 27c9d80f51
			
		
	
	27c9d80f51
	
	
		
			
	
		
	
	
		
			Some checks failed
		
		
	
	Build Kernel / Build all affected Kernels (push) Has been cancelled
				
			Build all core packages / Build all core packages for selected target (push) Has been cancelled
				
			Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
				
			Build Toolchains / Build Toolchains for each target (push) Has been cancelled
				
			Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
				
			Coverity scan build / Coverity x86/64 build (push) Has been cancelled
				
			
		
			
				
	
	
		
			54 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			54 lines
		
	
	
		
			1.7 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
 | |
| From: Christian Lamparter <chunkeey@gmail.com>
 | |
| Date: Wed, 1 Dec 2021 14:41:31 +0100
 | |
| Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
 | |
|  certdata2pem.py
 | |
| 
 | |
| reverts the code portion of the Debian's ca-certificate
 | |
| commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
 | |
| 
 | |
| It broke builds with the popular Ubuntu 20.04 (focal) releases.
 | |
| This was due to them shipping with an older python3-cryptography
 | |
| version which is not compatible.
 | |
| 
 | |
| More concerns were raised by jow- as well:
 | |
| "We don't want the build to depend on the local system time anyway."
 | |
| 
 | |
| Reported-by: Chen Minqiang <ptpt52@gmail.com>
 | |
| Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
 | |
| Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
 | |
| ---
 | |
| --- a/mozilla/certdata2pem.py
 | |
| +++ b/mozilla/certdata2pem.py
 | |
| @@ -21,16 +21,12 @@
 | |
|  # USA.
 | |
|  
 | |
|  import base64
 | |
| -import datetime
 | |
|  import os.path
 | |
|  import re
 | |
|  import sys
 | |
|  import textwrap
 | |
|  import io
 | |
|  
 | |
| -from cryptography import x509
 | |
| -
 | |
| -
 | |
|  objects = []
 | |
|  
 | |
|  # Dirty file parser.
 | |
| @@ -121,13 +117,6 @@ for obj in objects:
 | |
|      if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
 | |
|          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
 | |
|              continue
 | |
| -
 | |
| -        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
 | |
| -        if cert.not_valid_after < datetime.datetime.utcnow():
 | |
| -            print('!'*74)
 | |
| -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
 | |
| -            print('!'*74)
 | |
| -
 | |
|          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
 | |
|                                        .replace(' ', '_')\
 | |
|                                        .replace('(', '=')\
 |