Initial commit
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Coverity scan build / Coverity x86/64 build (push) Has been cancelled
Some checks failed
Build Kernel / Build all affected Kernels (push) Has been cancelled
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Build and Push prebuilt tools container / Build and Push all prebuilt containers (push) Has been cancelled
Build Toolchains / Build Toolchains for each target (push) Has been cancelled
Build host tools / Build host tools for linux and macos based systems (push) Has been cancelled
Coverity scan build / Coverity x86/64 build (push) Has been cancelled
This commit is contained in:
domenico
70
package/system/ca-certificates/Makefile
Normal file
70
package/system/ca-certificates/Makefile
Normal file
@@ -0,0 +1,70 @@
|
||||
#
|
||||
# Copyright (C) 2006-2017 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ca-certificates
|
||||
PKG_VERSION:=20240203
|
||||
PKG_RELEASE:=1
|
||||
PKG_MAINTAINER:=
|
||||
|
||||
PKG_LICENSE:=GPL-2.0-or-later MPL-2.0
|
||||
PKG_LICENSE_FILES:=debian/copyright
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=@DEBIAN/pool/main/c/ca-certificates
|
||||
PKG_HASH:=3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6
|
||||
PKG_INSTALL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
TAR_OPTIONS+= --strip-components 1
|
||||
TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
|
||||
|
||||
define Package/ca-certificates
|
||||
SECTION:=base
|
||||
CATEGORY:=Base system
|
||||
TITLE:=System CA certificates
|
||||
PKGARCH:=all
|
||||
PROVIDES:=ca-certs
|
||||
endef
|
||||
|
||||
define Package/ca-bundle
|
||||
SECTION:=base
|
||||
CATEGORY:=Base system
|
||||
TITLE:=System CA certificates as a bundle
|
||||
PKGARCH:=all
|
||||
PROVIDES:=ca-certs
|
||||
endef
|
||||
|
||||
define Build/Install
|
||||
mkdir -p \
|
||||
$(PKG_INSTALL_DIR)/usr/sbin \
|
||||
$(PKG_INSTALL_DIR)/usr/share/ca-certificates
|
||||
$(call Build/Install/Default,)
|
||||
endef
|
||||
|
||||
define Package/ca-certificates/install
|
||||
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
||||
$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
|
||||
|
||||
for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
|
||||
HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
|
||||
SUFFIX=0 ; \
|
||||
while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
|
||||
let "SUFFIX += 1" ; \
|
||||
done ; \
|
||||
$(LN) "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
|
||||
done
|
||||
endef
|
||||
|
||||
define Package/ca-bundle/install
|
||||
$(INSTALL_DIR) $(1)/etc/ssl/certs
|
||||
cat $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt >$(1)/etc/ssl/certs/ca-certificates.crt
|
||||
$(LN) /etc/ssl/certs/ca-certificates.crt $(1)/etc/ssl/cert.pem
|
||||
endef
|
||||
$(eval $(call BuildPackage,ca-bundle))
|
||||
$(eval $(call BuildPackage,ca-certificates))
|
||||
@@ -0,0 +1,53 @@
|
||||
From 3c51cb5ff1d0db41fb3288fb555c7e7055cf3e86 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Lamparter <chunkeey@gmail.com>
|
||||
Date: Wed, 1 Dec 2021 14:41:31 +0100
|
||||
Subject: [PATCH] ca-certificates: fix python3-cryptography woes in
|
||||
certdata2pem.py
|
||||
|
||||
reverts the code portion of the Debian's ca-certificate
|
||||
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
|
||||
|
||||
It broke builds with the popular Ubuntu 20.04 (focal) releases.
|
||||
This was due to them shipping with an older python3-cryptography
|
||||
version which is not compatible.
|
||||
|
||||
More concerns were raised by jow- as well:
|
||||
"We don't want the build to depend on the local system time anyway."
|
||||
|
||||
Reported-by: Chen Minqiang <ptpt52@gmail.com>
|
||||
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
|
||||
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
||||
---
|
||||
--- a/mozilla/certdata2pem.py
|
||||
+++ b/mozilla/certdata2pem.py
|
||||
@@ -21,16 +21,12 @@
|
||||
# USA.
|
||||
|
||||
import base64
|
||||
-import datetime
|
||||
import os.path
|
||||
import re
|
||||
import sys
|
||||
import textwrap
|
||||
import io
|
||||
|
||||
-from cryptography import x509
|
||||
-
|
||||
-
|
||||
objects = []
|
||||
|
||||
# Dirty file parser.
|
||||
@@ -121,13 +117,6 @@ for obj in objects:
|
||||
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
|
||||
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
|
||||
continue
|
||||
-
|
||||
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
|
||||
- if cert.not_valid_after < datetime.datetime.utcnow():
|
||||
- print('!'*74)
|
||||
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
|
||||
- print('!'*74)
|
||||
-
|
||||
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
|
||||
.replace(' ', '_')\
|
||||
.replace('(', '=')\
|
||||
Reference in New Issue
Block a user