:10 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 09:32:58 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f692c359

app-misc/ca-certificates: add 20211016.3.89

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.89.ebuild           | 202 +++++++++++++++++++++
 2 files changed, 203 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 35af4d0f6f58..b967fdb59e90 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,4 +3,5 @@ DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d0
 DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
 DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
+DIST nss-3.89.tar.gz 71617802 BLAKE2B 92428a635167f311b258411420c8073fafdbadef5b1fc4ff8400e41834fc67a03f2151265d5bbfb64ae53b9a8acb29750352f6c2c83d1cd9a2f89a2139ad34c9 SHA512 1db06d4575f2c16d2a0629007981211e714f99c014c0a6256dd33d0caf8c809ba8d5be204d018f9d1cc99b9fcd055ac1fb99b399486ed43c9cf3f55f2747de82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild
new file mode 100644
index 000000000000..d677b0694f11
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.89.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  8:08 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-03-10  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     d98cc9b7e6ce74b88484eef4f907448dad18b2c0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 08:08:31 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 08:08:31 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d98cc9b7

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 hppa, #900649

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index b6ee4c414909..e9afdb7462b6 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  8:08 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-03-10  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     c064aac7107ce6c38c95b3770ba3331ba784e9d7
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 08:08:30 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 08:08:30 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c064aac7

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 x86, #900649

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index 9e759e720aa4..b6ee4c414909 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  8:08 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-03-10  8:08 UTC (permalink / raw
  To: gentoo-commits

commit:     1aacb203f7d320c9db2d40731977d291a1dfa3dd
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 08:08:32 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 08:08:32 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1aacb203

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 amd64, #900649

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index e9afdb7462b6..64782f599f93 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  7:44 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-10  7:44 UTC (permalink / raw
  To: gentoo-commits

commit:     2e5cfbe2789f021775a30db9bbe3db1f116df156
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 07:43:47 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 07:43:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e5cfbe2

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 ppc, #900649

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index 2d8f459570e9..10fa22c9500b 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  7:44 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-10  7:44 UTC (permalink / raw
  To: gentoo-commits

commit:     06e9040c986d5038fdee35d25f131a33a3940d93
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 07:43:47 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 07:43:47 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06e9040c

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 ppc64, #900649

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index b1ef0065ace9..2d8f459570e9 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  7:44 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-10  7:44 UTC (permalink / raw
  To: gentoo-commits

commit:     d1cab8ceec4fa750411fc2cd69bb6f67f0e48034
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 07:43:48 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 07:43:48 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1cab8ce

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 sparc, #900649

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index 10fa22c9500b..f9883cea8f26 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  7:44 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-10  7:44 UTC (permalink / raw
  To: gentoo-commits

commit:     0485a85805eb796bc921a4411866d902914334c8
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 07:43:49 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 07:43:49 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0485a858

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 arm64, #900649

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index f9883cea8f26..9e759e720aa4 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-03-10  7:44 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2023-03-10  7:44 UTC (permalink / raw
  To: gentoo-commits

commit:     70bf516d861d6a9c0511720b3a523df143af4f09
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 10 07:43:45 2023 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Mar 10 07:43:45 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=70bf516d

app-misc/ca-certificates: Stabilize 20211016.3.87-r1 arm, #900649

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index d677b0694f11..b1ef0065ace9 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-02-16  5:28 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-02-16  5:28 UTC (permalink / raw
  To: gentoo-commits

commit:     6b3d886f42db3b0bc12b28cbb032763d9ad504e8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Feb 16 05:27:49 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Feb 16 05:27:49 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b3d886f

app-misc/ca-certificates: add 20211016.3.88.1

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.88.1.ebuild         | 202 +++++++++++++++++++++
 2 files changed, 203 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index b90f1c65cd7a..35af4d0f6f58 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,4 +2,5 @@ DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf91
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
 DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
+DIST nss-3.88.1.tar.gz 71607211 BLAKE2B ff84d3153a01519a52e83be5327453d8e6a81e1f62ccd69906b549fe42ec5ebf075b403395a67bc75f3c7f7dd33ef49f3b1f33558652ff75ee87e2970b2e06a4 SHA512 d15289803a4c3caa1b7a8872b761a95b4f571688c8b8ffaf2a1478e032a356fbcf8a9239ebe1777561503329f63dd237384e1d8af9ca70fb48b40e70954b455a
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
new file mode 100644
index 000000000000..d677b0694f11
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.88.1.ebuild
@@ -0,0 +1,202 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-02-04  1:48 Mike Gilbert
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Gilbert @ 2023-02-04  1:48 UTC (permalink / raw
  To: gentoo-commits

commit:     4fe57254430cfe6f2718222a5f582fffb61f5211
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Feb  4 01:38:27 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb  4 01:38:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fe57254

app-misc/ca-certificates: stop using c_rehash

Bug: https://bugs.gentoo.org/855494
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 ...es-20211016.3.87.ebuild => ca-certificates-20211016.3.87-r1.ebuild} | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
similarity index 98%
rename from app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild
rename to app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
index aaa1a6ed0868..d677b0694f11 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87-r1.ebuild
@@ -59,7 +59,7 @@ ${PRECOMPILED} || IUSE+=" cacert"
 
 # c_rehash: we run `c_rehash`
 # debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
+CDEPEND="
 	sys-apps/debianutils"
 
 BDEPEND="${CDEPEND}"
@@ -133,7 +133,6 @@ src_prepare() {
 	sed -i \
 		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
 		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
 		usr/sbin/update-ca-certificates || die
 }
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:53 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:53 UTC (permalink / raw
  To: gentoo-commits

commit:     43614020e38e5533a181f8b5c03a0e891f93d914
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:53:09 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:53:09 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=43614020

app-misc/ca-certificates: Stabilize 20211016.3.86 hppa, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index 372e8374c7f6..c5df2f761993 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     34b590a921f23cb66547e9bc1eedf7f0e815c02c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:13 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34b590a9

app-misc/ca-certificates: Stabilize 20211016.3.86 amd64, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index 2f8d9a32581e..c112a3c37265 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     f157c4903647d7c6a4f49d6af3d25f52aafd9470
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:10 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:10 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f157c490

app-misc/ca-certificates: Stabilize 20211016.3.86 x86, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index d6de1198feed..4a09a4d341b3 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     555ee0d922c455602013f0b4d12eddab8cec1d3a
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:08 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:08 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=555ee0d9

app-misc/ca-certificates: Stabilize 20211016.3.86 ppc, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index ba07e0646bcb..d6de1198feed 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     33b8671a9c4158edfb5c1acb6f65d7bdcbbd4730
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:11 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:11 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33b8671a

app-misc/ca-certificates: Stabilize 20211016.3.86 arm64, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index 4a09a4d341b3..0bf6725855b5 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     ed043028ac3b8ca94390296675ef9a6f167df06c
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:12 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:12 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed043028

app-misc/ca-certificates: Stabilize 20211016.3.86 sparc, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index 0bf6725855b5..2f8d9a32581e 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     06693907bb223f3422899e761e52329b9be5e765
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:07 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:07 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06693907

app-misc/ca-certificates: Stabilize 20211016.3.86 arm, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index 24e049209a49..ba07e0646bcb 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-09  5:41 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-09  5:41 UTC (permalink / raw
  To: gentoo-commits

commit:     c2f9a03247252015e19990a1fecff6af004dd563
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  9 05:41:14 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  9 05:41:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2f9a032

app-misc/ca-certificates: Stabilize 20211016.3.86 ppc64, #890265

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
index c112a3c37265..372e8374c7f6 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2023-01-06  8:40 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2023-01-06  8:40 UTC (permalink / raw
  To: gentoo-commits

commit:     dff447ed5f89df9455b0683cf9344acc58ed362e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  6 08:39:47 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Jan  6 08:40:08 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dff447ed

app-misc/ca-certificates: add 20211016.3.87

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.87.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 2bee049e8829..b90f1c65cd7a 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,5 @@
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
+DIST nss-3.87.tar.gz 71435408 BLAKE2B 0d69e18b1e2c4ccfc86db8f3afba94d5000e8ab2a4e766eb6f99f13f57d78b62dd711a0f5f70a24378a3cf1e435cc8ecb7e6fbeae18d5db0176660a0ea35dac2 SHA512 4ec7b94e537df109638b821f3a7e3b7bf31d89c3739a6e4c85cad4fab876390ae482971d6f66198818400f467661e86f39dc1d2a4a88077fd81e3a0b7ed64110
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild
new file mode 100644
index 000000000000..f3e798fed1f3
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.87.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-12-10  3:26 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-12-10  3:26 UTC (permalink / raw
  To: gentoo-commits

commit:     c4e2efee358d64e28ad8a4aa625ac925a654c807
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 10 03:24:53 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 10 03:24:58 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4e2efee

app-misc/ca-certificates: add 20211016.3.86

Note that this follows Mozilla upstream in NSS 3.86 in setting
distrust-after for TrustCor [0]. It does not remove it from the cache.

[0] https://github.com/nss-dev/nss/commit/79ef8de788dfc8952d34155d3694ad1e159fcb3f

Bug: https://bugs.gentoo.org/884805
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.86.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f4a1fa76db4f..b925f98401a3 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,4 +2,5 @@ DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf91
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
+DIST nss-3.86.tar.gz 71423531 BLAKE2B 36703d99d9616020a165085469be650c2f4ce3e11c2f4f6bd974b1b89f1b9fcfdaa4ffd4d6ee98dabce82e616c170548efa1e51722b524dda8815faccfcf5181 SHA512 c09aeb52d7898617b65a1090cbdd29f6457eff2ebdc61aadb2dbf7b5044eae010ee5eeea729825f1258902936a61a1bff552ee9b26b2f01e5d448bbd8791d1cb
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
new file mode 100644
index 000000000000..24e049209a49
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.86.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18 11:18 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-11-18 11:18 UTC (permalink / raw
  To: gentoo-commits

commit:     16543a10a4567248b1d6bb034b277f335268a384
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 11:18:09 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 11:18:09 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16543a10

app-misc/ca-certificates: Stabilize 20211016.3.83 hppa, #881763

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 711e189f2dfa..bd535a63fb45 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  7:00 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-11-18  7:00 UTC (permalink / raw
  To: gentoo-commits

commit:     87e5a932ba65ec5339c8a34c526d3c54fde6f255
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 07:00:44 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 07:00:44 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87e5a932

app-misc/ca-certificates: Stabilize 20211016.3.83 arm, #881763

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index b00b029c31fe..711e189f2dfa 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  7:00 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-11-18  7:00 UTC (permalink / raw
  To: gentoo-commits

commit:     218607898e1de2ce21195652f6643f46b25394e2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:59:51 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:59:56 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21860789

app-misc/ca-certificates: Stabilize 20211016.3.83 ppc, #881763

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 49fc54d0b3c5..b00b029c31fe 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:50 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-11-18  6:50 UTC (permalink / raw
  To: gentoo-commits

commit:     2604f105344c39be60fa539573f91d76f08b4986
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:49:54 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:49:54 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2604f105

app-misc/ca-certificates: Stabilize 20211016.3.83 ppc64, #881763

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 4f179d8a383c..49fc54d0b3c5 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:48 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-11-18  6:48 UTC (permalink / raw
  To: gentoo-commits

commit:     479ea052c96eb9e4aec708ef1c7797f442e905f4
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:48:22 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:48:22 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=479ea052

app-misc/ca-certificates: Stabilize 20211016.3.83 sparc, #881763

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 90b7c6797b19..4f179d8a383c 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:47 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-11-18  6:47 UTC (permalink / raw
  To: gentoo-commits

commit:     4b296ebccfb341f4a555435f5260fd84fde254b2
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:47:42 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:47:42 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b296ebc

app-misc/ca-certificates: Stabilize 20211016.3.83 arm64, #881763

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index e2173af08819..90b7c6797b19 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:46 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-11-18  6:46 UTC (permalink / raw
  To: gentoo-commits

commit:     645369b44d7811004036173db7b27f539c6035af
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:46:18 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:46:24 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=645369b4

app-misc/ca-certificates: Stabilize 20211016.3.83 amd64, #881763

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 24e049209a49..82acc56d0a4a 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:46 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-11-18  6:46 UTC (permalink / raw
  To: gentoo-commits

commit:     53eb9fa8db462380b4c6dd8a63f5518f7bd4df31
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:46:19 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:46:24 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53eb9fa8

app-misc/ca-certificates: Stabilize 20211016.3.83 x86, #881763

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
index 82acc56d0a4a..e2173af08819 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:23 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-11-18  6:23 UTC (permalink / raw
  To: gentoo-commits

commit:     e9b7ba6f37f8ae1a583abb016bd602d17c4a02e3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:18:29 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:18:29 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9b7ba6f

app-misc/ca-certificates: drop 20210119.3.66, 20211016.3.79, 20211016.3.82

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   4 -
 .../ca-certificates-20210119.3.66.ebuild           | 189 -------------------
 .../ca-certificates-20211016.3.79.ebuild           | 198 --------------------
 .../ca-certificates-20211016.3.82.ebuild           | 203 ---------------------
 4 files changed, 594 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index c956c29b9b7c..f4a1fa76db4f 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,9 +1,5 @@
-DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
-DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
-DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
-DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
deleted file mode 100644
index 2e7b4998455b..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..10} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild
deleted file mode 100644
index 2d419bbacf28..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild
+++ /dev/null
@@ -1,198 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{8..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild
deleted file mode 100644
index 24e049209a49..000000000000
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild
+++ /dev/null
@@ -1,203 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# Where possible, bump to stable/LTS releases of NSS for the last part
-# of the version (when not using a pure Debian release).
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..11} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S="${WORKDIR}"
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-
-	if ! ${PRECOMPILED} ; then
-		python-any-r1_pkg_setup
-	fi
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-
-	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
-	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
-	popd >/dev/null || die
-
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# If the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-11-18  6:23 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-11-18  6:23 UTC (permalink / raw
  To: gentoo-commits

commit:     17ec470a765292374100f78c18826f9d3fc1e562
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 18 06:18:18 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov 18 06:18:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17ec470a

app-misc/ca-certificates: add 20211016.3.85

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.85.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f4d665b546ee..c956c29b9b7c 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c22
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
+DIST nss-3.85.tar.gz 84717969 BLAKE2B 644a51cd747078688233850bee6884b7ee30076411d783a4fb2982ffc35883f51784440d8c1c727251f664c4e5b5071be9881abc8315e0294d7da0cb8727e897 SHA512 97cfffa2beed1dba5d31e0c6e450553e5a8c78b427521640adb00c05d9d63cd64dc08388f0dbf96c93efb79f5daf4ba8db8d026b0b43d2e5c865a9b833fc77a1
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.85.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.85.ebuild
new file mode 100644
index 000000000000..24e049209a49
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.85.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-23  6:14 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-09-23  6:14 UTC (permalink / raw
  To: gentoo-commits

commit:     fa2d0cfa999ba6934364c0d028426e98fecfbf82
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 23 06:14:13 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 23 06:14:20 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2d0cfa

app-misc/ca-certificates: add 20211016.3.83

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.83.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6f412e46e634..f4d665b546ee 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
+DIST nss-3.83.tar.gz 84844191 BLAKE2B f2e26f69450cbd2c94c5efdd959cb19e874bcb63d09098406ef49f4997bd04bc0ee4bc285c1c4f0ec461194171342c7d31965ac7bc7eefc284783542dfe853b1 SHA512 550cf1116e39e58041feaa67913f570d791e8153cc0522ba7ae02e27a61e0a4e6a25224be0f25d51a842dc11c70d600263450ebff0a9fdaa2840bafa3fc9ddd5
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
new file mode 100644
index 000000000000..24e049209a49
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.83.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-17  5:38 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-09-17  5:38 UTC (permalink / raw
  To: gentoo-commits

commit:     07e568072687d62c5c5038fd7fe3398906c07aff
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 17 05:38:02 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Sat Sep 17 05:38:02 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07e56807

app-misc/ca-certificates: Stabilize 20211016.3.80 ppc64, #868966

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 53b95ed6795e..bd535a63fb45 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-16 18:27 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-09-16 18:27 UTC (permalink / raw
  To: gentoo-commits

commit:     b924fb03885bd15cd911c618d904801e86bdbc7a
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 16 18:27:26 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 16 18:27:26 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b924fb03

app-misc/ca-certificates: Stabilize 20211016.3.80 ppc, #868966

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 4cd913b4984b..53b95ed6795e 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-16  8:40 Arthur Zamarin
  0 siblings, 0 replies; 203+ messages in thread
From: Arthur Zamarin @ 2022-09-16  8:40 UTC (permalink / raw
  To: gentoo-commits

commit:     dc8bc965d0a41584776e1f268b000e00bb0dba3b
Author:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 16 08:40:05 2022 +0000
Commit:     Arthur Zamarin <arthurzam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 16 08:40:05 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc8bc965

app-misc/ca-certificates: Stabilize 20211016.3.80 hppa, #868966

Signed-off-by: Arthur Zamarin <arthurzam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 378aebe795b9..4cd913b4984b 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-07  1:50 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-09-07  1:50 UTC (permalink / raw
  To: gentoo-commits

commit:     4b4882984c96709703f2500a92f137cc2b4d21b6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Sep  7 01:49:13 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Sep  7 01:49:13 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4b488298

app-misc/ca-certificates: Stabilize 20211016.3.80 sparc, #868966

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 54e9d9d6ae54..378aebe795b9 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-06 21:59 Jakov Smolić
  0 siblings, 0 replies; 203+ messages in thread
From: Jakov Smolić @ 2022-09-06 21:59 UTC (permalink / raw
  To: gentoo-commits

commit:     1120aa3fc18d3bd1d47e4fe5cf39774d140112f6
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  6 21:58:30 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Tue Sep  6 21:58:30 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1120aa3f

app-misc/ca-certificates: Stabilize 20211016.3.80 amd64, #868966

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index c56128cd9fc2..54e9d9d6ae54 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-06 21:53 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-09-06 21:53 UTC (permalink / raw
  To: gentoo-commits

commit:     ace25bab82fc5d02cc459b737155285405de80b3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  6 21:52:56 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep  6 21:52:56 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ace25bab

app-misc/ca-certificates: add 20211016.3.82

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.82.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index e71914efa52e..6f412e46e634 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,4 +3,5 @@ DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf91
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
+DIST nss-3.82.tar.gz 84708994 BLAKE2B 59d3ace416c725933a07c51dc911f2fa11d55b1daddc5252a01ef3ae9df3375cbb199eff92e8e2bb364b9381ad1066c74d4f93c00900847f5234591bbbb29824 SHA512 6e0f28c3f776178ab2d97c6e2436aa10d72c9c2668aea1a6695ccf49e8c3c4cd2d266168508bcb456c655f2e692dceb44eae53c80d50076d7156db3deac70057
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild
new file mode 100644
index 000000000000..24e049209a49
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.82.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-06 21:49 Jakov Smolić
  0 siblings, 0 replies; 203+ messages in thread
From: Jakov Smolić @ 2022-09-06 21:49 UTC (permalink / raw
  To: gentoo-commits

commit:     0fb989c6f8e9aacf1b93216cc83f6a776a0b0735
Author:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  6 21:48:32 2022 +0000
Commit:     Jakov Smolić <jsmolic <AT> gentoo <DOT> org>
CommitDate: Tue Sep  6 21:48:32 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fb989c6

app-misc/ca-certificates: Stabilize 20211016.3.80 x86, #868966

Signed-off-by: Jakov Smolić <jsmolic <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 518e78eeb2ed..c56128cd9fc2 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-06 21:37 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-09-06 21:37 UTC (permalink / raw
  To: gentoo-commits

commit:     fdb7b2d9fb45dd9adb4eeb8542e01c13cf55f4e5
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  6 21:37:27 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep  6 21:37:27 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fdb7b2d9

app-misc/ca-certificates: Stabilize 20211016.3.80 arm, #868966

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index cc4948bf1fae..518e78eeb2ed 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-09-06 21:35 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-09-06 21:35 UTC (permalink / raw
  To: gentoo-commits

commit:     c5745aa1bdecaadf79aa17f6c2aad2c6ada8f16d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  6 21:35:03 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Sep  6 21:35:03 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5745aa1

app-misc/ca-certificates: Stabilize 20211016.3.80 arm64, #868966

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
index 24e049209a49..cc4948bf1fae 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -53,7 +53,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-07-05  2:30 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-07-05  2:30 UTC (permalink / raw
  To: gentoo-commits

commit:     60d367a7338ed09a0cd47772c40c1c8f1f79376e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Jul  5 02:23:25 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Jul  5 02:23:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60d367a7

app-misc/ca-certificates: add 20211016.3.80

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.80.ebuild           | 203 +++++++++++++++++++++
 2 files changed, 204 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index af407c7a558c..e71914efa52e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,4 +2,5 @@ DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
+DIST nss-3.80.tar.gz 84841312 BLAKE2B 6244193849a9277bc68c5225b4f836309bdf07bc415b23793d14c5343f5236b27bb7552fa7fb9975f410ea4732e9fc37185fee7bb950bf5d15b478f8bdec3ba7 SHA512 db05df17fea12bf3ec83882bf761663f8f10f3a8ce9a33519c7985d6003945068adb658250cf05d8b598c34ecb4ba7ea5cdc468d9cc7bc786aedb72d7be65923
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
new file mode 100644
index 000000000000..24e049209a49
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.80.ebuild
@@ -0,0 +1,203 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# Where possible, bump to stable/LTS releases of NSS for the last part
+# of the version (when not using a pure Debian release).
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S="${WORKDIR}"
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates || die
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# If the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-06-02  5:38 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-06-02  5:38 UTC (permalink / raw
  To: gentoo-commits

commit:     c6e42e9a396b5f3cacd94c52693f86356caf4775
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  2 05:02:59 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  2 05:23:01 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c6e42e9a

app-misc/ca-certificates: add 20211016.3.79

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.79.ebuild           | 198 +++++++++++++++++++++
 2 files changed, 199 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 3bc4837f8bef..7d7bf1239476 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,4 +2,5 @@ DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
+DIST nss-3.79.tar.gz 84830113 BLAKE2B f558592bf0983d3c44f11e079512865d310b4f4c225bcc8e2058cb6a4a721d471c575965a1c2b5d0a130dcf27840da3d7b0ee8aa27fc63791414e22ef7804fa8 SHA512 d3311da3bd0e6907760390221c1307a63d84dd8ad9b85dbfdbf59fe4678341c9856b6f93235731999a1236c98dc0ac66d2dc023eb439cb696f73509dae70c41d
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild
new file mode 100644
index 000000000000..2d419bbacf28
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.79.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-04-25 15:59 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-04-25 15:59 UTC (permalink / raw
  To: gentoo-commits

commit:     38df5998a83110ef783967a17380f514c8d4dd3f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 25 15:59:21 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Apr 25 15:59:21 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38df5998

app-misc/ca-certificates: drop Python 3.7

Closes: https://bugs.gentoo.org/840803
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild | 4 ++--
 app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
index 08fedcfa8fe7..2e7b4998455b 100644
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -18,7 +18,7 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{7..10} )
+PYTHON_COMPAT=( python3_{8..10} )
 
 inherit python-any-r1
 

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
index 864b59789c1f..fdcdec274b3b 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
@@ -18,7 +18,7 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{7..10} )
+PYTHON_COMPAT=( python3_{8..10} )
 
 inherit python-any-r1
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-04-03  1:48 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-04-03  1:48 UTC (permalink / raw
  To: gentoo-commits

commit:     765d9db5019129169b505cdd62cf7f132309c018
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr  3 01:21:48 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr  3 01:47:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=765d9db5

app-misc/ca-certificates: add 20211016.3.77

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.77.ebuild           | 198 +++++++++++++++++++++
 2 files changed, 199 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6a311f5ee131..5413a3177ae8 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
+DIST nss-3.77.tar.gz 84592839 BLAKE2B a63770f550b062549901afdcc5dc2a11c4648cef6875b023895da01ef53d6afc8c618291de96ac0af3a2c2cd7aa7986f93b4f10102a3c5aca1aa1447c148c393 SHA512 bd62eeb8f90ecd2d3999fd78fea6652736c02a6530f29e98d0cad0707f3b901b30409132eb6a6d53b9f5c05c6b464615a946a2a3e255553c793e44d0ed93179e
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
new file mode 100644
index 000000000000..864b59789c1f
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.77.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2022-03-31  0:47 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2022-03-31  0:47 UTC (permalink / raw
  To: gentoo-commits

commit:     48838aca4ee8c57f9a6a166428dd935d2e14e91d
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 31 00:46:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 31 00:46:18 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48838aca

app-misc/ca-certificates: add 20211016.3.76.1

Pulling in 3.76.1 NSS to aid debugging in some
issues with people.redhat.com. This doesn't
resolve it but our last NSS version (for
ca-certs) -> 3.76.1 has a fair amount of updates,
so let's drag it in.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20211016.3.76.1.ebuild         | 198 +++++++++++++++++++++
 2 files changed, 199 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index c16439df7078..6a311f5ee131 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,4 +3,5 @@ DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf91
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
+DIST nss-3.76.1.tar.gz 84626067 BLAKE2B 5112b208f3b9528a34b1d8e3e669db067ecb79719ad16793b8cd556a02910cc29f899f2a57e959c50048c5d2b94eb3b9855208dd3c20646a719c971561f6ea4c SHA512 80d32a97501cbc05312caa5cec54fe6dd8708f01e6d15693e36a40d70433be7a35565fcc5fadfc324c998ee9093b10b2f7a89643882f06a850eda4ffd3b19c54
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.76.1.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.76.1.ebuild
new file mode 100644
index 000000000000..864b59789c1f
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.76.1.ebuild
@@ -0,0 +1,198 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+	pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+	eapply "${FILESDIR}"/${PN}-20211016.3.72-no-cryptography.patch
+	popd >/dev/null || die
+
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-11-04 19:07 Sam James
  0 siblings, 0 replies; 203+ messages in thread
From: Sam James @ 2021-11-04 19:07 UTC (permalink / raw
  To: gentoo-commits

commit:     f7c9880325c44bde2b3ffbc54f5e5c865a526709
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  4 19:07:38 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov  4 19:07:38 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7c98803

app-misc/ca-certificates: fix Python dependencies

Closes: https://bugs.gentoo.org/821706
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../ca-certificates/ca-certificates-20211016.3.72.ebuild     | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
index 589797be280..86df307180a 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
@@ -62,6 +62,8 @@ CDEPEND="app-misc/c_rehash
 BDEPEND="${CDEPEND}"
 if ! ${PRECOMPILED} ; then
 	BDEPEND+=" ${PYTHON_DEPS}"
+	# See bug #821706
+	BDEPEND+=" $(python_gen_any_dep 'dev-python/cryptography[${PYTHON_USEDEP}]')"
 fi
 
 DEPEND=""
@@ -74,11 +76,19 @@ RDEPEND="${CDEPEND}
 
 S=${WORKDIR}
 
+python_check_deps() {
+	has_version -b "dev-python/cryptography[${PYTHON_USEDEP}]"
+}
+
 pkg_setup() {
 	# For the conversion to having it in CONFIG_PROTECT_MASK,
 	# we need to tell users about it once manually first.
 	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
 		|| ewarn "You should run update-ca-certificates manually after etc-update"
+
+	if ! ${PRECOMPILED} ; then
+		python-any-r1_pkg_setup
+	fi
 }
 
 src_unpack() {
@@ -127,8 +137,8 @@ src_prepare() {
 src_compile() {
 	cd "image/${EPREFIX}" || die
 	if ! ${PRECOMPILED} ; then
-		python_setup
 		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+
 		# Grab the database from the nss sources.
 		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
 		emake -C "${d}"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-11-04 17:53 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2021-11-04 17:53 UTC (permalink / raw
  To: gentoo-commits

commit:     40cb637fa202247ede1367c368f558e7a9d00211
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  4 17:49:24 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Nov  4 17:53:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40cb637f

app-misc/ca-certificates: Bump to version 20211016.3.72

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20211016.3.72.ebuild           | 189 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index fbafdb1b077..61dca50578d 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,5 +1,7 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
+DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
+DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
new file mode 100644
index 00000000000..589797be280
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-11-04 17:53 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2021-11-04 17:53 UTC (permalink / raw
  To: gentoo-commits

commit:     eea84a633d10749f9814b5069d09cb9296ca925a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  4 17:49:52 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Nov  4 17:53:06 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eea84a63

app-misc/ca-certificates: Removed old

Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20210119.3.70.ebuild           | 189 ---------------------
 2 files changed, 190 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 61dca50578d..c16439df707 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,7 +1,6 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST ca-certificates_20211016.tar.xz 239608 BLAKE2B 9b4730b54fd9f472fe4e5427bf912d9a61d10d2c289d1e443b54cca469fa87f9e02b8f67e7e087aceceffc7dd2b4043cdb5380e2652bc619d51f3a224c64f717 SHA512 bedf072c8aa1b05b249ea272f5cecfe16bdcd762c02c712323f12ac7a278e8814453f5f3caad86a2581e451788b292ed3a76a6a81620926459bb890133cffde1
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
-DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-3.72.tar.gz 83928300 BLAKE2B d92889e27e99095a18090eff0c08b8653ef1f53f4954f5bd018df2f2903647bc71f217159bb4b11f0d6b4fb289fda20bffa2d1d207d1836dcfc33dbd4bedf511 SHA512 1d818d2ef85735837275059fecf68d57e48152f0348ea54887c29171cf029b6944e94d99a8cd96e580a81edb678b79c55515ac0516e27daf6b290c34baed9ebb
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
deleted file mode 100644
index 589797be280..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..10} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-10-15 14:33 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-10-15 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     bb3aa7f0bcd810f555dbc87a6ffa141fe6fe5f24
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 15 14:32:46 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Oct 15 14:33:05 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bb3aa7f0

app-misc/ca-certificates: bump NSS to v3.71

Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20210119.3.71.ebuild           | 189 +++++++++++++++++++++
 2 files changed, 190 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f060e3b22cf..fbafdb1b077 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,5 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
+DIST nss-3.71.tar.gz 83927933 BLAKE2B a8d683b9f9bff5390e0378ab0d55156f7cc69a52b0667658738e67e920548965e7a276dc4104547b2e6a1a6d18325c3f85b955b9c12d7f071d10930b5264207e SHA512 a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.71.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.71.ebuild
new file mode 100644
index 00000000000..589797be280
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.71.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-09-27  4:26 Robin H. Johnson
  0 siblings, 0 replies; 203+ messages in thread
From: Robin H. Johnson @ 2021-09-27  4:26 UTC (permalink / raw
  To: gentoo-commits

commit:     422191f4346143c52e585b449f369dffb577f4fd
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 27 04:25:24 2021 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Sep 27 04:26:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=422191f4

app-misc/ca-certificates: bump, internal nss tooling updates, no cert changes

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20210119.3.70.ebuild           | 189 +++++++++++++++++++++
 2 files changed, 190 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 266e112c77f..f060e3b22cf 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,4 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
+DIST nss-3.70.tar.gz 83917362 BLAKE2B 51de2e2cf5feb11045388b0badec24509d50f8bc8abd4116cbab77ff434f86a44ad4c98e533a1dd7093a9d1be9b7deb45f0426e3a173f9b2b92995cf63f2ea51 SHA512 9766282b36560d2f73ac5e90dbc3962802d6b1e8650ff9c0afbd6d2e1ff4cf8f2bc251f972344dc8a6ac5209b917aae03cc9883cb081011a7dea7bd258a95d82
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
new file mode 100644
index 00000000000..589797be280
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.70.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..10} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-05-28 19:36 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 19:36 UTC (permalink / raw
  To: gentoo-commits

commit:     6bd556aa5b92b37c8a53182f27d9d6d1894c8523
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 19:34:34 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 19:36:08 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bd556aa

app-misc/ca-certificates: bump NSS to v3.66

Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                                       | 2 +-
 ...icates-20210119.3.65.ebuild => ca-certificates-20210119.3.66.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 7a79f37c876..266e112c77f 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,3 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
-DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
+DIST nss-3.66.tar.gz 82401896 BLAKE2B ae369899af681e1c6ea8046098c83da08c2112b16d85a0eaee46e9d4f97dfb3f7c3e97eb681ec947b5648446c6db51e8f1396ec9bb6c731c9678ecf925e7f743 SHA512 327129cb065a8c19246e081e3cbc4798c81dc52eab6ee366eade151e9d308990592075c52a7c672165725fd855a0c539d56a803c26ef066561c584d693e0e467
 DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.65.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild
similarity index 100%
rename from app-misc/ca-certificates/ca-certificates-20210119.3.65.ebuild
rename to app-misc/ca-certificates/ca-certificates-20210119.3.66.ebuild


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-05-28 19:16 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-05-28 19:16 UTC (permalink / raw
  To: gentoo-commits

commit:     36eb48e212a6d2bbecc2af712a956eded8c76bbf
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri May 28 19:07:42 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri May 28 19:16:21 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36eb48e2

app-misc/ca-certificates: update CAcert Root 3 certificate

Closes: https://bugs.gentoo.org/791286
Package-Manager: Portage-3.0.19, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                                   | 4 ++--
 ...es-20210119.3.64.ebuild => ca-certificates-20210119.3.65.ebuild} | 6 +++---
 app-misc/ca-certificates/metadata.xml                               | 3 +--
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 97fbc29be05..7a79f37c876 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,3 @@
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
-DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
-DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
+DIST nss-3.65.tar.gz 82386222 BLAKE2B 4e1876a12d042b67c6654a8396611ca33d5257b07c75b55201de229f0a6860577886f38d640837d6512b30a074d05b917bae4e34263d9c0f6f4606c80b369a04 SHA512 6f980f44056c69c74754124ce16d4880fb47440146d55906584f70d1be8e74885570308914d4482b3ee676a1f5b1e529616eae8ccd6906d678394dd929dd0825
+DIST nss-cacert-class1-class3-r2.patch 21925 BLAKE2B 7627ff9a09f084c19d72d0490676865e3cab3ca7c920ae1ce4bea2db664f37fd0aa84fcda919809a516891ab2a62e2e7a43a9d6ada4c231adfe4c216525fac7d SHA512 1ce6ff9ab310aaca9005eafb461338b291df8523cc7044e096cd75774ce746c26eed19ec6bb2643c6c67f94650f2f309463492d80a90568f38ce2557f8ada2f4

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.65.ebuild
similarity index 97%
rename from app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild
rename to app-misc/ca-certificates/ca-certificates-20210119.3.65.ebuild
index 267df1da9cc..08fedcfa8fe 100644
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.65.ebuild
@@ -18,7 +18,7 @@
 
 EAPI=7
 
-PYTHON_COMPAT=( python3_{7..9} )
+PYTHON_COMPAT=( python3_{7..10} )
 
 inherit python-any-r1
 
@@ -44,7 +44,7 @@ else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r2.patch
 		)"
 fi
 
@@ -109,7 +109,7 @@ src_prepare() {
 
 		if use cacert ; then
 			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r2.patch
 			popd >/dev/null || die
 		fi
 	fi

diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index f4cf8a2a018..1a112563d71 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -7,8 +7,7 @@
 	</maintainer>
 	<use>
 		<flag name="cacert">
-			Include root certificates from CAcert (http://www.cacert.org/) and Software
-			in the Public Interest (http://www.spi-inc.org/)
+			Include root/class3 certs from CAcert (https://www.cacert.org/)
 		</flag>
 	</use>
 </pkgmetadata>


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-04-16 11:35 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-04-16 11:35 UTC (permalink / raw
  To: gentoo-commits

commit:     c4b73928b2c215abba3051ea2461b9dde65006c8
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 16 11:31:23 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 11:34:03 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4b73928

app-misc/ca-certificates: update Chambersign Root trust bit

Bug: https://bugzilla.mozilla.org/1703090
Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20210119.3.64.ebuild           | 189 +++++++++++++++++++++
 2 files changed, 190 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 80d95f577f4..c81c39163c3 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,5 +3,6 @@ DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
 DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
+DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild
new file mode 100644
index 00000000000..267df1da9cc
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.64.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-04-16 11:35 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-04-16 11:35 UTC (permalink / raw
  To: gentoo-commits

commit:     aa2a5cc80f635cac9a5e3f0f47cbd2c5d902d317
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 16 11:32:50 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Fri Apr 16 11:34:03 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa2a5cc8

app-misc/ca-certificates: drop old

Package-Manager: Portage-3.0.18, Repoman-3.0.3
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   5 -
 .../ca-certificates-20200601.3.53.ebuild           | 184 --------------------
 .../ca-certificates-20200601.3.60.ebuild           | 189 ---------------------
 .../ca-certificates-20210119.3.62.ebuild           | 189 ---------------------
 4 files changed, 567 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index c81c39163c3..97fbc29be05 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,3 @@
-DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
-DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
-DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
-DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
 DIST nss-3.64.tar.gz 82173054 BLAKE2B 4786a1ff6f4e47dbb6bfef6a2bc47ffeac51aa37f12168872d23799b8d6ca440578acf512e9ec7563ef64331d3fd84c387f17e41afa2ee30d8623c6f66207631 SHA512 0a85e1f64f97670f70596d8a479693939ca454025a4b3bbd557a54ed683ffed625c670fef6a6e3440365af9aa472384f84464942381b1c093659f6a6a222ba04
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
-DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
deleted file mode 100644
index 79e083a4e35..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED}; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]]; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CAcert_Inc..crt \
-				"${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
deleted file mode 100644
index 2f777c592fc..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
deleted file mode 100644
index 267df1da9cc..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-CDEPEND="app-misc/c_rehash
-	sys-apps/debianutils"
-
-BDEPEND="${CDEPEND}"
-if ! ${PRECOMPILED} ; then
-	BDEPEND+=" ${PYTHON_DEPS}"
-fi
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-
-RDEPEND="${CDEPEND}
-	${DEPEND}"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED} ; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CA_Cert_Signing_Authority.crt \
-				"${c}"/cacert.org/cacert.org_class1.crt || die
-			mv "${d}"/CAcert_Class_3_Root.crt \
-				"${c}"/cacert.org/cacert.org_class3.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-03-17 20:49 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2021-03-17 20:49 UTC (permalink / raw
  To: gentoo-commits

commit:     3ea5ecf97beb82a15448e51a5a08584703bb3333
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 17 20:49:33 2021 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Wed Mar 17 20:49:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ea5ecf9

app-misc/ca-certificates: rollover stable keywords

Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
index 2f777c592fc..f49a7923491 100644
--- a/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
@@ -50,7 +50,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-02-21 12:10 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2021-02-21 12:10 UTC (permalink / raw
  To: gentoo-commits

commit:     b3f5acdfaeb90cd552b4c57180f87130c48f59d3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 12:09:27 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 12:10:30 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3f5acdf

app-misc/ca-certificates: Bump to version 20210119.3.62

Bug: https://bugs.gentoo.org/771861
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20210119.3.62.ebuild           | 189 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 9034070f826..9591e5381d7 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,6 +1,8 @@
 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
+DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
+DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild b/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
new file mode 100644
index 00000000000..2f777c592fc
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20210119.3.62.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-02-21 12:10 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2021-02-21 12:10 UTC (permalink / raw
  To: gentoo-commits

commit:     1dbaede6fdcedd4c05945f5899e2c91eb51fff66
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Feb 21 12:10:22 2021 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Feb 21 12:10:30 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dbaede6

app-misc/ca-certificates: Removed old

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20200601.3.59.ebuild           | 184 ---------------------
 2 files changed, 185 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 9591e5381d7..80d95f577f4 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,7 +1,6 @@
 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
 DIST ca-certificates_20210119.tar.xz 232964 BLAKE2B 593352912d2b490e3f46ea032ac1ddf1c87a7ac93859d475461cbba490918cdec853b0bb30bb253a634d8d597ca6f0304bc81122b4b31b5b31fd6a80e1faaf33 SHA512 a824209fa0ff0865872a07d8e6b901d8407f599243810fd5c820e1f69226e05b0b4f1e25e5ff3d8d398ff952529084442f026e32220961f359f6323f6bf03373
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
-DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
 DIST nss-3.62.tar.gz 82159506 BLAKE2B 9abd7504766fb57214a16608a7299f8cf6d25c9a4e285665eabd812bce536ba244b698de31fd53796148f3856e4bee6c8a03ce5b6c5234a9337d7af8f300f007 SHA512 7044008ea8e5d6f658da96e202a896e24a1ffa29d7ca862f32ed37cfa09adf8c2d5fbc371e3af6bc5151b2d1216c38207976b41888d5ad8efd4dc3049cb5831d
 DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
deleted file mode 100644
index 65559a6386b..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging user reports, refer to our wiki for tips:
-# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{7..9} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if ! ${PRECOMPILED}; then
-		default
-		# Initial 20200601 deb release had bad naming inside the debian source tarball.
-		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
-		DEB_BAD_S="${WORKDIR}/work"
-		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]]; then
-			mv "${DEB_BAD_S}" "${DEB_S}"
-		fi
-	fi
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CAcert_Inc..crt \
-				"${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2021-02-15 23:44 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2021-02-15 23:44 UTC (permalink / raw
  To: gentoo-commits

commit:     9aabfb1b53560cbdcd3c6b1de6582cc7721b2801
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 15 23:43:30 2021 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Feb 15 23:43:30 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9aabfb1b

app-misc/ca-certificates: move debugging tips to the wiki

Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>

 .../ca-certificates/ca-certificates-20200601.3.53.ebuild     | 12 ++----------
 .../ca-certificates/ca-certificates-20200601.3.59.ebuild     | 12 ++----------
 .../ca-certificates/ca-certificates-20200601.3.60.ebuild     | 12 ++----------
 3 files changed, 6 insertions(+), 30 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
index 0858beed32b..db37dd8ef65 100644
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
@@ -13,16 +13,8 @@
 # now we know our cert database is kept in sync with nss and, if need be,
 # can be sync with nss tip of tree more frequently to respond to bugs.
 
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
 
 EAPI=6
 

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
index de868281fd5..65559a6386b 100644
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
@@ -13,16 +13,8 @@
 # now we know our cert database is kept in sync with nss and, if need be,
 # can be sync with nss tip of tree more frequently to respond to bugs.
 
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
 
 EAPI=6
 

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
index efcdad63373..2f777c592fc 100644
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
@@ -13,16 +13,8 @@
 # now we know our cert database is kept in sync with nss and, if need be,
 # can be sync with nss tip of tree more frequently to respond to bugs.
 
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+# When triaging user reports, refer to our wiki for tips:
+# https://wiki.gentoo.org/wiki/Certificates#Debugging_certificate_issues
 
 EAPI=7
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-12-14 21:42 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2020-12-14 21:42 UTC (permalink / raw
  To: gentoo-commits

commit:     79ddcb7fb3fa4eb0d5c98db159db5f08f3c2fcb7
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Dec 14 21:40:39 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Dec 14 21:42:40 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=79ddcb7f

app-misc/ca-certificates: bump

- Migrate to EAPI 7.

- Update CAcert.org certificates.

Closes: https://bugs.gentoo.org/711514
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20200601.3.60.ebuild           | 197 +++++++++++++++++++++
 2 files changed, 199 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 0475509dd8e..9034070f826 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,6 @@
 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
+DIST nss-3.60.tar.gz 82035831 BLAKE2B fffc0e26d58d4625be1b8b0123f248a0c7994b18868ece534ba4d60131dd4897d075d7b2dba672c31ccd333e0c18ea384e2aa2f495c23b5430d6d10b91922873 SHA512 6463b2da28b5d9f1f20d45f77a3179e2b93c874af5742c7fc51eb7c44cef93270acacf79174dc63905f227256cbcee23a36f98f1cfed10dd5c56ffc0a76e2695
+DIST nss-cacert-class1-class3-r1.patch 22503 BLAKE2B d2ba6b5c3675484dab5b6709478101a9dadc0baded3dbf891dcd04e5eb912079b87cdd17f893a0f539a2a53fb05357c6dd309fb624facac3b021c82c7424a91f SHA512 68906d2442986ad13ebf9cd97c26fac34af3efd5cfaacb3d7824adad966349ad796c9cec8dec44c46d5c571df88ce83aea02ce82e71da337aa4e1aeef58eda66
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
new file mode 100644
index 00000000000..5a9c6f7d4b4
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.60.ebuild
@@ -0,0 +1,197 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~whissi/dist/ca-certificates/nss-cacert-class1-class3-r1.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+CDEPEND="app-misc/c_rehash
+	sys-apps/debianutils"
+
+BDEPEND="${CDEPEND}"
+if ! ${PRECOMPILED} ; then
+	BDEPEND+=" ${PYTHON_DEPS}"
+fi
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+
+RDEPEND="${CDEPEND}
+	${DEPEND}"
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED} ; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]] ; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply "${DISTDIR}"/nss-cacert-class1-class3-r1.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CA_Cert_Signing_Authority.crt \
+				"${c}"/cacert.org/cacert.org_class1.crt || die
+			mv "${d}"/CAcert_Class_3_Root.crt \
+				"${c}"/cacert.org/cacert.org_class3.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-11-14 22:56 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2020-11-14 22:56 UTC (permalink / raw
  To: gentoo-commits

commit:     336a156b2c2f5695b6f26f35c2cb382440aedbf5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 14 22:54:49 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Nov 14 22:56:24 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=336a156b

app-misc/ca-certificates: bump

Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20200601.3.59.ebuild           | 192 +++++++++++++++++++++
 2 files changed, 193 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 77cdd3b812f..0475509dd8e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,4 @@
 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
+DIST nss-3.59.tar.gz 82141516 BLAKE2B 74959b14ec42b4628dfc3365af00420cdbd41d202541e9379f6a4448c4496b76307af48c9ec405b370f8770327ce56742b4382f8cd49724b42732ce5cc5b0779 SHA512 8963e846f2ff7222457ae59f042672cf4e44f7752807226f46c215a772fd1cbd65d0ce634da4afb698eabd4eb1c1e78146cc2a089339ada11da03d259c609a38
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
new file mode 100644
index 00000000000..59af3fcebb1
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.59.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python3_{6..9} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit eapi7-ver
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED}; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]]; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CAcert_Inc..crt \
+				"${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-10-06 16:36 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2020-10-06 16:36 UTC (permalink / raw
  To: gentoo-commits

commit:     1d1fb6685105ab33101947f6c0076eb21b339e2b
Author:     Volkmar W. Pogatzki <gentoo <AT> pogatzki <DOT> net>
AuthorDate: Tue Oct  6 14:23:07 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct  6 16:36:00 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d1fb668

app-misc/ca-certificates: python3_9

Closes: https://bugs.gentoo.org/745063
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Volkmar W. Pogatzki <gentoo <AT> pogatzki.net>
Closes: https://github.com/gentoo/gentoo/pull/17820
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
index 42e6aad920a..eeca491e653 100644
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
@@ -26,7 +26,7 @@
 
 EAPI=6
 
-PYTHON_COMPAT=( python3_{6,7,8} )
+PYTHON_COMPAT=( python3_{6..9} )
 
 inherit eutils python-any-r1
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-08-20 15:08 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2020-08-20 15:08 UTC (permalink / raw
  To: gentoo-commits

commit:     422bad9e2868d936cee3fc6f11706c7aeb1c76e6
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 20 15:08:30 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Thu Aug 20 15:08:38 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=422bad9e

app-misc/ca-certificates: drop old

Package-Manager: Portage-3.0.3, Repoman-3.0.0
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 -
 .../ca-certificates-20190110.3.43.ebuild           | 184 ---------------------
 .../ca-certificates-20190110.3.53.ebuild           | 184 ---------------------
 3 files changed, 370 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index e62e401ce09..77cdd3b812f 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,5 +1,3 @@
-DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
 DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
-DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
deleted file mode 100644
index 21fd74495d0..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CAcert_Inc..crt \
-				"${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
deleted file mode 100644
index 0297708d122..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CAcert_Inc..crt \
-				"${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-06-02 17:28 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2020-06-02 17:28 UTC (permalink / raw
  To: gentoo-commits

commit:     35c6a6c057ef9ecfa89353a0b5485693703cca4e
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  2 17:27:45 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Jun  2 17:27:45 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35c6a6c0

app-misc/ca-certificates: amd64 stable, applying all arches policy

Closes: https://bugs.gentoo.org/726794
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
index 34b904b2117..42e6aad920a 100644
--- a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-06-02 17:13 Robin H. Johnson
  0 siblings, 0 replies; 203+ messages in thread
From: Robin H. Johnson @ 2020-06-02 17:13 UTC (permalink / raw
  To: gentoo-commits

commit:     617b767f5022f81117e028e258d8b0e008594a31
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  2 16:48:35 2020 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Tue Jun  2 17:13:18 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=617b767f

app-misc/ca-certificates: bump

Bump to unreleased latest Debian sources which haven't been formally
announced but are available via the Debian git systems.

Removes expired AddTrust External CA root causing problems with GnuTLS &
OpenSSL 1.0.

Closes: https://bugs.gentoo.org/726412
Bug: https://bugs.gentoo.org/show_bug.cgi?id=726650
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20200601.3.53.ebuild           | 192 +++++++++++++++++++++
 2 files changed, 193 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index b42b17c308c..e62e401ce09 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,5 @@
 DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
+DIST ca-certificates_20200601.tar.xz 245668 BLAKE2B 1249782dba046f52832d365e4770e02ed24c0b50bff4ceec5e5af932c807eb8120f8e3bc7858503e74789ecb2da577509819f3ffdf9bd1ec5cc22d61f2194ad5 SHA512 7bfd3122430be0a46bd10dcb0e0664561d1e0b2656b9f37677d89f71a1dcb0e668c25ffe08412888125fa9a53ee8245a4b3fc1004c419a159766665b1241113c
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
new file mode 100644
index 00000000000..34b904b2117
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20200601.3.53.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit eapi7-ver
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	if ! ${PRECOMPILED}; then
+		default
+		# Initial 20200601 deb release had bad naming inside the debian source tarball.
+		DEB_S="${WORKDIR}/${PN}-${DEB_VER}"
+		DEB_BAD_S="${WORKDIR}/work"
+		if [[ -d "${DEB_BAD_S}" ]] && [[ ! -d "${DEB_S}" ]]; then
+			mv "${DEB_BAD_S}" "${DEB_S}"
+		fi
+	fi
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CAcert_Inc..crt \
+				"${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-06-01 22:56 Robin H. Johnson
  0 siblings, 0 replies; 203+ messages in thread
From: Robin H. Johnson @ 2020-06-01 22:56 UTC (permalink / raw
  To: gentoo-commits

commit:     199aab84e909a786b64e171a3c84b5337575d877
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Mon Jun  1 22:55:43 2020 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Mon Jun  1 22:56:26 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=199aab84

app-misc/ca-certificates: bump

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20190110.3.53.ebuild           | 184 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index e38a2df15b4..b42b17c308c 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,4 @@
 DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
+DIST nss-3.53.tar.gz 81178428 BLAKE2B 5e67b02bf0ba9390311d77ee4d7b86fd7339bd4f7d830b32563799e4eef126143f0b76b2933ad14c5c5d3da6cb3fa0e670aca7ce9654316123abadce25a728ec SHA512 280edf24356b764584200bff949af4a7f88514ee8ac80bf5348a9a844a8b1eb263e9aa1d772644bd8bb1bd195c12b6cc173280cfc88cd97e56562e1c40e71503
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
new file mode 100644
index 00000000000..0297708d122
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.53.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit eapi7-ver
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CAcert_Inc..crt \
+				"${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2020-04-17 20:59 Andreas Sturmlechner
  0 siblings, 0 replies; 203+ messages in thread
From: Andreas Sturmlechner @ 2020-04-17 20:59 UTC (permalink / raw
  To: gentoo-commits

commit:     25c7a82f1f1bc10c4069aab8af94d74378fa0ebe
Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 17 19:10:18 2020 +0000
Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Fri Apr 17 20:52:36 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25c7a82f

app-misc/ca-certificates: python3_8 support

Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
index 5e4f5479ce6..79af3785f29 100644
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
@@ -26,7 +26,7 @@
 
 EAPI=6
 
-PYTHON_COMPAT=( python3_{6,7} )
+PYTHON_COMPAT=( python3_{6,7,8} )
 
 inherit eutils python-any-r1
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-07-18  8:25 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2019-07-18  8:25 UTC (permalink / raw
  To: gentoo-commits

commit:     94cbe41b90f996a6ab429d15e473398dee5a2c7b
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 18 08:21:39 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jul 18 08:24:47 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94cbe41b

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   3 -
 .../ca-certificates-20180409.3.37.ebuild           | 179 --------------------
 .../ca-certificates-20190110.3.42.1.ebuild         | 184 ---------------------
 3 files changed, 366 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 191e3d5659a..e38a2df15b4 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,6 +1,3 @@
-DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
 DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
-DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
-DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
deleted file mode 100644
index 520f0435104..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
deleted file mode 100644
index db441817372..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_{5,6,7}} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}" || die
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin || die
-		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
-			usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null || die
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs \
-			etc/ca-certificates/update.d \
-			"${c}"/mozilla \
-			|| die
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org || die
-			mv "${d}"/CAcert_Inc..crt \
-				"${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-		echo "# Automatically generated by ${CATEGORY}/${PF}"
-		echo "# $(date -u)"
-		echo "# Do not edit."
-		cd "${c}" || die
-		find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ${PN}-${DEB_VER} || die
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-07-18  8:25 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2019-07-18  8:25 UTC (permalink / raw
  To: gentoo-commits

commit:     e0907a5b9a0975043f3a89581bab8aef8b07b5f5
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 18 08:20:50 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jul 18 08:24:15 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0907a5b

app-misc/ca-certificates: Version 20190110.3.43 stable for all arches

Closes: https://bugs.gentoo.org/690126
Package-Manager: Portage-2.3.69, Repoman-2.3.16
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
index 983ad6395ef..ef37fa527af 100644
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-07-18  8:16 Agostino Sarubbo
  0 siblings, 0 replies; 203+ messages in thread
From: Agostino Sarubbo @ 2019-07-18  8:16 UTC (permalink / raw
  To: gentoo-commits

commit:     514b6c1e357df7370c502109a7c92ef72c4142f6
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Thu Jul 18 08:16:06 2019 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Thu Jul 18 08:16:10 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=514b6c1e

app-misc/ca-certificates: s390 stable wrt bug #690126

Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>
Package-Manager: Portage-2.3.66, Repoman-2.3.11
RepoMan-Options: --include-arches="s390"

 app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
index c0e17c48779..983ad6395ef 100644
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-05-04 10:35 Andreas K. Hüttel
  0 siblings, 0 replies; 203+ messages in thread
From: Andreas K. Hüttel @ 2019-05-04 10:35 UTC (permalink / raw
  To: gentoo-commits

commit:     a05599297beea4167821e83dea85e7e155650732
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Sat May  4 10:31:21 2019 +0000
Commit:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Sat May  4 10:31:21 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0559929

app-misc/ca-certificates: keyword ~riscv

Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Andreas K. Hüttel <dilfridge <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
index db441817372..c0e17c48779 100644
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-03-18 14:29 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2019-03-18 14:29 UTC (permalink / raw
  To: gentoo-commits

commit:     74b812c2349cd9c9e2b1ef6146e5bcfbdbe7ec92
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 18 14:29:17 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Mar 18 14:29:38 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74b812c2

app-misc/ca-certificates: Bump to version 20190110.3.43

Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20190110.3.43.ebuild           | 184 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 45754412ffb..191e3d5659a 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,4 +2,5 @@ DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee
 DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
+DIST nss-3.43.tar.gz 23466026 BLAKE2B 1b43036daeedea1643a7fe1a8defa167097997efec529417c4857eaa29d453b6a588f462078f13662193d58dfd8f9566c22d729729591934ef154b9befb8f98d SHA512 e9dfba5bd6f68c5ab58fc7a6fa1b16a035be1b1b7c436cf787bdc99257c5f54c78d73d94d015bffd29420df19b2a2818166c68fe592dd7208ab5605344827fb5
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
new file mode 100644
index 00000000000..5bb10882fbc
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.43.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit eapi7-ver
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CAcert_Inc..crt \
+				"${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-02-19 12:28 Fabian Groffen
  0 siblings, 0 replies; 203+ messages in thread
From: Fabian Groffen @ 2019-02-19 12:28 UTC (permalink / raw
  To: gentoo-commits

commit:     739f97fa0240cb1673fdd0ca4eb182e47ef566b3
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 19 12:27:52 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Tue Feb 19 12:28:47 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=739f97fa

app-misc/ca-certificates: fix double prefix

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.51, Repoman-2.3.11

 app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
index 1fc190158c6..5bb10882fbc 100644
--- a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
@@ -157,7 +157,7 @@ src_compile() {
 }
 
 src_install() {
-	cp -pPR image/* "${ED}"/ || die
+	cp -pPR image/* "${D}"/ || die
 	if ! ${PRECOMPILED} ; then
 		cd ${PN}-${DEB_VER} || die
 		doman sbin/*.8


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-02-18  9:02 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2019-02-18  9:02 UTC (permalink / raw
  To: gentoo-commits

commit:     4ceee380da2876430e00d913a714173290ad02b8
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 18 09:02:08 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Feb 18 09:02:08 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ceee380

app-misc/ca-certificates: Bump to version 20190110.3.42.1

Package-Manager: Portage-2.3.61, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20190110.3.42.1.ebuild         | 184 +++++++++++++++++++++
 2 files changed, 186 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f559af13ed9..45754412ffb 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,3 +1,5 @@
 DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
+DIST ca-certificates_20190110.tar.xz 243472 BLAKE2B b63e541fcf611712634f8c7fd2da5f189b999c39118047a7e2fd43ddd5e0fbefeaa08788363482a02be55a347447d4cc95f1505bf869accf9cd847578ad2e879 SHA512 9ce2661018edb120d0ef5bd3ed52c0f73f577d7607d135a31730549f5eb4176db4865cdb8bde77a78dc3efb8968846da5e72af8a833a9da2a8a7deb4f1560372
 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
+DIST nss-3.42.1.tar.gz 23416408 BLAKE2B 9c008ce599f3cc4de50af3a32f680e16058a42df7a844aa8f151c729a1c783177d8410b0aa2ea9887f5e69a359d84b655b78808fd817b8ccdeae458d9c7b4488 SHA512 468e1d4ea9d2b832c7b8975443ee6fe2790b39cbbd9f8e3d8428a43f47cce0e81d5ca21e3566701b75bcd4af09110c0134e204b2850d30ecfd6347ec27e6e265
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
new file mode 100644
index 00000000000..1fc190158c6
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20190110.3.42.1.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit eapi7-ver
+
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in ${WORKDIR}.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}" || die
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin || die
+		cp -p "${S}"/${PN}-${DEB_VER}/sbin/update-ca-certificates \
+			usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null || die
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null || die
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}-${DEB_VER}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs \
+			etc/ca-certificates/update.d \
+			"${c}"/mozilla \
+			|| die
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org || die
+			mv "${d}"/CAcert_Inc..crt \
+				"${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+		echo "# Automatically generated by ${CATEGORY}/${PF}"
+		echo "# $(date -u)"
+		echo "# Do not edit."
+		cd "${c}" || die
+		find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${ED}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ${PN}-${DEB_VER} || die
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [[ -d "${EROOT%/}/usr/local/share/ca-certificates" ]] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT%/}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [[ -n "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l)" ]] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT%/}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-01-07 19:53 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2019-01-07 19:53 UTC (permalink / raw
  To: gentoo-commits

commit:     2c00aa56056878ddb20ecd9f171c155d76a875bd
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  7 19:51:41 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  7 19:53:03 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c00aa56

app-misc/ca-certificates: drop old

Package-Manager: Portage-2.3.54, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   2 -
 .../ca-certificates-20170717.3.36.1.ebuild         | 190 ---------------------
 .../ca-certificates-20180409.3.36.1-r1.ebuild      | 179 -------------------
 app-misc/ca-certificates/metadata.xml              |   3 -
 4 files changed, 374 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f871a29de34..f559af13ed9 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,5 +1,3 @@
-DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020fca9bcd5ef7066ae3cef195cbf9755f8b8e800a8e4076662fa1b7da600c2235e49048eb6e1166b0618fc7685221ab790fed3 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6
 DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
-DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
deleted file mode 100644
index 4a23bdb1939..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
deleted file mode 100644
index c956522df0e..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
+++ /dev/null
@@ -1,179 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit eapi7-ver
-
-	DEB_VER=$(ver_cut 1)
-	NSS_VER=$(ver_cut 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		-e 's/openssl rehash/c_rehash/' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index 3aa7f10648b..f4cf8a2a018 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -10,8 +10,5 @@
 			Include root certificates from CAcert (http://www.cacert.org/) and Software
 			in the Public Interest (http://www.spi-inc.org/)
 		</flag>
-		<flag name="insecure_certs">
-			Install certificates which are known to be untrustworthy.
-		</flag>
 	</use>
 </pkgmetadata>


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2019-01-07 19:53 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2019-01-07 19:53 UTC (permalink / raw
  To: gentoo-commits

commit:     ef40be898014a1bb6e98c8d70f025c0ae853abc0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  7 19:49:52 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Jan  7 19:53:01 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef40be89

app-misc/ca-certificates: x86 stable, apply ALLARCHES policy

Package-Manager: Portage-2.3.54, Repoman-2.3.12
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
index 0c84a91f786..6dcf1e3837c 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-12-25 20:18 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-12-25 20:18 UTC (permalink / raw
  To: gentoo-commits

commit:     567c3ae4203866db5c6abb73dc81b077898d12e8
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 25 20:18:03 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Dec 25 20:18:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=567c3ae4

app-misc/ca-certificates: Replaced versionator with eapi7-ver eclass

Package-Manager: Portage-2.3.52, Repoman-2.3.12
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild   | 8 ++++----
 .../ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild     | 8 ++++----
 app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild     | 6 +++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index 46bb9dc1285..4a23bdb1939 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -33,10 +33,10 @@ inherit eutils python-any-r1
 if [[ ${PV} == *.* ]] ; then
 	# Compile from source ourselves.
 	PRECOMPILED=false
-	inherit versionator
+	inherit eapi7-ver
 
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
 	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
 else
 	# Debian precompiled version.

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
index fbbb928d022..c956522df0e 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -33,10 +33,10 @@ inherit eutils python-any-r1
 if [[ ${PV} == *.* ]] ; then
 	# Compile from source ourselves.
 	PRECOMPILED=false
-	inherit versionator
+	inherit eapi7-ver
 
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
 	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
 else
 	# Debian precompiled version.

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
index 95efb82e672..0c84a91f786 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
@@ -33,10 +33,10 @@ inherit eutils python-any-r1
 if [[ ${PV} == *.* ]] ; then
 	# Compile from source ourselves.
 	PRECOMPILED=false
-	inherit versionator
+	inherit eapi7-ver
 
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
+	DEB_VER=$(ver_cut 1)
+	NSS_VER=$(ver_cut 2-)
 	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
 else
 	# Debian precompiled version.


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-10-01 14:03 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-10-01 14:03 UTC (permalink / raw
  To: gentoo-commits

commit:     98b19a8771dec5cb1be3fbb0400ad9fd35f1bb6a
Author:     Philipp Ammann <philipp.ammann <AT> posteo <DOT> de>
AuthorDate: Sat Sep 22 17:45:16 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Oct  1 14:03:24 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98b19a87

app-misc/ca-certificates: PYTHON_COMPAT+="python3_7"

Package-Manager: Portage-2.3.49, Repoman-2.3.11
Signed-off-by: Philipp Ammann <philipp.ammann <AT> posteo.de>
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/9950

 app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
index fbbb928d022..95efb82e672 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # The Debian ca-certificates package merely takes the CA database as it exists
@@ -26,7 +26,7 @@
 
 EAPI=6
 
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6,3_7} )
 
 inherit eutils python-any-r1
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-05-08  8:47 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-05-08  8:47 UTC (permalink / raw
  To: gentoo-commits

commit:     f153ad14bc98813fee11b927a8429b341c8e880f
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue May  8 08:46:41 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue May  8 08:47:00 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f153ad14

app-misc/ca-certificates: Bump to version 20180409.3.37

Package-Manager: Portage-2.3.36, Repoman-2.3.9

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20180409.3.37.ebuild           | 179 +++++++++++++++++++++
 2 files changed, 180 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 579c2f900bd..f871a29de34 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,4 +1,5 @@
 DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020fca9bcd5ef7066ae3cef195cbf9755f8b8e800a8e4076662fa1b7da600c2235e49048eb6e1166b0618fc7685221ab790fed3 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6
 DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
+DIST nss-3.37.tar.gz 23027581 BLAKE2B 0ce7190a029321d5620dc8b9aedf1f4252c53dbef57149afbad432b6bc4b590db026505d23f5c766827d5c0179ab931b8a0435a2e9785eff3db515ed7211e512 SHA512 ad5175f126705f57092ac80421ac005bcc32bb18a4a44a527df25994fa90b3bc18af08506683564f619a22076f71232e2b3c9e6e25d6312d0bfed63684139103
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
new file mode 100644
index 00000000000..8d5bc12f58e
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.37.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-22 17:34 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2018-04-22 17:34 UTC (permalink / raw
  To: gentoo-commits

commit:     add4b2f79eba041041d1e75f3bc46cdde023d6c0
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 22 17:32:35 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sun Apr 22 17:32:35 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=add4b2f7

app-misc/ca-certificates: Apply ALLARCHES policy

Bug: https://bugs.gentoo.org/653444
Package-Manager: Portage-2.3.31, Repoman-2.3.9

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index dc3945a6087..a3ffec2423c 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-20  6:54 Sergei Trofimovich
  0 siblings, 0 replies; 203+ messages in thread
From: Sergei Trofimovich @ 2018-04-20  6:54 UTC (permalink / raw
  To: gentoo-commits

commit:     368eec01984d22d2a4e58bb0e9cddd94b278f978
Author:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 20 06:53:03 2018 +0000
Commit:     Sergei Trofimovich <slyfox <AT> gentoo <DOT> org>
CommitDate: Fri Apr 20 06:53:57 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=368eec01

app-misc/ca-certificates: stable 20170717.3.36.1 for ia64, bug #653444

Bug: https://bugs.gentoo.org/653444
Package-Manager: Portage-2.3.28, Repoman-2.3.9
RepoMan-Options: --include-arches="ia64"

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index 5b01a9bdb8e..dc3945a6087 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-18 11:31 Mikle Kolyada
  0 siblings, 0 replies; 203+ messages in thread
From: Mikle Kolyada @ 2018-04-18 11:31 UTC (permalink / raw
  To: gentoo-commits

commit:     03239509c9a78fa70b856bd1ee73260a400d475f
Author:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 11:31:46 2018 +0000
Commit:     Mikle Kolyada <zlogene <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 11:31:46 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03239509

app-misc/ca-certificates: amd64 stable wrt bug #653444

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index 006821e9218..5b01a9bdb8e 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-18  8:27 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-04-18  8:27 UTC (permalink / raw
  To: gentoo-commits

commit:     d918cce6210806d599ca19d622cf020cec633afc
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 08:26:10 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 08:27:14 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d918cce6

app-misc/ca-certificates: Dropped "insecure_certs" USE flag.

This also removes the now empty elog message about "removed certs".

Closes: https://bugs.gentoo.org/653456
Closes: https://bugs.gentoo.org/653458
Package-Manager: Portage-2.3.30, Repoman-2.3.9

 .../ca-certificates-20180409.3.36.1-r1.ebuild            | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
index d3eccf90357..8d5bc12f58e 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
@@ -60,7 +60,7 @@ fi
 LICENSE="MPL-1.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
+IUSE=""
 ${PRECOMPILED} || IUSE+=" cacert"
 
 DEPEND=""
@@ -105,7 +105,7 @@ src_prepare() {
 
 		if use cacert ; then
 			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			eapply -p0 "${DISTDIR}"/nss-cacert-class1-class3.patch
 			popd >/dev/null
 		fi
 	fi
@@ -140,18 +140,6 @@ src_compile() {
 		mv usr/share/doc/{ca-certificates,${PF}} || die
 	fi
 
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
 	(
 	echo "# Automatically generated by ${CATEGORY}/${PF}"
 	echo "# $(date -u)"


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-18  8:27 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-04-18  8:27 UTC (permalink / raw
  To: gentoo-commits

commit:     f28dc8df5d0fd945c9e426fcac9edcf182a206ba
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 08:26:55 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 08:27:16 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f28dc8df

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.30, Repoman-2.3.9

 app-misc/ca-certificates/Manifest                  |   2 -
 .../ca-certificates-20170717.3.35.ebuild           | 190 ---------------------
 .../ca-certificates-20170717.3.36.ebuild           | 190 ---------------------
 3 files changed, 382 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 0857b0caa8f..3a6e33dc89c 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,7 +3,5 @@ DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020
 DIST ca-certificates_20180409.tar.xz 246908 BLAKE2B b553d4347f1a5b88fe59c7269dee617f61cde54d4df1a3aa4b3a7e9aa4b2ee81415e5c421352505ca4b2e0e480b053ccb04024bddfb51450d298d8fdd0567c36 SHA512 e0742da19416d367618547107cc0f1cc045d5ba62c30fb7238e0e36ec0d19ea48e2ffdee2c68a9f06954025c58db9a5376f149e221ede95a3a029cda39d86a53
 DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74c1489bcecf0229b6f19f5bbcc66e9625ac74b655c55897450400090c19eac92c035276c8815fcf98bac945c SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
-DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
-DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild
deleted file mode 100644
index 198af98ddbf..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild
deleted file mode 100644
index 198af98ddbf..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-18  4:37 Mart Raudsepp
  0 siblings, 0 replies; 203+ messages in thread
From: Mart Raudsepp @ 2018-04-18  4:37 UTC (permalink / raw
  To: gentoo-commits

commit:     81f73e4686a91f0d671af8fb029399be86a2509f
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 18 04:29:07 2018 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Wed Apr 18 04:29:07 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=81f73e46

app-misc/ca-certificates-20170717.3.36.1: arm64 stable (bug #653444)

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index 9b096a73763..006821e9218 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-17 22:50 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2018-04-17 22:50 UTC (permalink / raw
  To: gentoo-commits

commit:     0fe7dddfab70cfb7405f61e8d69b42ac2194e0c3
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 22:48:13 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 22:49:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0fe7dddf

app-misc/ca-certificates: x86 stable (bug #653444)

Package-Manager: Portage-2.3.30, Repoman-2.3.9

 app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
index 198af98ddbf..9b096a73763 100644
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-17 16:01 Thomas Deutschmann
  0 siblings, 0 replies; 203+ messages in thread
From: Thomas Deutschmann @ 2018-04-17 16:01 UTC (permalink / raw
  To: gentoo-commits

commit:     03f9b674ca3315198c72849e8dd77583974759c2
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 17 16:00:26 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Apr 17 16:01:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=03f9b674

app-misc/ca-certificates: Fix update-ca-certificates to use c_rehash

Closes: https://bugs.gentoo.org/653382
Package-Manager: Portage-2.3.28, Repoman-2.3.9

 ...-20180409.3.36.1.ebuild => ca-certificates-20180409.3.36.1-r1.ebuild} | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
similarity index 99%
rename from app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild
rename to app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
index 198af98ddbf..d3eccf90357 100644
--- a/app-misc/ca-certificates/ca-certificates-20180409.3.36.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20180409.3.36.1-r1.ebuild
@@ -116,6 +116,7 @@ src_prepare() {
 	sed -i \
 		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
 		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		-e 's/openssl rehash/c_rehash/' \
 		usr/sbin/update-ca-certificates || die
 }
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-04-11  8:19 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-04-11  8:19 UTC (permalink / raw
  To: gentoo-commits

commit:     ad2b37e96e313036b813917f0a90800790e89509
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Apr 11 08:18:52 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Apr 11 08:19:53 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad2b37e9

app-misc/ca-certificates: Bump to version 20170717.3.36.1

Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20170717.3.36.1.ebuild         | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 93b207fadad..da8b816e732 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,5 +3,6 @@ DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020
 DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74c1489bcecf0229b6f19f5bbcc66e9625ac74b655c55897450400090c19eac92c035276c8815fcf98bac945c SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
+DIST nss-3.36.1.tar.gz 23026430 BLAKE2B 76eaf5b24f8954a4e14cf556912250a3ddb7b333054a2ea4ee3d218493a8f12c77a37455aae354ef6ddd9bd55c33a269dad515806d70ef38727fa8a382d47fd4 SHA512 096fe4360b6d584a746ac6156830f8cff821fd173bd889d7a396238919328a227fa4ebb46f738970a4001773046f3dd4f4675b85ff6de8420a4a7657b3ba0c65
 DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
new file mode 100644
index 00000000000..198af98ddbf
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.1.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-03-07  9:14 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-03-07  9:14 UTC (permalink / raw
  To: gentoo-commits

commit:     cde9eee69741561fb2c817c2faeb85000dd701f1
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  7 09:13:53 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  7 09:13:53 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cde9eee6

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20170717.3.34.1.ebuild         | 190 ---------------------
 2 files changed, 191 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 63bdfce869d..93b207fadad 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,7 +2,6 @@ DIST ca-certificates_20161130.tar.xz 298656 BLAKE2B 8574745d8ef62262b339035ca11d
 DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020fca9bcd5ef7066ae3cef195cbf9755f8b8e800a8e4076662fa1b7da600c2235e49048eb6e1166b0618fc7685221ab790fed3 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6
 DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74c1489bcecf0229b6f19f5bbcc66e9625ac74b655c55897450400090c19eac92c035276c8815fcf98bac945c SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
-DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild
deleted file mode 100644
index 198af98ddbf..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-03-07  9:13 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-03-07  9:13 UTC (permalink / raw
  To: gentoo-commits

commit:     48c5246a78587052d64b17d00b587a029b1098c3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  7 09:10:37 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  7 09:10:37 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48c5246a

app-misc/ca-certificates: Bump to version 20170717.3.36

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20170717.3.36.ebuild           | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index f66b71caa2d..63bdfce869d 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
+DIST nss-3.36.tar.gz 23025578 BLAKE2B c8dd8a4c2bcda15bfeab4e7b49e790aaa2ecc3021ab014ca4e7b9253cad2ce140bf719cc336ce74d5074722c63d5a73d4a4e75792aa779b008d635a765e0c5b8 SHA512 e4d5cc475f1fcca9a42a139a890b70dbc3fadf5ed8a626c8d6bf929a97bb91ca9a42fe967df95784e5d997a3ec5c5a87684256ddf91b8dafa827103a98ad39ae
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild
new file mode 100644
index 00000000000..198af98ddbf
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.36.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-01-20 10:04 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-01-20 10:04 UTC (permalink / raw
  To: gentoo-commits

commit:     91427127b760705759b33e49ff0452109a4ccf2d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 20 10:03:41 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 20 10:04:05 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91427127

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   2 -
 .../ca-certificates-20170717.3.32.1.ebuild         | 190 ---------------------
 .../ca-certificates-20170717.3.34.ebuild           | 190 ---------------------
 3 files changed, 382 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 4c814bddb25..f66b71caa2d 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,8 +2,6 @@ DIST ca-certificates_20161130.tar.xz 298656 BLAKE2B 8574745d8ef62262b339035ca11d
 DIST ca-certificates_20170717.tar.xz 293028 BLAKE2B 85076cd980841f32e2544c7be020fca9bcd5ef7066ae3cef195cbf9755f8b8e800a8e4076662fa1b7da600c2235e49048eb6e1166b0618fc7685221ab790fed3 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6
 DIST nss-3.30.2.tar.gz 9499119 BLAKE2B 720ebe79c791f80f1717548cc9a8afea455ee8d74c1489bcecf0229b6f19f5bbcc66e9625ac74b655c55897450400090c19eac92c035276c8815fcf98bac945c SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500
 DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4154db8e2ce7f810d66ef9bad972c1204bc88bae7374d03f4d5c7845d85eb340b387189c258d09b3d7b699 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3
-DIST nss-3.32.1.tar.gz 9494609 BLAKE2B d5e4e87b8172022cfdaaebf3c76cb6702ecc0594bc9f2edbeeb4a0bde30faf2857b7a38f2f964bdb0fc6de2b439faf5477c55b91d0eb42bd35de6780afc6e6f0 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
-DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild
deleted file mode 100644
index 7778372001e..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild
deleted file mode 100644
index 7778372001e..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-01-20 10:04 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2018-01-20 10:04 UTC (permalink / raw
  To: gentoo-commits

commit:     9c263716f115ab266eb80fc19777b030f86f0797
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 20 10:02:59 2018 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Jan 20 10:04:03 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c263716

app-misc/ca-certificates: Bump to version 20170717.3.35

Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20170717.3.35.ebuild           | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index a85a7af4bee..4c814bddb25 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.30.tar.gz 9500552 BLAKE2B 634734400562db5b35f170c5d138fbad45cfdc972a4
 DIST nss-3.32.1.tar.gz 9494609 BLAKE2B d5e4e87b8172022cfdaaebf3c76cb6702ecc0594bc9f2edbeeb4a0bde30faf2857b7a38f2f964bdb0fc6de2b439faf5477c55b91d0eb42bd35de6780afc6e6f0 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
+DIST nss-3.35.tar.gz 9620041 BLAKE2B a4115117ff017ce36f030d9f69c75111177166651968739353d112cc5d2c4732b33b8c684c5957a66bb969ecab1a15fb2cd6bb237d959d307cdee43ec638cd73 SHA512 8d466f4602427d278b6aa28af0e6bdb99326fc40c94ac6d517d1cbe7ce6b9332dadba52ea092762fac2fd6e72f17cb880cf81e1cf86bf6b4f7913a755419626d
 DIST nss-cacert-class1-class3.patch 22950 BLAKE2B 9d5e60df5f161a3c27c41e5a9419440a54f888eda454e3cde5ebe626d4075b65cf9938b5144d0fb022377f4bd415bff5e5c67d104409860aa9391b3eb8872c68 SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild
new file mode 100644
index 00000000000..db831330cda
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.35.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2018-01-12  4:10 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2018-01-12  4:10 UTC (permalink / raw
  To: gentoo-commits

commit:     55860ac72a46f97b53ec646c343635b1ce4b5086
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 12 03:46:27 2018 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Jan 12 04:08:02 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55860ac7

app-misc/ca-certificates: mark 20161130.3.30.2 m68k/s390/sh stable

 app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
index c538eb461d5..4dc1cd363d4 100644
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -58,7 +58,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-12-24  9:46 Mart Raudsepp
  0 siblings, 0 replies; 203+ messages in thread
From: Mart Raudsepp @ 2017-12-24  9:46 UTC (permalink / raw
  To: gentoo-commits

commit:     739bc9cc04057cb21c0084a6e4ae4f6c737fc987
Author:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 24 09:26:55 2017 +0000
Commit:     Mart Raudsepp <leio <AT> gentoo <DOT> org>
CommitDate: Sun Dec 24 09:26:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=739bc9cc

app-misc/ca-certificates-20161130.3.30.2: arm64 stable

Package-Manager: Portage-2.3.19, Repoman-2.3.6
RepoMan-Options: --include-arches="arm64"

 app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
index 2fac1bf7943..c538eb461d5 100644
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -58,7 +58,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-11-29 17:27 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-11-29 17:27 UTC (permalink / raw
  To: gentoo-commits

commit:     386e4fab89046a9b6ceedb08ffa780c092e52b13
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 17:27:37 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 17:27:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=386e4fab

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20170717.3.33.ebuild           | 190 ---------------------
 2 files changed, 191 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index a11eb1e216a..2d809a4f6bc 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,7 +3,6 @@ DIST ca-certificates_20170717.tar.xz 293028 SHA256 e487639b641fa75445174734dd6e9
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
-DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
 DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild
deleted file mode 100644
index 7778372001e..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-11-29 17:27 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-11-29 17:27 UTC (permalink / raw
  To: gentoo-commits

commit:     c573f59d7f84052ba519386d2aa0bce7189e3040
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 17:26:46 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 17:27:52 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c573f59d

app-misc/ca-certificates: Bump to version 20170717.3.34.1

Package-Manager: Portage-2.3.16, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   3 +-
 .../ca-certificates-20170717.3.34.1.ebuild         | 190 +++++++++++++++++++++
 2 files changed, 192 insertions(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6b9638311bf..a11eb1e216a 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b3
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
-DIST nss-3.34.tar.gz 9586315 SHA256 0d45954181373023c7cfc33e77c8c636d394ec7e55b93e059149ed7888652af5 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21 WHIRLPOOL ae6784022aa74671c62141023e40e5dfce51bc90b49c6520ad46307eb3b84246c1557bbcc0b63554d6aef42940a2667f46cebfe57f9962342f176e79fe9384e0
+DIST nss-3.34.1.tar.gz 9562876 BLAKE2B 645fe06435dffa1a0dec688c7c10854dbd664e719889b36027dc2e52c4f585c2ce7bdcd947dcf5d938013246405c04e1b9dbd802b229e0acc96fc07f321bb51a SHA512 6cc4826df4202e865e903a2ed05b49f708a047347b7b4d58f9b83ed097115a128239c4596a033ddeb9ee3fbfe6345a024e11eacb6149bce2d71fbe82c0a41c63
+DIST nss-3.34.tar.gz 9586315 BLAKE2B d04fcd46a7bf318b4bab14f316ae53145f415b5abb637205eeedb72f5847d43b76ea5e77485c56e4eaa3d90b850ee4bb18b6d0e42422f94ea0a9f12559263e02 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild
new file mode 100644
index 00000000000..7778372001e
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.34.1.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-11-15 18:51 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-11-15 18:51 UTC (permalink / raw
  To: gentoo-commits

commit:     24393c7fc7beed4e1e26555ba7f8ffccdd7ec327
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 15 18:49:49 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 15 18:50:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24393c7f

app-misc/ca-certificates: Bump to version 20170717.3.34

Package-Manager: Portage-2.3.14, Repoman-2.3.6

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20170717.3.34.ebuild           | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index eaaaa4492b8..6b9638311bf 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b3
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
+DIST nss-3.34.tar.gz 9586315 SHA256 0d45954181373023c7cfc33e77c8c636d394ec7e55b93e059149ed7888652af5 SHA512 72388b596151499850546a68d9a20d82434c59f159564fb7170980f110d43d7026f174f93660d3bb6da79b618fd7d4f1f16246fc80ba568aa555df99ebbaea21 WHIRLPOOL ae6784022aa74671c62141023e40e5dfce51bc90b49c6520ad46307eb3b84246c1557bbcc0b63554d6aef42940a2667f46cebfe57f9962342f176e79fe9384e0
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild
new file mode 100644
index 00000000000..7778372001e
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.34.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-11-01 14:50 Jeroen Roovers
  0 siblings, 0 replies; 203+ messages in thread
From: Jeroen Roovers @ 2017-11-01 14:50 UTC (permalink / raw
  To: gentoo-commits

commit:     75e5669061a16638ecfc28929e080c8ce70b78e4
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed Nov  1 14:50:27 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed Nov  1 14:50:43 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75e56690

app-misc/ca-certificates: Improve USE flag descriptions.

Package-Manager: Portage-2.3.13, Repoman-2.3.4

 app-misc/ca-certificates/metadata.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index f516f076977..07953c7a15d 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -7,11 +7,11 @@
 </maintainer>
 <use>
   <flag name="cacert">
-    Include root certs from CAcert (http://www.cacert.org/) and
-    Software in the Public Interest (http://www.spi-inc.org/)
+	Include root certificates from CAcert (http://www.cacert.org/) and Software
+	in the Public Interest (http://www.spi-inc.org/)
   </flag>
   <flag name="insecure_certs">
-    Install certs which are known to *not* being trustworthy.
+	Install certificates which are known to be untrustworthy.
   </flag>
 </use>
 </pkgmetadata>


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-09-21 22:26 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-09-21 22:26 UTC (permalink / raw
  To: gentoo-commits

commit:     25b4e5b578cdd6c9c562104bda8ef5a7dfc92f80
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 22:15:00 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 22:26:36 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=25b4e5b5

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.32.ebuild           | 190 ---------------------
 2 files changed, 191 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index dbb33dec6e1..eaaaa4492b8 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,6 +3,5 @@ DIST ca-certificates_20170717.tar.xz 293028 SHA256 e487639b641fa75445174734dd6e9
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
-DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
 DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild
deleted file mode 100644
index 1391c06c4ec..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild
+++ /dev/null
@@ -1,190 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	default
-	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		elog "To prevent applications relying on system's trusted root certificate store"
-		elog "from using CAs where at least one major browser vendor Gentoo is following"
-		elog "has decided to apply trust level restrictions, the following"
-		elog "certificate(s) were removed:"
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		elog "$(find "${c}" -type f \( \
-			-iname '*startcom*' \
-			-o -iname '*wosign*' \
-			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-09-21 22:26 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-09-21 22:26 UTC (permalink / raw
  To: gentoo-commits

commit:     a69428574b10bf9b2817dcb60dc669b0088ef331
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 21 22:14:23 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 21 22:26:34 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6942857

app-misc/ca-certificates: Bump to version 20170717.3.33

Package-Manager: Portage-2.3.10, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20170717.3.33.ebuild           | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 1762b04a532..dbb33dec6e1 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b3
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
+DIST nss-3.33.tar.gz 9578033 SHA256 98f0dabd36408e83dd3a11727336cc3cdfee4cbdd9aede2b2831eb2389c284e4 SHA512 82adc0b73805ba5e73b9bf350fffa383a8b4396c05f49edb360a53319b4ad26d928a135bee245f9da009d162129db4441a96ef05346dadac20922b21284468b0 WHIRLPOOL c11129bce97990a41a3118e62d79481fbd38cad51356a6b6c1b0af7efe2f27b3d5d51a8e987287c1cdff77ccee14a3e96d5bbb76e92f9a81b2f50988de250dea
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild
new file mode 100644
index 00000000000..7778372001e
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.33.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-09-14 21:24 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-09-14 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     a1fbecf43553470910a35a134f65c66e01bbb03a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 14 21:21:24 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 14 21:24:01 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1fbecf4

app-misc/ca-certificates: Bump to version 20170717.3.32.1

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20170717.3.32.1.ebuild         | 190 +++++++++++++++++++++
 2 files changed, 192 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index a909c17ea2c..c82537722a2 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,10 @@
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
+DIST ca-certificates_20170717.tar.xz 293028 SHA256 e487639b641fa75445174734dd6e9d600373e3248b3d86a7e3c6d0f6977decd2 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6 WHIRLPOOL 3b0877a7e85efccef67f92e0f6eb066e98b42982fd68ba92da131d2f96d4c235685ac913d038e2af621cb9cada5cf1409a871b8557d49539d722e10171e2aa7a
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
+DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf
 DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild b/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild
new file mode 100644
index 00000000000..7778372001e
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20170717.3.32.1.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="https://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-09-14 21:24 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-09-14 21:24 UTC (permalink / raw
  To: gentoo-commits

commit:     1cfb0d07769d7e999d002fb6932dbbca97f46970
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 14 21:22:42 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Sep 14 21:24:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1cfb0d07

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.8, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   3 -
 .../ca-certificates-20161102.3.27.2-r2.ebuild      | 182 ---------------------
 .../ca-certificates-20161130.3.29.3.ebuild         | 182 ---------------------
 3 files changed, 367 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index c82537722a2..1762b04a532 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,5 @@
-DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST ca-certificates_20170717.tar.xz 293028 SHA256 e487639b641fa75445174734dd6e9d600373e3248b3d86a7e3c6d0f6977decd2 SHA512 dfeb5a19bb33bcb127a159b73fcc63b41c99827d77eb4a6069def0cffc7ae8dd10dab97c1ddfdd5b70d0c93e650a51ed5dcd03908516e7ca8b3022bf46eeb7e6 WHIRLPOOL 3b0877a7e85efccef67f92e0f6eb066e98b42982fd68ba92da131d2f96d4c235685ac913d038e2af621cb9cada5cf1409a871b8557d49539d722e10171e2aa7a
-DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
-DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.1.tar.gz 9494609 SHA256 4de59ca7f5bf4a56fbcfdbb4a054f254ba9f408f56476957404a091048624652 SHA512 b377aba822c2955d801022eba1636b71943a64f6e74d5611c2625910d230059383c4dbdedd65e70b356eaea33aeefdd24de3b31d7a4823d921ea475af3dd9da8 WHIRLPOOL 4c15b4ba85ce10787b9ee541d20a829a99aed5628b59f7e7e3045ec694d6d8a0a83bc730ae4d74148cf7c425f59debfd1574cb1b036c1407d1f9d4896647d9cf

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
deleted file mode 100644
index a4a950e2b8a..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild
deleted file mode 100644
index a72077ebef8..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-08-08  7:40 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-08-08  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     fcec7da5bf321fa7c836ddb9ace58152c3401ad2
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 07:31:24 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 07:40:48 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcec7da5

app-misc/ca-certificates: Bump to version 20161130.3.32

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.32.ebuild           | 190 +++++++++++++++++++++
 2 files changed, 191 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 568d0e1332b..0119c7af89d 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,4 +5,5 @@ DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
+DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild
new file mode 100644
index 00000000000..1391c06c4ec
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.32.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	default
+	eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-08-08  7:40 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-08-08  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     c716c4b9519e8864ff5011e851d34aac0304f206
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 07:40:30 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 07:40:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c716c4b9

app-misc/ca-certificates: Version 20161130.3.30.2 stable for all arches.

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
index 45efcd9d581..2fac1bf7943 100644
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -58,7 +58,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-08-08  7:40 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-08-08  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     a808a89ee2610c910958c27407f83b82cdb9533e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 07:39:24 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 07:40:52 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a808a89e

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.30.1.ebuild         | 182 ---------------------
 .../ca-certificates-20161130.3.30.ebuild           | 182 ---------------------
 3 files changed, 365 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 0119c7af89d..a909c17ea2c 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,7 +2,6 @@ DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdb
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
-DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-3.32.tar.gz 9493574 SHA256 35c6f381cc96bb25e4f924469f6ba3e57b3a16e0c2fb7e295a284a00d57ed335 SHA512 7a01f81e23ef9649fd26b8423b015f4df5878c94f6ff591727086644b01db3dbc36de4e131cf70a6f84564e46c8decb7c4f7780fca12270eb900de1f8a11ee3c WHIRLPOOL bd1a9a8da509143ba995c2a4aac43df991703c1170e2654a8e762fbaf1b26e4f95f85c9d06db45126247a6d52828060c5283fb9cf1e4328952bc518ee38316c4

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
deleted file mode 100644
index a72077ebef8..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
deleted file mode 100644
index a72077ebef8..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-08-08  7:40 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-08-08  7:40 UTC (permalink / raw
  To: gentoo-commits

commit:     b2cae8b25d30cee6412433139fbc323f08cffb8a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Aug  8 07:38:15 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Aug  8 07:40:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2cae8b2

app-misc/ca-certificates: Fixed removal of untrusted certs (#616002).

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 .../ca-certificates/ca-certificates-20161130.3.30.2.ebuild     | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
index a72077ebef8..45efcd9d581 100644
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -138,9 +138,15 @@ src_compile() {
 	fi
 
 	if ! use insecure_certs ; then
+		elog "To prevent applications relying on system's trusted root certificate store"
+		elog "from using CAs where at least one major browser vendor Gentoo is following"
+		elog "has decided to apply trust level restrictions, the following"
+		elog "certificate(s) were removed:"
 		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
+		elog "$(find "${c}" -type f \( \
+			-iname '*startcom*' \
+			-o -iname '*wosign*' \
+			\) -printf '%P removed; see https://bugs.gentoo.org/598072 for details\n' -delete)"
 	fi
 
 	(


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-05-05 13:49 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-05-05 13:49 UTC (permalink / raw
  To: gentoo-commits

commit:     23d5e63b9913a727db13c57f82c54697b6f9ed82
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri May  5 13:48:53 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May  5 13:48:53 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23d5e63b

app-misc/ca-certificates: Bump to version 20161130.3.30.2

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.30.2.ebuild         | 182 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 2ae4e245cdf..6a0ca3d13e1 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
+DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
new file mode 100644
index 00000000000..a72077ebef8
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.2.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-05-05 13:49 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-05-05 13:49 UTC (permalink / raw
  To: gentoo-commits

commit:     8d9f61f73fb3418f831883844f2f510d26613337
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri May  5 13:49:26 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May  5 13:49:26 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d9f61f7

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.28.1.ebuild         | 182 ---------------------
 2 files changed, 183 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6a0ca3d13e1..568d0e1332b 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,7 +1,6 @@
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
-DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.2.tar.gz 9499119 SHA256 0d4a77ff26bcee79fa8afe0125e0df6ae9e798b6b36782fa29e28febf7cfce24 SHA512 02f14bc000cbde42268c4b6f42df80680b010d1491643ef9b11e0bac31a286a2e7fa251c40cb4ac70b64883a1b90efc64440ef9d797357f8a47cd37195fc5500 WHIRLPOOL b1039f227a55ed9ab592b7e1ea0856c8cf91b8d298ef07d9d0f56d1956319b15c12224f023a100d106101c49dafb16e8231680667d2c7d0b8f8b2bbf6ad3ec8e

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild
deleted file mode 100644
index 5a9c322c983..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-04-06 13:08 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-04-06 13:08 UTC (permalink / raw
  To: gentoo-commits

commit:     f2f9e830a436616d96da6e988c649286f0d16016
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  6 12:52:11 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  6 13:07:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f2f9e830

app-misc/ca-certificates: Bump to version 20161130.3.30.1

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.30.1.ebuild         | 182 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 1f809d24f02..3abf001ceca 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,5 +4,6 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
+DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
new file mode 100644
index 00000000000..a72077ebef8
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.1.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-04-06 13:08 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-04-06 13:08 UTC (permalink / raw
  To: gentoo-commits

commit:     2009975ea4afd9e70458d1a64f84191950963750
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Apr  6 12:52:47 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Apr  6 13:07:58 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2009975e

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.29.1.ebuild         | 182 ---------------------
 2 files changed, 183 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 3abf001ceca..2ae4e245cdf 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,7 +2,6 @@ DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdb
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
-DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.30.1.tar.gz 9501791 SHA256 1fa273a9a18611bfd22ecd61283172a5aa66af7d0783c7018f42d48000be5eb6 SHA512 591c518bc7e8105675678863e1995725982527e138b45e12ad0efd927f5d3eaa2aaa704d335ff46d572c2f7ad8a8f9a38e671c1d5a9f46fe495077ba0522bc51 WHIRLPOOL 40ef67fcb505ed19b8438b77b5b0a147d939863066a24bd15f5afa2e6ea91a40d6aaa43860c6f1f94f37efe417c48f865c344e7ffb5d997e4a92356100a206c1
 DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild
deleted file mode 100644
index a72077ebef8..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-03-24  9:29 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-03-24  9:29 UTC (permalink / raw
  To: gentoo-commits

commit:     6f25c0fc00d14fba2d2597039c3cb2334182eefd
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 24 09:28:50 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Mar 24 09:28:50 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6f25c0fc

app-misc/ca-certificates: Revbump adding Symantec to insecure certs

Gentoo bug #613714

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 .../ca-certificates-20161130.3.30-r1.ebuild        | 184 +++++++++++++++++++++
 1 file changed, 184 insertions(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30-r1.ebuild
new file mode 100644
index 00000000000..7d330280280
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30-r1.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+		# and from Symantec (bug #613714)
+		rm "${c}"/mozilla/Symantec* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-03-23  7:59 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-03-23  7:59 UTC (permalink / raw
  To: gentoo-commits

commit:     30c8630dd5db65f5cec8886c91071bbe4eb53b75
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 23 07:58:54 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Mar 23 07:58:54 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c8630d

app-misc/ca-certificates: Bump to version 20161130.3.30

Package-Manager: Portage-2.3.5, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.30.ebuild           | 182 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 7d45d55b3ec..1f809d24f02 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,4 +4,5 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
+DIST nss-3.30.tar.gz 9500552 SHA256 a8c0000dae5e992f6563972e26dbfefc50d006dd845c43b8ca24ea50169ff3a9 SHA512 c21e9b5e4b689ea8cbc6f4d7913df43e2a78c4435e0ce092f2ce00e46079ce2268e17ec8527b283ac69eff3d96ff0165a5b42b6579bfe0a720115ff2938260d3 WHIRLPOOL bc0a59484010a5771b515dde1440ccca8a63b167d3d8839b3606460fdf9d2dc3ab7d889173c88edb7d685d39ad3614c4cbc66284d0faced47cdcc01a69997d9a
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
new file mode 100644
index 00000000000..a72077ebef8
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.30.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-03-08  9:47 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-03-08  9:47 UTC (permalink / raw
  To: gentoo-commits

commit:     f67d3ddf3944c06644e5486536fcaf08cd1b1c94
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  8 09:46:16 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  8 09:47:21 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f67d3ddf

app-misc/ca-certificates: Bump to version 20161130.3.29.3

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.29.3.ebuild         | 182 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 593b540bfc5..92c9e5a67b2 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,5 +3,6 @@ DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
+DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild
new file mode 100644
index 00000000000..a72077ebef8
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.29.3.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-03-08  9:47 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-03-08  9:47 UTC (permalink / raw
  To: gentoo-commits

commit:     2c3dcd55b95a866f095be639409c4575aeb7781d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Mar  8 09:46:42 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Mar  8 09:47:24 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c3dcd55

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.4, Repoman-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.29.ebuild           | 182 ---------------------
 2 files changed, 183 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 92c9e5a67b2..7d45d55b3ec 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -4,5 +4,4 @@ DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa672
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.3.tar.gz 7479458 SHA256 35ddcc31251ef829994efeee925011aa1414e32be7e388236970255aa3c8e1eb SHA512 eebc479521dc4e64565929620f60bf457875a2b21d7b5dc2b67f4e4279bfb1a814c31a7b17638052cec44ede9fb686a3ff776cd2239271142100e0fd5f769519 WHIRLPOOL 93edf0bd7c0c1751f7b03a8e878cba564e27fede796de3d4f381aa0b86ef8ea9edffd6f57f8a437f48e07f74ddc2cd0b351ca640ea409e3b3a54f7ddb83def22
-DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
deleted file mode 100644
index a72077ebef8..00000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
+++ /dev/null
@@ -1,182 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-02-21  9:30 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-02-21  9:30 UTC (permalink / raw
  To: gentoo-commits

commit:     da4b70da89df69aeb2b135758a37551500cb5e48
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 21 09:30:01 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 21 09:30:20 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=da4b70da

app-misc/ca-certificates: Bump to version 20161130.3.29.1

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.29.1.ebuild         | 183 +++++++++++++++++++++
 2 files changed, 184 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index e5858ae4d9..593b540bfc 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,5 +2,6 @@ DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdb
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
+DIST nss-3.29.1.tar.gz 7479324 SHA256 47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366 SHA512 c060f568a3243343b5a1315d632015373dc7dfd2ca9567fb484190dd56f87b1bc977539b9e28fe4fbfc6ee25409e69b1192a2b590031257dd8c89d162332e050 WHIRLPOOL 1649e439fec988ce0b0d5d3b5caf2b89579eee86dff87cb6a4545cf6fdbd78a409f0746050dbc5a5bcefbb8363abad730df2a43ef05b91f5b325d06ba778e151
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild
new file mode 100644
index 0000000000..943ed5cb4b
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.29.1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-02-18  6:45 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-02-18  6:45 UTC (permalink / raw
  To: gentoo-commits

commit:     e8c8605a2966fdab5cfd7da5f3a075bd2512e791
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 18 06:33:58 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 06:44:56 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e8c8605a

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   3 -
 .../ca-certificates-20151214.3.21.ebuild           | 181 ---------------------
 2 files changed, 184 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 7bb7adb289..e5858ae4d9 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,5 @@
-DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
-DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
deleted file mode 100644
index 5ae898dc0d..0000000000
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`; newer version for alt-cert-paths #552540
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	>=app-misc/c_rehash-1.7-r1
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ ${badcerts} -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-02-18  5:47 Markus Meier
  0 siblings, 0 replies; 203+ messages in thread
From: Markus Meier @ 2017-02-18  5:47 UTC (permalink / raw
  To: gentoo-commits

commit:     788bf18089da5a6f97d732adc9ebd3184054e2ec
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 18 05:47:44 2017 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Sat Feb 18 05:47:44 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=788bf180

app-misc/ca-certificates: arm stable, bug #604502

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --include-arches="arm"

 app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
index a8c508f292..e95816d754 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-02-14 10:35 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-02-14 10:35 UTC (permalink / raw
  To: gentoo-commits

commit:     92f58e198a82459fb1495596e9b714ba61ad2b51
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 14 10:34:29 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 14 10:35:20 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=92f58e19

app-misc/ca-certificates: Bump to version 20161130.3.29

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.29.ebuild           | 183 +++++++++++++++++++++
 2 files changed, 184 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 7e8ee9e74f..22a43bbcf1 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -6,4 +6,5 @@ DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27f
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82
+DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
new file mode 100644
index 0000000000..91c4bc6638
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.29.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-02-14 10:35 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-02-14 10:35 UTC (permalink / raw
  To: gentoo-commits

commit:     a8d92d04f2e061cff7a40716109c808125c7ccf4
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Feb 14 10:35:07 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Feb 14 10:35:23 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8d92d04

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20161130.3.28.ebuild           | 183 ---------------------
 2 files changed, 184 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 22a43bbcf1..7bb7adb289 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,6 +5,5 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
-DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82
 DIST nss-3.29.tar.gz 7477439 SHA256 ee19ebfe7b012dedb71f04a55dd06fa26f8dce435e5980531c790bd42673c6fa SHA512 0f4dd026b6b32122d8cafa92fa37199b0678f8fef75e375446eddd0cc6ddda1a796e3222caa8bb01b3633911899394d0cb1e4d392880438f68c8ef7290dcb4fa WHIRLPOOL 5d3243bcc5c78e1b13b463e935bb5f700d0ed32eb22b01ccda17cb475725230f73f3711227a2175add4e96e0353aaf484ff10b0186cf4a453dfa215c24b8147c
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild
deleted file mode 100644
index 91c4bc6638..0000000000
--- a/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild
+++ /dev/null
@@ -1,183 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? (
-			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
-		)"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-01-12 22:02 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-01-12 22:02 UTC (permalink / raw
  To: gentoo-commits

commit:     662d91e5b692e50ee2a68c4011d5e37e2670b661
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 12 22:01:04 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 12 22:02:09 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=662d91e5

app-misc/ca-certificates: Bump to version 20161130.3.28.1

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20161130.3.28.1.ebuild         | 183 +++++++++++++++++++++
 2 files changed, 184 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index cc6bf0e..bdefc56 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -6,5 +6,6 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
+DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild
new file mode 100644
index 00000000..fabeb12
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.28.1.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-01-12 22:02 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2017-01-12 22:02 UTC (permalink / raw
  To: gentoo-commits

commit:     ed1907e794f87410cbb27a0bd2b9e70c463c56c7
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 12 22:01:51 2017 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Jan 12 22:02:12 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ed1907e7

app-misc/ca-certificates: Removed old.

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   2 -
 .../ca-certificates-20160104.3.27.1-r2.ebuild      | 181 ---------------------
 2 files changed, 183 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index bdefc56..7e8ee9e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,10 +1,8 @@
 DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
-DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
-DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
 DIST nss-3.28.1.tar.gz 7451477 SHA256 58cc0c05c0ed9523e6d820bea74f513538f48c87aac931876e3d3775de1a82ad SHA512 f10c8e404741fafe5e5772dc754ff4503ec1826942db5fbc13b99155fcac50f29e1405dd249b69a27f27ebcfef73849b1f0f636a2076ab761384e8a0ed9a2b8b WHIRLPOOL e1a6b9886759159294c4d8e47e693a2e790703e368ede18425c9a9130df72ac56a6e717cb794607c7bcfc68c82df9aec8771bc74e729f5bbd70fdcd8ce0fed3b
 DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
deleted file mode 100644
index 0a7bba2..00000000
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="insecure_certs"
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
-		if use cacert ; then
-			mkdir -p "${c}"/cacert.org
-			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt "${c}"/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	if ! use insecure_certs ; then
-		# Remove untrusted certs from StartCom and WoSign (bug #598072)
-		rm "${c}"/mozilla/StartCom* || die
-		rm "${c}"/mozilla/WoSign* || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${c}"
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-01-10  7:16 Jeroen Roovers
  0 siblings, 0 replies; 203+ messages in thread
From: Jeroen Roovers @ 2017-01-10  7:16 UTC (permalink / raw
  To: gentoo-commits

commit:     38f804da74e83b2dad4340ab8e88a358966e1572
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 10 07:16:19 2017 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Tue Jan 10 07:16:19 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38f804da

app-misc/ca-certificates: Stable for HPPA (bug #604502).

Package-Manager: Portage-2.3.3, Repoman-2.3.1
RepoMan-Options: --ignore-arches

 app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
index a6ba04a..83ce489 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-01-06 14:33 Tobias Klausmann
  0 siblings, 0 replies; 203+ messages in thread
From: Tobias Klausmann @ 2017-01-06 14:33 UTC (permalink / raw
  To: gentoo-commits

commit:     3619d224dabd44990da50fca8b2a508432374051
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Fri Jan  6 14:22:15 2017 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Fri Jan  6 14:33:03 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3619d224

app-misc/ca-certificates-20161102.3.27.2-r2: stable on alpha

Gentoo-Bug: 604502

 app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
index b67da27..a6ba04a 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2017-01-04 11:23 Agostino Sarubbo
  0 siblings, 0 replies; 203+ messages in thread
From: Agostino Sarubbo @ 2017-01-04 11:23 UTC (permalink / raw
  To: gentoo-commits

commit:     c89e13702de0e5f74289212f0b644ee6d4982fcf
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Wed Jan  4 11:22:55 2017 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Wed Jan  4 11:22:55 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c89e1370

app-misc/ca-certificates: amd64 stable wrt bug #604502

Package-Manager: portage-2.3.0
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
index 89863d9..4e655de 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2016 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -59,7 +59,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-12-23 13:10 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-12-23 13:10 UTC (permalink / raw
  To: gentoo-commits

commit:     a068b6cbe3f483038ade32a28907ef20eccdd3b3
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 23 13:09:39 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Dec 23 13:10:09 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a068b6cb

app-misc/ca-certificates: Bump to version 20161130.3.28

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20161130.3.28.ebuild           | 183 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 22deb87..cc6bf0e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,10 @@
 DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
 DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
+DIST ca-certificates_20161130.tar.xz 298656 SHA256 04bca9e142a90a834aca0311f7ced237368d71fee7bd5c9f68ef7f4611aee471 SHA512 8395f27d2369d694b069e1bb250b06df05f732bd9f4a4dc8652091e9c96ad1a84003e28f59cb9e13fdfd22ca5818f495d80149692e74b2d63e34db4f6a95ee9f WHIRLPOOL 6903848f030a0da80e18e5d6a075c9a4ef390d67d748ff27cbadef4b1bf5866b9d7d96960f780f6bbff3f7b9720c31ee4d7a089238041bcb4d5de52fe0e46224
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
+DIST nss-3.28.tar.gz 7440502 SHA256 c79dd15f66f581c294ce0ef032119357d03fee3a0aa61be263747d84f1b33254 SHA512 dd442c6d04edd0507cc49a1e3c2bfaa64555f7cde5cb9e512ccf33f14de458dddbb17efddd83271056ed6e6e32327e6e1b6f6609e1910a05e625b08e6f0965df WHIRLPOOL d013972f18d75e83da03c3903b712ef1094e6b8543c1755ea2b7ed7f6335e39ac20112808c86bb9df74cda4a8c5c1159401ecd05d1d8b07b3ecdca85f7f0ac82
 DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild b/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild
new file mode 100644
index 00000000..89863d9
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161130.3.28.ebuild
@@ -0,0 +1,183 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? (
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-12-03 20:20 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-12-03 20:20 UTC (permalink / raw
  To: gentoo-commits

commit:     a0f5804d717546de8a979d7d3783d9d9c8a64a40
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sat Dec  3 20:16:11 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sat Dec  3 20:20:05 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0f5804d

app-misc/ca-certificates: Another revbump to get rid of outdated certs patch.

Package-Manager: portage-2.3.2

 ...61102.3.27.2-r1.ebuild => ca-certificates-20161102.3.27.2-r2.ebuild} | 2 --
 1 file changed, 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
similarity index 97%
rename from app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild
rename to app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
index 5a69e92..89863d9 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r2.ebuild
@@ -53,7 +53,6 @@ else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? (
-			https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch
 			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
 		)"
 fi
@@ -106,7 +105,6 @@ src_prepare() {
 
 		if use cacert ; then
 			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
 			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
 			popd >/dev/null
 		fi


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-12-02 17:05 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-12-02 17:05 UTC (permalink / raw
  To: gentoo-commits

commit:     bfffe8f5ca618ddc48b0d7c9c9890024f0020e50
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  2 17:04:41 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Dec  2 17:04:58 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfffe8f5

app-misc/ca-certificates: Revbump to add new certs.

Package-Manager: portage-2.3.2

 app-misc/ca-certificates/Manifest                                   | 1 +
 ...1102.3.27.2.ebuild => ca-certificates-20161102.3.27.2-r1.ebuild} | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 280810b..22deb87 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -5,3 +5,4 @@ DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf
+DIST nss-cacert-class1-class3.patch 22950 SHA256 6bba29cee34276e2ca6436dabedfeba2b61fb46668c5d5ceabf0c871574649bf SHA512 a5aa740bf110a3f0262e3f1ef2fc739ac2b44f042e220039d48aee8e97cd764d5c10718220364f4098aba955882bd02cadb5481512388971a8290312f88a7df0 WHIRLPOOL 1246223b01292604e5609bb9c580f092dc5937bf8c98f6891b099e8bab960e03612b6617e30a55d6ff8817d88f190e03812fe8f89f84f25c20970493dc2f7700

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild
similarity index 96%
rename from app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild
rename to app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild
index 0a7bba2..5a69e92 100644
--- a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2-r1.ebuild
@@ -52,7 +52,10 @@ if ${PRECOMPILED} ; then
 else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
 		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+		cacert? (
+			https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			https://dev.gentoo.org/~axs/distfiles/nss-cacert-class1-class3.patch
+		)"
 fi
 
 LICENSE="MPL-1.1"
@@ -104,6 +107,7 @@ src_prepare() {
 		if use cacert ; then
 			pushd "${S}"/nss-${NSS_VER} >/dev/null
 			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			epatch "${DISTDIR}"/nss-cacert-class1-class3.patch
 			popd >/dev/null
 		fi
 	fi


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-12-02 14:48 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-12-02 14:48 UTC (permalink / raw
  To: gentoo-commits

commit:     b8e9334d0aa8b6501591cd8da90ec438706f6acb
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  2 14:39:40 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Dec  2 14:47:58 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b8e9334d

app-misc/ca-certificates: Bump to version 20161102.3.27.2

Package-Manager: portage-2.3.2

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20161102.3.27.2.ebuild         | 181 +++++++++++++++++++++
 2 files changed, 183 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 4085aca..be3266c 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,6 +1,8 @@
 DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
 DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
+DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
+DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf

diff --git a/app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild
new file mode 100644
index 00000000..0a7bba2
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20161102.3.27.2.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="insecure_certs"
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-12-02 14:48 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-12-02 14:48 UTC (permalink / raw
  To: gentoo-commits

commit:     2f8e7b8767abeb0be224fb770835d54bea14278d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  2 14:46:58 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Dec  2 14:48:00 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2f8e7b87

app-misc/ca-certificates: Removed old.

Package-Manager: portage-2.3.2

 app-misc/ca-certificates/Manifest                  |   1 -
 .../ca-certificates-20160104.3.23.ebuild           | 176 ---------------------
 .../ca-certificates-20160104.3.27.1.ebuild         | 175 --------------------
 3 files changed, 352 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index be3266c..280810b 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,6 +3,5 @@ DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbdd
 DIST ca-certificates_20161102.tar.xz 298544 SHA256 25384a67e2f1e76495ceeb00abfdbe831033780324128cb1587d09132dd173a5 SHA512 8630cbc15d311b71936901bfa4c1a61d78d4468a7d8d0c492d72afc579679402b99e563cc6f88b0377eb7ebee8dcbad1b090fb0831d610a5b8e5bbdb3d8ce284 WHIRLPOOL 8b92ba4228880bcc7b296e9b1333f695194c31e724a02bafaec97bac838f6c36b20fa052935d256930977e2944ed7450c1e1ab2c95b40c8391dffd766938cea7
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
-DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
 DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364
 DIST nss-3.27.2.tar.gz 7397599 SHA256 dc8ac8524469d0230274fd13a53fdcd74efe4aa67205dde1a4a92be87dc28524 SHA512 699847665e93fd649cb60ce6bc8f849f452779e7232a09bbeb0613f9e6c57bb81948f1ae59cc86648e41a212cda259109850ccd14546d35910deb75f5d2a13b8 WHIRLPOOL 08229d87de1c7020c1d7fc12fb8a2afc4bc9ab9f0208aad12698aba17386fbe9163cb506101c7d4d568409fd99141fb88c0e71fc32cecbc6640a4a8f7a4efabf

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
deleted file mode 100644
index 2dba788..00000000
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
+++ /dev/null
@@ -1,176 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
deleted file mode 100644
index 924bc68..00000000
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
+++ /dev/null
@@ -1,175 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="5"
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	app-misc/c_rehash
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/cacert.org
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-28  9:28 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-28  9:28 UTC (permalink / raw
  To: gentoo-commits

commit:     171217a85eefea54a12de02af2bf684af0ff042e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 09:28:33 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 09:28:48 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=171217a8

app-misc/ca-certificates: Make removal of untrusted certs optional.

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 ...7.1-r1.ebuild => ca-certificates-20160104.3.27.1-r2.ebuild} | 10 ++++++----
 app-misc/ca-certificates/metadata.xml                          |  3 +++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
similarity index 96%
rename from app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
rename to app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
index 93d3a8f..c1d332a 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r2.ebuild
@@ -58,7 +58,7 @@ fi
 LICENSE="MPL-1.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
+IUSE="insecure_certs"
 ${PRECOMPILED} || IUSE+=" cacert"
 
 DEPEND=""
@@ -136,9 +136,11 @@ src_compile() {
 		mv usr/share/doc/{ca-certificates,${PF}} || die
 	fi
 
-	# Remove untrusted certs from StartCom and WoSign (bug #598072)
-	rm "${c}"/mozilla/StartCom* || die
-	rm "${c}"/mozilla/WoSign* || die
+	if ! use insecure_certs ; then
+		# Remove untrusted certs from StartCom and WoSign (bug #598072)
+		rm "${c}"/mozilla/StartCom* || die
+		rm "${c}"/mozilla/WoSign* || die
+	fi
 
 	(
 	echo "# Automatically generated by ${CATEGORY}/${PF}"

diff --git a/app-misc/ca-certificates/metadata.xml b/app-misc/ca-certificates/metadata.xml
index f11c10f..f516f07 100644
--- a/app-misc/ca-certificates/metadata.xml
+++ b/app-misc/ca-certificates/metadata.xml
@@ -10,5 +10,8 @@
     Include root certs from CAcert (http://www.cacert.org/) and
     Software in the Public Interest (http://www.spi-inc.org/)
   </flag>
+  <flag name="insecure_certs">
+    Install certs which are known to *not* being trustworthy.
+  </flag>
 </use>
 </pkgmetadata>


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-25 18:45 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-25 18:45 UTC (permalink / raw
  To: gentoo-commits

commit:     1618939f853fc702430519ccaf5fc698b1970c78
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 25 18:45:20 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct 25 18:45:40 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1618939f

app-misc/ca-certificates: Fixed SRC_URI for nss tarballs (thanks Arfrever).

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild      | 2 +-
 app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild      | 4 ++--
 app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild | 2 +-
 app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild    | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index b75b174..5674b75 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -51,7 +51,7 @@ if ${PRECOMPILED} ; then
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
 else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
 fi
 

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
index 55d20a1..5284a99 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -51,7 +51,7 @@ if ${PRECOMPILED} ; then
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
 else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
 fi
 

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
index 04fabcb..93d3a8f 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
@@ -51,7 +51,7 @@ if ${PRECOMPILED} ; then
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
 else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
 fi
 

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
index a67d454..501429c 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
@@ -51,7 +51,7 @@ if ${PRECOMPILED} ; then
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
 else
 	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		https://archive.mozilla.org/pub/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
 		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
 fi
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-25 14:52 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-25 14:52 UTC (permalink / raw
  To: gentoo-commits

commit:     75289055e52812cff4a897ebf543f09e2e48829b
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 25 14:52:15 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Oct 25 14:52:42 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=75289055

app-misc/ca-certificates: Revbump to remove untrusted certs (bug #598072)

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../ca-certificates-20160104.3.27.1-r1.ebuild      | 179 +++++++++++++++++++++
 1 file changed, 179 insertions(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
new file mode 100644
index 00000000..04fabcb
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1-r1.ebuild
@@ -0,0 +1,179 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla" c="usr/share/${PN}"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d "${c}"/mozilla
+		if use cacert ; then
+			mkdir -p "${c}"/cacert.org
+			mv "${d}"/CAcert_Inc..crt "${c}"/cacert.org/cacert.org_root.crt || die
+		fi
+		mv "${d}"/*.crt "${c}"/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	# Remove untrusted certs from StartCom and WoSign (bug #598072)
+	rm "${c}"/mozilla/StartCom* || die
+	rm "${c}"/mozilla/WoSign* || die
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "${c}"
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-05  7:59 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-05  7:59 UTC (permalink / raw
  To: gentoo-commits

commit:     ae5b9090020c2d5b6f74458110571a9664bee49a
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 07:58:56 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 07:59:08 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae5b9090

app-misc/ca-certificates: Don't install obsolete spi-cacert-2008.crt

This is an attempt to fix bug #580722.

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
index d256d7c..a67d454 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
@@ -59,7 +59,7 @@ LICENSE="MPL-1.1"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
+${PRECOMPILED} || IUSE+=" cacert"
 
 DEPEND=""
 if ${PRECOMPILED} ; then
@@ -128,9 +128,8 @@ src_compile() {
 		# Now move the files to the same places that the precompiled would.
 		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
 		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mkdir -p usr/share/ca-certificates/cacert.org
 			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
 		fi
 		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
 	else


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-05  7:53 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-05  7:53 UTC (permalink / raw
  To: gentoo-commits

commit:     b213d00de62b3a398c1e32faa467a7c616aad879
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 07:52:44 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 07:53:51 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b213d00d

app-misc/ca-certificates: Bump to version 20160104.3.27.1

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20160104.3.27.1.ebuild         | 176 +++++++++++++++++++++
 2 files changed, 177 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index d684d14..4085aca 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -3,3 +3,4 @@ DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbdd
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
 DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243
+DIST nss-3.27.1.tar.gz 7397737 SHA256 fd3637a1930cd838239a89633a7ed9a18859ae9b599043f3a18f726dc4ec2a6b SHA512 b52bc18e42cab78a325a8c4fcf2894ca879cecbb657a852baf460551ed9727f145bc328ebb61a43a1605b457f923a1495707ac4aee27be70220463818ed8db8d WHIRLPOOL 17174b7d43bd82b9e805d653a7ea8b79bc2647a5891806c1cb77e2ac99e40eb64ffee03e105a41c375ba37e26cafeff4bd4bad27c48e94ed388d0215d0545364

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
new file mode 100644
index 00000000..d256d7c
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.27.1.ebuild
@@ -0,0 +1,176 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-10-05  7:53 Lars Wendler
  0 siblings, 0 replies; 203+ messages in thread
From: Lars Wendler @ 2016-10-05  7:53 UTC (permalink / raw
  To: gentoo-commits

commit:     2509dda5a2185d54e3c190d9288494e8d0df563d
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Oct  5 07:53:20 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Oct  5 07:53:54 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2509dda5

app-misc/ca-certificates: Removed old.

Package-Manager: portage-2.3.1
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../ca-certificates-20160104.3.21.ebuild           | 181 ---------------------
 1 file changed, 181 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild
deleted file mode 100644
index 3371dc7..00000000
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild
+++ /dev/null
@@ -1,181 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	DEPEND+=" !<sys-apps/portage-2.1.10.41"
-fi
-# c_rehash: we run `c_rehash`; newer version for alt-cert-paths #552540
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	>=app-misc/c_rehash-1.7-r1
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20150426-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ ${badcerts} -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-04-22 18:12 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2016-04-22 18:12 UTC (permalink / raw
  To: gentoo-commits

commit:     b1c73736606c66427cc0efc2d633357a52fb0ad8
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Fri Apr 22 18:12:13 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Fri Apr 22 18:12:23 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1c73736

app-misc/ca-certificates: drop duplicate symlink cleanup warning #575124

 app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
index 3aaece4..55d20a1 100644
--- a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
@@ -169,12 +169,7 @@ pkg_postinst() {
 		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
 	fi
 
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ ${badcerts} -eq 1 ]; then
+	if [ -n "$(find -L "${EROOT}"etc/ssl/certs/ -type l)" ] ; then
 		ewarn "Removing the following broken symlinks:"
 		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
 	fi


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-03-21  2:39 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2016-03-21  2:39 UTC (permalink / raw
  To: gentoo-commits

commit:     d0dc37a597938972d0ac32d3216ae09520ceb4e4
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 21 02:36:57 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Mar 21 02:38:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0dc37a5

app-misc/ca-certificates: version bump #573786

Also simplify the c_rehash dep since we don't care about the specific
version we use.

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20160104.3.23.ebuild           | 181 +++++++++++++++++++++
 2 files changed, 182 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 60ecc83..d684d14 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,3 +2,4 @@ DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c
 DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4
+DIST nss-3.23.tar.gz 7467001 SHA256 94b383e31c9671e9dfcca81084a8a813817e8f05a57f54533509b318d26e11cf SHA512 f3e388a415493685faa6df932e9e968af41ea2e8e4cba3fbd539c60177443e4042e8d2e2bfe74183552e14522d49048be2f80fbe038bdbd499971e82abf2cc32 WHIRLPOOL 77e22bd7a525c5b10723e1d5fb6db1e9d2efebfcdf9828aa79296f71c441c065201ecda56291f37790333d9b1d1e38fef1391a033382a885b83da31a646d6243

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
new file mode 100644
index 0000000..3aaece4
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.23.ebuild
@@ -0,0 +1,181 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="5"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	DEPEND+=" !<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	app-misc/c_rehash
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ ${badcerts} -eq 1 ]; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-03-21  2:39 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2016-03-21  2:39 UTC (permalink / raw
  To: gentoo-commits

commit:     6b0914f0c890010972597786e0d3b0747b84a84c
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 21 00:02:53 2016 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Mon Mar 21 02:38:59 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b0914f0

app-misc/ca-certificates: mark 20151214.3.21 m68k/s390/sh stable

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index 444a9fe..7821e71 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-29  8:46 Stephen Klimaszewski
  0 siblings, 0 replies; 203+ messages in thread
From: Stephen Klimaszewski @ 2016-02-29  8:46 UTC (permalink / raw
  To: gentoo-commits

commit:     3ec4e6458103f0bd41ac34089c33eb089c8089de
Author:     Steev Klimaszewski <steev <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 29 07:55:14 2016 +0000
Commit:     Stephen Klimaszewski <steev <AT> gentoo <DOT> org>
CommitDate: Mon Feb 29 08:40:35 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ec4e645

app-misc/ca-certificates: stable 20151214.3.21 for arm64

Package-Manager: portage-2.2.27

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index ee91d80..8a08600 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-20  7:46 Jeroen Roovers
  0 siblings, 0 replies; 203+ messages in thread
From: Jeroen Roovers @ 2016-02-20  7:46 UTC (permalink / raw
  To: gentoo-commits

commit:     8935e8edad1bce956c994642228c764e91a7ba16
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 20 07:46:43 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Feb 20 07:46:43 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8935e8ed

app-misc/ca-certificates: Stable for PPC64 (bug #561962).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index 6c58f09..ee91d80 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-13 15:33 Agostino Sarubbo
  0 siblings, 0 replies; 203+ messages in thread
From: Agostino Sarubbo @ 2016-02-13 15:33 UTC (permalink / raw
  To: gentoo-commits

commit:     cd7afa2aa7e57bc47f01b533e702780ec8d578bf
Author:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 13 15:33:22 2016 +0000
Commit:     Agostino Sarubbo <ago <AT> gentoo <DOT> org>
CommitDate: Sat Feb 13 15:33:22 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd7afa2a

app-misc/ca-certificates: amd64 stable wrt bug #561962

Package-Manager: portage-2.2.26
RepoMan-Options: --include-arches="amd64"
Signed-off-by: Agostino Sarubbo <ago <AT> gentoo.org>

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index 4142a10..3776fb9 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha ~amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-12  9:00 Jeroen Roovers
  0 siblings, 0 replies; 203+ messages in thread
From: Jeroen Roovers @ 2016-02-12  9:00 UTC (permalink / raw
  To: gentoo-commits

commit:     481077f43aad2ab0476cbeac7f7828eb3093a999
Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 12 08:59:33 2016 +0000
Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Feb 12 08:59:33 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=481077f4

app-misc/ca-certificates: Stable for HPPA (bug #561962).

Package-Manager: portage-2.2.27
RepoMan-Options: --ignore-arches

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index bb93f42..4142a10 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha ~amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-10 20:48 Markus Meier
  0 siblings, 0 replies; 203+ messages in thread
From: Markus Meier @ 2016-02-10 20:48 UTC (permalink / raw
  To: gentoo-commits

commit:     e53e55e7608ef0b84c1e9b7dcee7a2a6d6d939f3
Author:     Markus Meier <maekke <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 10 20:48:02 2016 +0000
Commit:     Markus Meier <maekke <AT> gentoo <DOT> org>
CommitDate: Wed Feb 10 20:48:02 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e53e55e7

app-misc/ca-certificates: arm stable, bug #561962

Package-Manager: portage-2.2.27
RepoMan-Options: --include-arches="arm"

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index 01d8fee..bb93f42 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha ~amd64 arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-06 16:28 Robin H. Johnson
  0 siblings, 0 replies; 203+ messages in thread
From: Robin H. Johnson @ 2016-02-06 16:28 UTC (permalink / raw
  To: gentoo-commits

commit:     df8a6319ba7178d08fc1a299d6745a1a105e599c
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  4 22:31:10 2016 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Feb  6 16:28:35 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df8a6319

app-misc/ca-certificates: bump.

Package-Manager: portage-2.2.27

 app-misc/ca-certificates/Manifest                  |   1 +
 .../ca-certificates-20160104.3.21.ebuild           | 184 +++++++++++++++++++++
 2 files changed, 185 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 6a4d23e..ba808a2 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -2,6 +2,7 @@ DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c
 DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
 DIST ca-certificates_20150426.tar.xz 303256 SHA256 37dbaa93ed64cc4ae93ac295f9248fbc741bd51376438cfb1257f17efab5494f SHA512 920dfc512c018c5338bf07b6a6afcb664d9bfba659d4233ca9e87471d5e0ed05de054c96f3d7e6091549aa6deb46106a79f7f982696081f9b2164e18133eb34d WHIRLPOOL 6d068fa13ffdb1b232b1cdb99063e52e52ee9f4cd44917f4eca263f36b5d4fa3c261b45bbf51143fc08965937adc477afd88c9a909300b619d42ae72b4c4acd9
 DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
+DIST ca-certificates_20160104.tar.xz 293632 SHA256 09eb770122e23260316120c0cbbddc8a1d33e7147210ce44e146084d5d5abcdd SHA512 4291ba58057b66d56853162b71862832135eab6f444a5e2cf3dd1089495d44624246dc0c540871851fe9aaceb42054516309402525c8f16a88911d3af9c3518a WHIRLPOOL 8a45acdf2c0673156bc546808df5160ebbfc3a85d775cefa8918c5b64ea6ba905e89017689a407a20444f3e550133c2af228f4d4a878670af50d88fc4739edeb
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
 DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf

diff --git a/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild
new file mode 100644
index 0000000..86a6882
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20160104.3.21.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="4"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	# platforms like AIX don't have a good ar
+	DEPEND+="
+		kernel_AIX? ( app-arch/deb2targz )
+		!<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`; newer version for alt-cert-paths #552540
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	>=app-misc/c_rehash-1.7-r1
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ ${badcerts} -eq 1 ]; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2016-02-04 11:08 Tobias Klausmann
  0 siblings, 0 replies; 203+ messages in thread
From: Tobias Klausmann @ 2016-02-04 11:08 UTC (permalink / raw
  To: gentoo-commits

commit:     0e9d99ce545da8a2ef4e1a1e793ba87a175c828c
Author:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  4 11:08:11 2016 +0000
Commit:     Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Thu Feb  4 11:08:11 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e9d99ce

app-misc/ca-certificates: add alpha keyword

Gentoo-Bug: 561962

Package-Manager: portage-2.2.27

 app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
index 86a6882..01d8fee 100644
--- a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -57,7 +57,7 @@ fi
 
 LICENSE="MPL-1.1"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE=""
 ${PRECOMPILED} || IUSE+=" +cacert"
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2015-12-22 23:35 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2015-12-22 23:35 UTC (permalink / raw
  To: gentoo-commits

commit:     348c4d0d51840d1052aeafd237cec1d9e4f489d5
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 22 23:34:23 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Dec 22 23:35:42 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=348c4d0d

app-misc/ca-certificates: version bump to 20151214.3.21 #568904

 app-misc/ca-certificates/Manifest                  |   2 +
 .../ca-certificates-20151214.3.21.ebuild           | 184 +++++++++++++++++++++
 2 files changed, 186 insertions(+)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index 901ae7e..6a4d23e 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,8 +1,10 @@
 DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270
 DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
 DIST ca-certificates_20150426.tar.xz 303256 SHA256 37dbaa93ed64cc4ae93ac295f9248fbc741bd51376438cfb1257f17efab5494f SHA512 920dfc512c018c5338bf07b6a6afcb664d9bfba659d4233ca9e87471d5e0ed05de054c96f3d7e6091549aa6deb46106a79f7f982696081f9b2164e18133eb34d WHIRLPOOL 6d068fa13ffdb1b232b1cdb99063e52e52ee9f4cd44917f4eca263f36b5d4fa3c261b45bbf51143fc08965937adc477afd88c9a909300b619d42ae72b4c4acd9
+DIST ca-certificates_20151214.tar.xz 293672 SHA256 59286e6403f482a24c672e09b810c7d089a73153d4772ff4a66e86053a920525 SHA512 acee5565aa7d1f0cc120a6abb6503e0ac4b4e12f5fd1cb12442ec1374ae1570ec6dc3a8f3a247fad6835a29d96e856f12c664f466e92344db3aa1ae6292a27ac WHIRLPOOL c03d214fb15a791c14f235c58296fb06f1408c98bb78049f58b3ebf7bc1c1cea4662f90a031d86de2548267feacf6a9e3fef957aa44a19e29e9a6ba803aaa3fa
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
 DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
 DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
 DIST nss-3.19.tar.gz 6951461 SHA256 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14 WHIRLPOOL 3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c
 DIST nss-3.20.tar.gz 6955552 SHA256 5e38d4b9837ca338af966b97fc91c07f67ad647fb38dc4af3cfd0d84e477d15c SHA512 50f666209cadd4e463f98643ec67e35f4d1b88381e17db9eed7c67559b19799fcc27e49d72536f546d4c45bca2afa4664e5590f868775a4397a77111d68fc366 WHIRLPOOL 84f20e6764b3621762fcfcb9223a3861e1f5ff02078b19b7df2eb58430a5f96943d962dca2d3366b18cd434acf3d3be746242c5064497167d5671c50233834de
+DIST nss-3.21.tar.gz 6978112 SHA256 3f7a5b027d7cdd5c0e4ff7544da33fdc6f56c2f8c27fff02938fd4a6fbe87239 SHA512 0645465b5d1ab05d819355a3f4a2879499539a00d95bfab3ca14a7dcd901e510b5d9ae797386ff5a42f68b0b57f7bbec4ec9d3a85ebd508eb824aba1fb589d53 WHIRLPOOL 7504d83de606d61840e06cb855ea688eb022d5eef062bcb7ac4d1064db96b96e35ae4ce0aff9d389a2140a7c3b974aaa9a86ada52af1199d462fdb48b11b42e4

diff --git a/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
new file mode 100644
index 0000000..86a6882
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20151214.3.21.ebuild
@@ -0,0 +1,184 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="4"
+PYTHON_COMPAT=( python{2_7,3_3,3_4,3_5} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	# platforms like AIX don't have a good ar
+	DEPEND+="
+		kernel_AIX? ( app-arch/deb2targz )
+		!<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`; newer version for alt-cert-paths #552540
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	>=app-misc/c_rehash-1.7-r1
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ ${badcerts} -eq 1 ]; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2015-11-25 14:23 Benda XU
  0 siblings, 0 replies; 203+ messages in thread
From: Benda XU @ 2015-11-25 14:23 UTC (permalink / raw
  To: gentoo-commits

commit:     87ffc25df4429f9313f5df729563a8956ba19508
Author:     Benda Xu <heroxbd <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 25 14:23:08 2015 +0000
Commit:     Benda XU <heroxbd <AT> gentoo <DOT> org>
CommitDate: Wed Nov 25 14:23:48 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87ffc25d

app-misc/ca-certificates: fix for Prefix.

match against ROOT instead of ROOT/ in the new 20150426.3.20 script.

Package-Manager: portage-2.2.25

 app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild
index 1e0f3f5..249bd53 100644
--- a/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild
@@ -116,7 +116,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-20150426-root.patch
 	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
 	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
+		-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
 		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
 		usr/sbin/update-ca-certificates || die
 


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2015-10-01  9:40 Julian Ospald
  0 siblings, 0 replies; 203+ messages in thread
From: Julian Ospald @ 2015-10-01  9:40 UTC (permalink / raw
  To: gentoo-commits

commit:     06fc8b7625def67f415342a225566ff453de99a4
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Thu Oct  1 09:29:25 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Thu Oct  1 09:29:25 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fc8b76

app-misc/ca-certificates: use app-misc/c_rehash

Gentoo-Bug: 561852
Reviewed-By: SpanKY <vapier <AT> gentoo.org>

 .../ca-certificates-20150426.3.20-r1.ebuild        | 189 +++++++++++++++++++++
 1 file changed, 189 insertions(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild
new file mode 100644
index 0000000..1e0f3f5
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20150426.3.20-r1.ebuild
@@ -0,0 +1,189 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="4"
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE=""
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	# platforms like AIX don't have a good ar
+	DEPEND+="
+		kernel_AIX? ( app-arch/deb2targz )
+		!<sys-apps/portage-2.1.10.41"
+fi
+# c_rehash: we run `c_rehash`; newer version for alt-cert-paths #552540
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	>=app-misc/c_rehash-1.7-r1
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	mv ${PN}-*/ ${PN} || die
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20150426-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+
+	cd "${S}"
+	epatch "${FILESDIR}"/${PN}-20150426-nss-certdata2pem-py3.patch #548374
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ $badcerts -eq 1 ]; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2015-09-26 17:46 Mike Frysinger
  0 siblings, 0 replies; 203+ messages in thread
From: Mike Frysinger @ 2015-09-26 17:46 UTC (permalink / raw
  To: gentoo-commits

commit:     13f0b6dc156f34f040465780c59d0ed7d340f56e
Author:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 26 16:22:20 2015 +0000
Commit:     Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Sat Sep 26 17:45:27 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13f0b6dc

app-misc/ca-certificates: delete old

 app-misc/ca-certificates/Manifest                  |   7 -
 .../ca-certificates-20130906-r1.ebuild             |  95 -----------
 .../ca-certificates-20140223-r1.ebuild             | 178 --------------------
 .../ca-certificates-20140223.3.15.5-r1.ebuild      | 184 ---------------------
 .../ca-certificates-20140223.3.16-r1.ebuild        | 184 ---------------------
 .../ca-certificates-20140325.3.16.3.ebuild         | 184 ---------------------
 6 files changed, 832 deletions(-)

diff --git a/app-misc/ca-certificates/Manifest b/app-misc/ca-certificates/Manifest
index a963113..436f77d 100644
--- a/app-misc/ca-certificates/Manifest
+++ b/app-misc/ca-certificates/Manifest
@@ -1,13 +1,6 @@
-DIST ca-certificates_20130906_all.deb 185064 SHA256 b2326834479192de2298c607bc020715c949cbd4dc5dd6be28a1b3f348eb9b76 SHA512 0410d11843e36fb488698a5ce7e1eda473b91d476c99d8e3bd006705167c9f2ac9a554e7fce1595f3717f1781a1390af345b3e7e4bc1e58c055e0a11321ececa WHIRLPOOL b9cf04b0e080752567a82c8fecffd033d10f19e41c0ecb1e676246947a34d1380002f9860539611dd79b04c47d19f6631a126c5887cff7ee52ff866b36c50109
-DIST ca-certificates_20140223.tar.xz 274768 SHA256 815b7cd97200b0d76450bb3e7d9b65997ac494ab6467b17369f65b2ef94bcb0c SHA512 14855eba51f90ab062b53a0d1986889de9ad7db4cb52bd4d764872b7c90eaaee62920543a4670ab45329469f76365d1e902219397b660034689159f13b8668d8 WHIRLPOOL f841d9a5fa2d4b3d46d06a2de947108ccb8bf7f19c99979822e22f043624656e789ba0340657b21a15560fd6593efa4256efc9f317974bdca8088a3647836e49
-DIST ca-certificates_20140223_all.deb 190226 SHA256 13cb11144a97d95a8be130e4bcdd6c9ffc3df269bb194699bcd21ca377e01df2 SHA512 003b6fd2301eee3ca2119781ee75a1b195f142678d4570b598c4b93847de23c4f659152f834db1f0c8866767324d02b27807260cf43f6ae16207538fa419aa31 WHIRLPOOL 179a0bcf341e7de07d02f6574850614ef221851379945db00018d25f485cee6c11915322ee370e72321d81464d7d6bb96401b41029b8f7215a68e46971671deb
-DIST ca-certificates_20140325.tar.xz 278816 SHA256 c0e3d8c517995db2737f7f1a9b69d654b8823fa6d337871c6ce111fcf083454a SHA512 6645740d61da78845facce6e3881c64f51e945a454cb26cead6e7df4887f1f3797bea217cebaffaae22a76fa3867ee20dee7b1d5200df20b85878a0c6029c2f8 WHIRLPOOL 93d4ff1ac74c6961612ffa0e4da35228636698940fd0a66e4e6842de4e48f5ded74885bfb330f6d106ae267124309d51d49f646959bbae1ef9fa7a55dbb2085a
 DIST ca-certificates_20140927.tar.xz 288824 SHA256 e582724ebb9d5d6fe02d02db1773c9ca76d3aaab4b15375a0d72e9abf88a65c5 SHA512 3cd08559c52aeba763a8ecc0333c7c20838db0111e52d9adf65719f14f858611271d61801a60fb3aea4e74be4a7903c1b462bf889172f5afb774280bb615b98b WHIRLPOOL e32e54b21109b7c44266480a6a5d78693b5ef7ffae1df595c4edfe2cce85d1cd29664e6d916c5bfffb965e4bb01fce6a8327a2ead5bb0ca7cdd8afd04346a270
 DIST ca-certificates_20141019.tar.xz 289092 SHA256 684902d3f4e9ad27829f4af0d9d2d588afed03667997579b9c2be86fcd1eb73a SHA512 5b0e8fb917f5642a5a2b4fde46a706db0c652ff3fb31a5053d9123a5b670b50c6e3cf2496915cc01c613dcbe964d6432f393c12d8a697baedfad58f9d13e568b WHIRLPOOL 6d3c0ccfbd4b1598ed529cb07390baaf741e24c8fd4762aa1786ada7188ec0c4e327513047bca2b93a488681e80b5a8fabc37b98b7f6e5e92cba62580c4cf74f
 DIST nss-3.14.1-add_spi+cacerts_ca_certs.patch 25018 SHA256 82ca25982828fd7153ad15fc6e81408c115476eeeb4045d3a71469380b56824b SHA512 2aafbd972b073061bfd66a66a4b50060691957f2910f716f7a69d22d655c499f186f05db2101bea5248a00949f339327ba8bfffec024c61c8ee908766201ae00 WHIRLPOOL c9fe397e316dac7983b187acf7227078ebd8f8da5df53f77f2564489e85f123c4d2afb88d56e8dc14b9ebfffe8a71ade4724b3c1ea683c5c4c487cb3a64eda43
-DIST nss-3.15.5.tar.gz 6367893 SHA256 1442c85624b7de74c7745132a65aa0de47d280c4f01f293d111bc0b6d8271f43 SHA512 4db27ea98f17f1a5bc6f513455497945fc35957f573b3ac7e730b166fbe0e8fd741c188187c578faf361d969db63d83ff8ccf15ac2b8ca72a367f33a018695ca WHIRLPOOL c3c687ac53dca571d1c45bdf4a80e192ca58da07e06ef56de7ac9736480c97689dd12d14351860764b70a1d823092a1ddbc471328c4bae4a899edd0e331c8aee
-DIST nss-3.16.3.tar.gz 6426732 SHA256 657711ff7a4058043b69019a66f44101d0234eae2b6b80ab900439dbf02add60 SHA512 2e829b021319a9d8c0cedec742f84c54815eed8e3b1042b5045f08746e5768286001e9517d2b69c2a5d705cd632c98f3a9227e651a492bae3ef638cc706fe31f WHIRLPOOL bd8fe296baf79b4cad2224a921bf6d0a6b6a1f13df5b64131f59964541d2ec1ae506a79a5a3b8dc08a47c8fcdfa5eafb866727fcf26c37d4e5e91a7ebb7886b3
-DIST nss-3.16.tar.gz 6378110 SHA256 2bb4faa200962caacf0454f1e870e74aa9a543809e5c440f7978bcce58e0bfe8 SHA512 e3dcde8213f7f131fe2f714ff2f45c6d7b9b2167e51dbf0e1a750cc4f83d9fa35e69408850de6600f55fbc9e26b29dc344548cb64849d6e3252476eadd7ee57f WHIRLPOOL d30b53ec36cacff9756b43780d904e32760cd5d0b75f1888b6fb80e0a87ce828f4e6189de63880ddce90bdf5d90123ff7e9fdf600f4df02ce59702898f08c11e
 DIST nss-3.17.2.tar.gz 6927414 SHA256 134929e44e44b968a4883f4ee513a71ae45d55b486cee41ee8e26c3cc84dab8b SHA512 a3d165bb2c578e7b5d90349729e85a2fce09260d069093080c76cce3b8a996c6489232324fd6a0c69b959321bcdf5f1806054f165cd6ce851fe4ffeb2883ae7f WHIRLPOOL 01b3cc546aa2dd0974caa2267aa9874b01cf6096f307a114393ba5a98adc216e0f2b217631b89b20752be5881f70fc1a7e94e0e90618707d5f9b9d18fd55d859
 DIST nss-3.17.4.tar.gz 6924699 SHA256 1d98ad1881a4237ec98cbe472fc851480f0b0e954dfe224d047811fb96ff9d79 SHA512 dfc44e28c303743a72b4553f471089bc991c3cb61d5f3071082c16400d5e4f216f84a2e44536570316fe0e798c14ca370c875dad791a873034595b9e4dd70b89 WHIRLPOOL bb6e1027c5237d12fe58b4c520536022d8d4e83183a78c3421fd46bf9c3503b1f0ca4644240e383f216ec1e5174c0ae4148372db68fb9f1c10275954559d5bbf
 DIST nss-3.19.tar.gz 6951461 SHA256 989ebdf79374f24181f060d332445b1a4baf3df39d08514c4349ba8573cefa9b SHA512 e428d206a4fd30087f275a33771a1d7e753b000e8fc3e7c746972a89d1b32300d3619f430ea15e870d82b3af52785d4dd36ae89c9c496f014f9f323ea373da14 WHIRLPOOL 3a8b58a8a28e31f65f40cfa6a9bd9ca2177a17552082d8de2189da6c92ff7ba9c90be13793666558a2bff609da738cb1f4313968077e1041b8f283d36005e76c

diff --git a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild
deleted file mode 100644
index 1147230..0000000
--- a/app-misc/ca-certificates/ca-certificates-20130906-r1.ebuild
+++ /dev/null
@@ -1,95 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="4"
-
-inherit eutils unpacker
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-#NMU_PR="1"
-SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-
-# platforms like AIX don't have a good ar
-DEPEND="kernel_AIX? ( app-arch/deb2targz )
-	!<sys-apps/portage-2.1.10.41"
-# openssl: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	dev-libs/openssl
-	sys-apps/debianutils"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	if [[ -n ${EPREFIX} ]] ; then
-		# need to perform everything in the offset, #381937
-		mkdir -p "./${EPREFIX}"
-		cd "./${EPREFIX}" || die
-	fi
-	unpack_deb ${A}
-}
-
-src_prepare() {
-	cd "./${EPREFIX}" || die
-	epatch "${FILESDIR}"/${PN}-20110502-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd "${S}${EPREFIX}"/usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > "${S}${EPREFIX}"/etc/ca-certificates.conf
-
-	sh "${S}${EPREFIX}"/usr/sbin/update-ca-certificates --root "${S}" || die
-}
-
-src_install() {
-	cp -pPR . "${D}"/ || die
-
-	mv "${ED}"/usr/share/doc/{ca-certificates,${PF}} || die
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ $badcerts -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild
deleted file mode 100644
index df086ec..0000000
--- a/app-misc/ca-certificates/ca-certificates-20140223-r1.ebuild
+++ /dev/null
@@ -1,178 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-
-inherit eutils
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-if ${PRECOMPILED} ; then
-	#NMU_PR="1"
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	# platforms like AIX don't have a good ar
-	DEPEND+="
-		kernel_AIX? ( app-arch/deb2targz )
-		!<sys-apps/portage-2.1.10.41"
-fi
-# openssl: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	dev-libs/openssl
-	sys-apps/debianutils"
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20110502-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ $badcerts -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild
deleted file mode 100644
index 81b211a..0000000
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.15.5-r1.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-if ${PRECOMPILED} ; then
-	#NMU_PR="1"
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	# platforms like AIX don't have a good ar
-	DEPEND+="
-		kernel_AIX? ( app-arch/deb2targz )
-		!<sys-apps/portage-2.1.10.41"
-fi
-# openssl: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	dev-libs/openssl
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20110502-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ $badcerts -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild
deleted file mode 100644
index 81b211a..0000000
--- a/app-misc/ca-certificates/ca-certificates-20140223.3.16-r1.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-if ${PRECOMPILED} ; then
-	#NMU_PR="1"
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	# platforms like AIX don't have a good ar
-	DEPEND+="
-		kernel_AIX? ( app-arch/deb2targz )
-		!<sys-apps/portage-2.1.10.41"
-fi
-# openssl: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	dev-libs/openssl
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20110502-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ $badcerts -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}

diff --git a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild b/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild
deleted file mode 100644
index c29feef..0000000
--- a/app-misc/ca-certificates/ca-certificates-20140325.3.16.3.ebuild
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-# The Debian ca-certificates package merely takes the CA database as it exists
-# in the nss package and repackages it for use by openssl.
-#
-# The issue with using the compiled debs directly is two fold:
-# - they do not update frequently enough for us to rely on them
-# - they pull the CA database from nss tip of tree rather than the release
-#
-# So we take the Debian source tools and combine them with the latest nss
-# release to produce (largely) the same end result.  The difference is that
-# now we know our cert database is kept in sync with nss and, if need be,
-# can be sync with nss tip of tree more frequently to respond to bugs.
-
-# When triaging bugs from users, here's some handy tips:
-# - To see what cert is hitting errors, use openssl:
-#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
-#   Focus on the errors written to stderr.
-#
-# - Look at the upstream log as to why certs were added/removed:
-#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
-#
-# - If people want to add/remove certs, tell them to file w/mozilla:
-#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
-
-EAPI="4"
-PYTHON_COMPAT=( python2_7 )
-
-inherit eutils python-any-r1
-
-if [[ ${PV} == *.* ]] ; then
-	# Compile from source ourselves.
-	PRECOMPILED=false
-	inherit versionator
-
-	DEB_VER=$(get_version_component_range 1)
-	NSS_VER=$(get_version_component_range 2-)
-	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
-else
-	# Debian precompiled version.
-	PRECOMPILED=true
-	inherit unpacker
-fi
-
-DESCRIPTION="Common CA Certificates PEM files"
-HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
-NMU_PR=""
-if ${PRECOMPILED} ; then
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
-else
-	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
-		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
-		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
-fi
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE=""
-${PRECOMPILED} || IUSE+=" +cacert"
-
-DEPEND=""
-if ${PRECOMPILED} ; then
-	# platforms like AIX don't have a good ar
-	DEPEND+="
-		kernel_AIX? ( app-arch/deb2targz )
-		!<sys-apps/portage-2.1.10.41"
-fi
-# openssl: we run `c_rehash`
-# debianutils: we run `run-parts`
-RDEPEND="${DEPEND}
-	dev-libs/openssl
-	sys-apps/debianutils"
-
-if ! ${PRECOMPILED}; then
-	DEPEND+=" ${PYTHON_DEPS}"
-fi
-
-S=${WORKDIR}
-
-pkg_setup() {
-	# For the conversion to having it in CONFIG_PROTECT_MASK,
-	# we need to tell users about it once manually first.
-	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
-		|| ewarn "You should run update-ca-certificates manually after etc-update"
-}
-
-src_unpack() {
-	${PRECOMPILED} || default
-
-	# Do all the work in the image subdir to avoid conflicting with source
-	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
-	mkdir -p "image/${EPREFIX}"
-	cd "image/${EPREFIX}" || die
-
-	${PRECOMPILED} && unpacker_src_unpack
-}
-
-src_prepare() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		mkdir -p usr/sbin
-		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
-
-		if use cacert ; then
-			pushd "${S}"/nss-${NSS_VER} >/dev/null
-			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
-			popd >/dev/null
-		fi
-	fi
-
-	epatch "${FILESDIR}"/${PN}-20110502-root.patch
-	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
-	sed -i \
-		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
-		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
-		usr/sbin/update-ca-certificates || die
-}
-
-src_compile() {
-	cd "image/${EPREFIX}" || die
-	if ! ${PRECOMPILED} ; then
-		python_setup
-		local d="${S}/${PN}/mozilla"
-		# Grab the database from the nss sources.
-		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
-		emake -C "${d}"
-
-		# Now move the files to the same places that the precompiled would.
-		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
-		if use cacert ; then
-			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
-			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
-			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
-		fi
-		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
-	else
-		mv usr/share/doc/{ca-certificates,${PF}} || die
-	fi
-
-	(
-	echo "# Automatically generated by ${CATEGORY}/${PF}"
-	echo "# $(date -u)"
-	echo "# Do not edit."
-	cd usr/share/ca-certificates
-	find * -name '*.crt' | LC_ALL=C sort
-	) > etc/ca-certificates.conf
-
-	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
-}
-
-src_install() {
-	cp -pPR image/* "${D}"/ || die
-	if ! ${PRECOMPILED} ; then
-		cd ca-certificates
-		doman sbin/*.8
-		dodoc debian/README.* examples/ca-certificates-local/README
-	fi
-
-	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
-	doenvd 98ca-certificates
-}
-
-pkg_postinst() {
-	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
-		# if the user has local certs, we need to rebuild again
-		# to include their stuff in the db.
-		# However it's too overzealous when the user has custom certs in place.
-		# --fresh is to clean up dangling symlinks
-		"${EROOT}"/usr/sbin/update-ca-certificates --root "${EROOT}"
-	fi
-
-	local c badcerts=0
-	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
-		ewarn "Broken symlink for a certificate at $c"
-		badcerts=1
-	done
-	if [ $badcerts -eq 1 ]; then
-		ewarn "Removing the following broken symlinks:"
-		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
-	fi
-}


^ permalink raw reply related	[flat|nested] 203+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/
@ 2015-09-20 13:28 Julian Ospald
  0 siblings, 0 replies; 203+ messages in thread
From: Julian Ospald @ 2015-09-20 13:28 UTC (permalink / raw
  To: gentoo-commits

commit:     bbfbe6bb7a3d2dc6db850438154e37573e979a95
Author:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 20 13:27:26 2015 +0000
Commit:     Julian Ospald <hasufell <AT> gentoo <DOT> org>
CommitDate: Sun Sep 20 13:27:26 2015 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bbfbe6bb

app-misc/ca-certificates: add libressl support

 .../ca-certificates-20141019.3.19-r1.ebuild        | 190 +++++++++++++++++++++
 1 file changed, 190 insertions(+)

diff --git a/app-misc/ca-certificates/ca-certificates-20141019.3.19-r1.ebuild b/app-misc/ca-certificates/ca-certificates-20141019.3.19-r1.ebuild
new file mode 100644
index 0000000..309784d
--- /dev/null
+++ b/app-misc/ca-certificates/ca-certificates-20141019.3.19-r1.ebuild
@@ -0,0 +1,190 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# The Debian ca-certificates package merely takes the CA database as it exists
+# in the nss package and repackages it for use by openssl.
+#
+# The issue with using the compiled debs directly is two fold:
+# - they do not update frequently enough for us to rely on them
+# - they pull the CA database from nss tip of tree rather than the release
+#
+# So we take the Debian source tools and combine them with the latest nss
+# release to produce (largely) the same end result.  The difference is that
+# now we know our cert database is kept in sync with nss and, if need be,
+# can be sync with nss tip of tree more frequently to respond to bugs.
+
+# When triaging bugs from users, here's some handy tips:
+# - To see what cert is hitting errors, use openssl:
+#   openssl s_client -port 443 -CApath /etc/ssl/certs/ -host $HOSTNAME
+#   Focus on the errors written to stderr.
+#
+# - Look at the upstream log as to why certs were added/removed:
+#   https://hg.mozilla.org/projects/nss/log/tip/lib/ckfw/builtins/certdata.txt
+#
+# - If people want to add/remove certs, tell them to file w/mozilla:
+#   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
+
+EAPI="4"
+PYTHON_COMPAT=( python2_7 )
+
+inherit eutils python-any-r1
+
+if [[ ${PV} == *.* ]] ; then
+	# Compile from source ourselves.
+	PRECOMPILED=false
+	inherit versionator
+
+	DEB_VER=$(get_version_component_range 1)
+	NSS_VER=$(get_version_component_range 2-)
+	RTM_NAME="NSS_${NSS_VER//./_}_RTM"
+else
+	# Debian precompiled version.
+	PRECOMPILED=true
+	inherit unpacker
+fi
+
+DESCRIPTION="Common CA Certificates PEM files"
+HOMEPAGE="http://packages.debian.org/sid/ca-certificates"
+NMU_PR=""
+if ${PRECOMPILED} ; then
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${PV}${NMU_PR:++nmu}${NMU_PR}_all.deb"
+else
+	SRC_URI="mirror://debian/pool/main/c/${PN}/${PN}_${DEB_VER}${NMU_PR:++nmu}${NMU_PR}.tar.xz
+		ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${RTM_NAME}/src/nss-${NSS_VER}.tar.gz
+		cacert? ( https://dev.gentoo.org/~anarchy/patches/nss-3.14.1-add_spi+cacerts_ca_certs.patch )"
+fi
+
+LICENSE="MPL-1.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="libressl"
+${PRECOMPILED} || IUSE+=" +cacert"
+
+DEPEND=""
+if ${PRECOMPILED} ; then
+	# platforms like AIX don't have a good ar
+	DEPEND+="
+		kernel_AIX? ( app-arch/deb2targz )
+		!<sys-apps/portage-2.1.10.41"
+fi
+# openssl: we run `c_rehash`; newer version for alt-cert-paths #552540
+# debianutils: we run `run-parts`
+RDEPEND="${DEPEND}
+	!libressl? ( >=dev-libs/openssl-1.0.1o:0 )
+	libressl? (
+		app-misc/c_rehash
+		dev-libs/libressl
+	)
+	sys-apps/debianutils"
+
+if ! ${PRECOMPILED}; then
+	DEPEND+=" ${PYTHON_DEPS}"
+fi
+
+S=${WORKDIR}
+
+pkg_setup() {
+	# For the conversion to having it in CONFIG_PROTECT_MASK,
+	# we need to tell users about it once manually first.
+	[[ -f "${EPREFIX}"/etc/env.d/98ca-certificates ]] \
+		|| ewarn "You should run update-ca-certificates manually after etc-update"
+}
+
+src_unpack() {
+	${PRECOMPILED} || default
+
+	mv ${PN}-*/ ${PN} || die
+
+	# Do all the work in the image subdir to avoid conflicting with source
+	# dirs in $WORKDIR.  Need to perform everything in the offset #381937
+	mkdir -p "image/${EPREFIX}"
+	cd "image/${EPREFIX}" || die
+
+	${PRECOMPILED} && unpacker_src_unpack
+}
+
+src_prepare() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		mkdir -p usr/sbin
+		cp -p "${S}"/${PN}/sbin/update-ca-certificates usr/sbin/ || die
+
+		if use cacert ; then
+			pushd "${S}"/nss-${NSS_VER} >/dev/null
+			epatch "${DISTDIR}"/nss-3.14.1-add_spi+cacerts_ca_certs.patch
+			popd >/dev/null
+		fi
+	fi
+
+	epatch "${FILESDIR}"/${PN}-20141019-root.patch
+	local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
+	sed -i \
+		-e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
+		-e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
+		usr/sbin/update-ca-certificates || die
+}
+
+src_compile() {
+	cd "image/${EPREFIX}" || die
+	if ! ${PRECOMPILED} ; then
+		python_setup
+		local d="${S}/${PN}/mozilla"
+		# Grab the database from the nss sources.
+		cp "${S}"/nss-${NSS_VER}/nss/lib/ckfw/builtins/{certdata.txt,nssckbi.h} "${d}" || die
+		emake -C "${d}"
+
+		# Now move the files to the same places that the precompiled would.
+		mkdir -p etc/ssl/certs etc/ca-certificates/update.d usr/share/ca-certificates/mozilla
+		if use cacert ; then
+			mkdir -p usr/share/ca-certificates/{cacert.org,spi-inc.org}
+			mv "${d}"/CAcert_Inc..crt usr/share/ca-certificates/cacert.org/cacert.org_root.crt || die
+			mv "${d}"/SPI_Inc..crt usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt || die
+		fi
+		mv "${d}"/*.crt usr/share/ca-certificates/mozilla/ || die
+	else
+		mv usr/share/doc/{ca-certificates,${PF}} || die
+	fi
+
+	(
+	echo "# Automatically generated by ${CATEGORY}/${PF}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd usr/share/ca-certificates
+	find * -name '*.crt' | LC_ALL=C sort
+	) > etc/ca-certificates.conf
+
+	sh usr/sbin/update-ca-certificates --root "${S}/image" || die
+}
+
+src_install() {
+	cp -pPR image/* "${D}"/ || die
+	if ! ${PRECOMPILED} ; then
+		cd ca-certificates
+		doman sbin/*.8
+		dodoc debian/README.* examples/ca-certificates-local/README
+	fi
+
+	echo 'CONFIG_PROTECT_MASK="/etc/ca-certificates.conf"' > 98ca-certificates
+	doenvd 98ca-certificates
+}
+
+pkg_postinst() {
+	if [ -d "${EROOT}/usr/local/share/ca-certificates" ] ; then
+		# if the user has local certs, we need to rebuild again
+		# to include their stuff in the db.
+		# However it's too overzealous when the user has custom certs in place.
+		# --fresh is to clean up dangling symlinks
+		"${EROOT}"/usr/sbin/update-ca-certificates --root "${ROOT}"
+	fi
+
+	local c badcerts=0
+	for c in $(find -L "${EROOT}"etc/ssl/certs/ -type l) ; do
+		ewarn "Broken symlink for a certificate at $c"
+		badcerts=1
+	done
+	if [ $badcerts -eq 1 ]; then
+		ewarn "Removing the following broken symlinks:"
+		ewarn "$(find -L "${EROOT}"/etc/ssl/certs/ -type l -printf '%p -> %l\n' -delete)"
+	fi
+}


^ permalink raw reply related	[flat|nested] 203+ messages in thread

end of thread, other threads:[~2025-06-03  4:51 UTC | newest]

Thread overview: 203+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-17  9:39 [gentoo-commits] repo/gentoo:master commit in: app-misc/ca-certificates/ Lars Wendler
  -- strict thread matches above, loose matches on Subject: below --
2025-06-03  4:51 Sam James
2024-07-01 18:55 Mike Gilbert
2024-06-01  3:46 Ionen Wolkens
2024-04-29  8:12 Arthur Zamarin
2024-03-15 20:26 Arthur Zamarin
2024-03-14  8:18 Arthur Zamarin
2024-03-14  7:48 Arthur Zamarin
2024-03-14  6:44 Sam James
2024-03-14  6:23 Sam James
2024-03-14  6:19 Sam James
2024-03-14  6:11 Sam James
2024-03-14  6:06 Sam James
2024-02-08  1:36 Sam James
2024-02-03  6:56 Sam James
2024-02-02 16:27 Arthur Zamarin
2024-02-02 13:34 Arthur Zamarin
2024-02-02  6:40 Sam James
2024-02-02  4:33 Sam James
2024-01-22 13:12 Sam James
2024-01-18  0:28 Sam James
2024-01-17  8:53 Arthur Zamarin
2024-01-17  6:34 Sam James
2024-01-17  5:59 Sam James
2024-01-17  5:50 Sam James
2024-01-17  5:33 Sam James
2024-01-03  2:20 Ionen Wolkens
2023-12-21 16:01 Arthur Zamarin
2023-12-21 15:15 Sam James
2023-12-21 13:18 Arthur Zamarin
2023-12-21 12:56 Sam James
2023-12-21 11:55 Sam James
2023-12-21 11:55 Sam James
2023-12-21 11:12 Arthur Zamarin
2023-12-02  7:13 Sam James
2023-11-20 17:06 Robin H. Johnson
2023-09-01  8:02 Sam James
2023-06-05  3:59 Sam James
2023-06-05  3:57 Sam James
2023-05-13  7:15 Arthur Zamarin
2023-05-13  5:08 Sam James
2023-05-13  3:17 Sam James
2023-05-13  3:17 Sam James
2023-05-13  3:17 Sam James
2023-05-13  3:17 Sam James
2023-05-13  3:17 Sam James
2023-05-13  3:17 Sam James
2023-05-06  8:48 Sam James
2023-05-06  8:48 Sam James
2023-05-06  8:48 Sam James
2023-03-24 13:49 Arthur Zamarin
2023-03-24 13:48 Arthur Zamarin
2023-03-22  9:37 Sam James
2023-03-10  9:33 Sam James
2023-03-10  8:08 Sam James
2023-03-10  8:08 Sam James
2023-03-10  8:08 Sam James
2023-03-10  7:44 Arthur Zamarin
2023-03-10  7:44 Arthur Zamarin
2023-03-10  7:44 Arthur Zamarin
2023-03-10  7:44 Arthur Zamarin
2023-03-10  7:44 Arthur Zamarin
2023-02-16  5:28 Sam James
2023-02-04  1:48 Mike Gilbert
2023-01-09  5:53 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-09  5:41 Sam James
2023-01-06  8:40 Sam James
2022-12-10  3:26 Sam James
2022-11-18 11:18 Arthur Zamarin
2022-11-18  7:00 Arthur Zamarin
2022-11-18  7:00 Sam James
2022-11-18  6:50 Arthur Zamarin
2022-11-18  6:48 Arthur Zamarin
2022-11-18  6:47 Arthur Zamarin
2022-11-18  6:46 Sam James
2022-11-18  6:46 Sam James
2022-11-18  6:23 Sam James
2022-11-18  6:23 Sam James
2022-09-23  6:14 Sam James
2022-09-17  5:38 Arthur Zamarin
2022-09-16 18:27 Arthur Zamarin
2022-09-16  8:40 Arthur Zamarin
2022-09-07  1:50 Sam James
2022-09-06 21:59 Jakov Smolić
2022-09-06 21:53 Sam James
2022-09-06 21:49 Jakov Smolić
2022-09-06 21:37 Sam James
2022-09-06 21:35 Sam James
2022-07-05  2:30 Sam James
2022-06-02  5:38 Sam James
2022-04-25 15:59 Sam James
2022-04-03  1:48 Sam James
2022-03-31  0:47 Sam James
2021-11-04 19:07 Sam James
2021-11-04 17:53 Lars Wendler
2021-11-04 17:53 Lars Wendler
2021-10-15 14:33 Thomas Deutschmann
2021-09-27  4:26 Robin H. Johnson
2021-05-28 19:36 Thomas Deutschmann
2021-05-28 19:16 Thomas Deutschmann
2021-04-16 11:35 Thomas Deutschmann
2021-04-16 11:35 Thomas Deutschmann
2021-03-17 20:49 Thomas Deutschmann
2021-02-21 12:10 Lars Wendler
2021-02-21 12:10 Lars Wendler
2021-02-15 23:44 Mike Frysinger
2020-12-14 21:42 Thomas Deutschmann
2020-11-14 22:56 Thomas Deutschmann
2020-10-06 16:36 Lars Wendler
2020-08-20 15:08 Thomas Deutschmann
2020-06-02 17:28 Thomas Deutschmann
2020-06-02 17:13 Robin H. Johnson
2020-06-01 22:56 Robin H. Johnson
2020-04-17 20:59 Andreas Sturmlechner
2019-07-18  8:25 Lars Wendler
2019-07-18  8:25 Lars Wendler
2019-07-18  8:16 Agostino Sarubbo
2019-05-04 10:35 Andreas K. Hüttel
2019-03-18 14:29 Lars Wendler
2019-02-19 12:28 Fabian Groffen
2019-02-18  9:02 Lars Wendler
2019-01-07 19:53 Thomas Deutschmann
2019-01-07 19:53 Thomas Deutschmann
2018-12-25 20:18 Lars Wendler
2018-10-01 14:03 Lars Wendler
2018-05-08  8:47 Lars Wendler
2018-04-22 17:34 Thomas Deutschmann
2018-04-20  6:54 Sergei Trofimovich
2018-04-18 11:31 Mikle Kolyada
2018-04-18  8:27 Lars Wendler
2018-04-18  8:27 Lars Wendler
2018-04-18  4:37 Mart Raudsepp
2018-04-17 22:50 Thomas Deutschmann
2018-04-17 16:01 Thomas Deutschmann
2018-04-11  8:19 Lars Wendler
2018-03-07  9:14 Lars Wendler
2018-03-07  9:13 Lars Wendler
2018-01-20 10:04 Lars Wendler
2018-01-20 10:04 Lars Wendler
2018-01-12  4:10 Mike Frysinger
2017-12-24  9:46 Mart Raudsepp
2017-11-29 17:27 Lars Wendler
2017-11-29 17:27 Lars Wendler
2017-11-15 18:51 Lars Wendler
2017-11-01 14:50 Jeroen Roovers
2017-09-21 22:26 Lars Wendler
2017-09-21 22:26 Lars Wendler
2017-09-14 21:24 Lars Wendler
2017-09-14 21:24 Lars Wendler
2017-08-08  7:40 Lars Wendler
2017-08-08  7:40 Lars Wendler
2017-08-08  7:40 Lars Wendler
2017-08-08  7:40 Lars Wendler
2017-05-05 13:49 Lars Wendler
2017-05-05 13:49 Lars Wendler
2017-04-06 13:08 Lars Wendler
2017-04-06 13:08 Lars Wendler
2017-03-24  9:29 Lars Wendler
2017-03-23  7:59 Lars Wendler
2017-03-08  9:47 Lars Wendler
2017-03-08  9:47 Lars Wendler
2017-02-21  9:30 Lars Wendler
2017-02-18  6:45 Lars Wendler
2017-02-18  5:47 Markus Meier
2017-02-14 10:35 Lars Wendler
2017-02-14 10:35 Lars Wendler
2017-01-12 22:02 Lars Wendler
2017-01-12 22:02 Lars Wendler
2017-01-10  7:16 Jeroen Roovers
2017-01-06 14:33 Tobias Klausmann
2017-01-04 11:23 Agostino Sarubbo
2016-12-23 13:10 Lars Wendler
2016-12-03 20:20 Lars Wendler
2016-12-02 17:05 Lars Wendler
2016-12-02 14:48 Lars Wendler
2016-12-02 14:48 Lars Wendler
2016-10-28  9:28 Lars Wendler
2016-10-25 18:45 Lars Wendler
2016-10-25 14:52 Lars Wendler
2016-10-05  7:59 Lars Wendler
2016-10-05  7:53 Lars Wendler
2016-10-05  7:53 Lars Wendler
2016-04-22 18:12 Mike Frysinger
2016-03-21  2:39 Mike Frysinger
2016-03-21  2:39 Mike Frysinger
2016-02-29  8:46 Stephen Klimaszewski
2016-02-20  7:46 Jeroen Roovers
2016-02-13 15:33 Agostino Sarubbo
2016-02-12  9:00 Jeroen Roovers
2016-02-10 20:48 Markus Meier
2016-02-06 16:28 Robin H. Johnson
2016-02-04 11:08 Tobias Klausmann
2015-12-22 23:35 Mike Frysinger
2015-11-25 14:23 Benda XU
2015-10-01  9:40 Julian Ospald
2015-09-26 17:46 Mike Frysinger
2015-09-20 13:28 Julian Ospald

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox