summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2021-11-26 12:09:16 +0100
committerMichał Górny <mgorny@gentoo.org>2021-11-28 15:39:01 +0100
commitce41bffad3bdb68f535d29f553955357d8b47369 (patch)
treecfa5b198ee81971d560d5122a6fca2608b078dd8 /app-misc/ca-certificates
parentdev-python/pyopenssl: Remove ~ia64 (due to Rust) (diff)
downloadgentoo-ce41bffad3bdb68f535d29f553955357d8b47369.tar.gz
gentoo-ce41bffad3bdb68f535d29f553955357d8b47369.tar.bz2
gentoo-ce41bffad3bdb68f535d29f553955357d8b47369.zip
app-misc/ca-certificates: Eliminate the dep on cryptography
The dev-python/cryptography package is no longer portable, due to Rust, so avoid the dependency to make ca-certificates portable again. Apparently, it is used only for some upstream QA check. Closes: https://bugs.gentoo.org/827354 Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'app-misc/ca-certificates')
-rw-r--r--app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild11
-rw-r--r--app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch27
2 files changed, 32 insertions, 6 deletions
diff --git a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
index 86df307180a7..30183fb5044d 100644
--- a/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
+++ b/app-misc/ca-certificates/ca-certificates-20211016.3.72.ebuild
@@ -62,8 +62,6 @@ CDEPEND="app-misc/c_rehash
BDEPEND="${CDEPEND}"
if ! ${PRECOMPILED} ; then
BDEPEND+=" ${PYTHON_DEPS}"
- # See bug #821706
- BDEPEND+=" $(python_gen_any_dep 'dev-python/cryptography[${PYTHON_USEDEP}]')"
fi
DEPEND=""
@@ -76,10 +74,6 @@ RDEPEND="${CDEPEND}
S=${WORKDIR}
-python_check_deps() {
- has_version -b "dev-python/cryptography[${PYTHON_USEDEP}]"
-}
-
pkg_setup() {
# For the conversion to having it in CONFIG_PROTECT_MASK,
# we need to tell users about it once manually first.
@@ -126,6 +120,11 @@ src_prepare() {
default
eapply -p2 "${FILESDIR}"/${PN}-20150426-root.patch
+
+ pushd "${S}/${PN}-${DEB_VER}" >/dev/null || die
+ eapply "${FILESDIR}"/${P}-no-cryptography.patch
+ popd >/dev/null || die
+
local relp=$(echo "${EPREFIX}" | sed -e 's:[^/]\+:..:g')
sed -i \
-e '/="$ROOT/s:ROOT:ROOT'"${EPREFIX}"':' \
diff --git a/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch
new file mode 100644
index 000000000000..fb98eb2828e7
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-20211016.3.72-no-cryptography.patch
@@ -0,0 +1,27 @@
+Remove the dependency on non-portable dev-python/cryptography.
+https://bugs.gentoo.org/821706#c4 by Alex Xu
+
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
+@@ -28,8 +28,6 @@
+ import textwrap
+ import io
+
+-from cryptography import x509
+-
+
+ objects = []
+
+@@ -122,12 +120,6 @@
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+ continue
+
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+- if cert.not_valid_after < datetime.datetime.now():
+- print('!'*74)
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+- print('!'*74)
+-
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+ .replace(' ', '_')\
+ .replace('(', '=')\