summaryrefslogtreecommitdiff
path: root/app-misc/ca-certificates/files
diff options
context:
space:
mode:
Diffstat (limited to 'app-misc/ca-certificates/files')
-rw-r--r--app-misc/ca-certificates/files/ca-certificates-20150426-root.patch49
-rw-r--r--app-misc/ca-certificates/files/ca-certificates-no-cryptography.patch24
2 files changed, 73 insertions, 0 deletions
diff --git a/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch b/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch
new file mode 100644
index 0000000..6e41ac3
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-20150426-root.patch
@@ -0,0 +1,49 @@
+add a --root option so we can generate with DESTDIR installs
+
+--- a/image/usr/sbin/update-ca-certificates
++++ b/image/usr/sbin/update-ca-certificates
+@@ -30,6 +30,8 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
+ CERTBUNDLE=ca-certificates.crt
+ ETCCERTSDIR=/etc/ssl/certs
+ HOOKSDIR=/etc/ca-certificates/update.d
++ROOT=""
++RELPATH=""
+
+ while [ $# -gt 0 ];
+ do
+@@ -59,13 +61,25 @@ do
+ --hooksdir)
+ shift
+ HOOKSDIR="$1";;
++ --root|-r)
++ shift
++ # Needed as c_rehash wants to read the files directly.
++ # This gets us from $CERTSCONF to $CERTSDIR.
++ RELPATH="../../.."
++ ROOT=$(readlink -f "$1");;
+ --help|-h|*)
+- echo "$0: [--verbose] [--fresh]"
++ echo "$0: [--verbose] [--fresh] [--root <dir>]"
+ exit;;
+ esac
+ shift
+ done
+
++CERTSCONF="$ROOT$CERTSCONF"
++CERTSDIR="$ROOT$CERTSDIR"
++LOCALCERTSDIR="$ROOT$LOCALCERTSDIR"
++ETCCERTSDIR="$ROOT$ETCCERTSDIR"
++HOOKSDIR="$ROOT$HOOKSDIR"
++
+ if [ ! -s "$CERTSCONF" ]
+ then
+ fresh=1
+@@ -94,7 +107,7 @@ add() {
+ -e 's/,/_/g').pem"
+ if ! test -e "$PEM" || [ "$(readlink "$PEM")" != "$CERT" ]
+ then
+- ln -sf "$CERT" "$PEM"
++ ln -sf "${RELPATH}${CERT#$ROOT}" "$PEM"
+ echo "+$PEM" >> "$ADDED"
+ fi
+ # Add trailing newline to certificate, if it is missing (#635570)
diff --git a/app-misc/ca-certificates/files/ca-certificates-no-cryptography.patch b/app-misc/ca-certificates/files/ca-certificates-no-cryptography.patch
new file mode 100644
index 0000000..83cfb92
--- /dev/null
+++ b/app-misc/ca-certificates/files/ca-certificates-no-cryptography.patch
@@ -0,0 +1,24 @@
+--- a/mozilla/certdata2pem.py
++++ b/mozilla/certdata2pem.py
+@@ -28,8 +28,6 @@
+ import textwrap
+ import io
+
+-from cryptography import x509
+-
+
+ objects = []
+
+@@ -122,12 +120,6 @@
+ if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
+ continue
+
+- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+- if cert.not_valid_after < datetime.datetime.now():
+- print('!'*74)
+- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+- print('!'*74)
+-
+ bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
+ .replace(' ', '_')\
+ .replace('(', '=')\