From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Steve Hay via buildroot <buildroot@buildroot.org>
Cc: Martin Bark <martin@barkynet.com>, Steve Hay <me@stevenhay.com>
Subject: Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
Date: Sat, 18 Mar 2023 21:50:12 +0100 [thread overview]
Message-ID: <20230318215012.3d48267b@windsurf> (raw)
In-Reply-To: <20230318204407.2112290-1-me@stevenhay.com>
Hello Steve,
On Sat, 18 Mar 2023 21:44:06 +0100
Steve Hay via buildroot <buildroot@buildroot.org> wrote:
> The impetus for this change was that wget fails to load pages signed by
> Let's Encrypt due to missing root certs. This version has the updated and
> correct certs.
>
> Signed-off-by: Steve Hay <me@stevenhay.com>
Thanks for the patch, see some comments below.
> diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> index b76c1bfd7f..ced593664e 100644
> --- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> +++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> @@ -1,4 +1,10 @@
> -From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
> +From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
> +From: Steve Hay <me@stevenhay.com>
> +Date: Sat, 18 Mar 2023 17:57:18 +0100
> +Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> +
> +Modified for a newer version of the ca-certificates module.
> +
> From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> Date: Thu, 6 Jan 2022 23:15:00 +0100
> Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> @@ -15,37 +21,36 @@ the check is skipped.
The way you did that makes the patch no longer applicable with "git
format-patch". The patch now has two From/Date/Subject fields.
Could you instead make sure to apply the existing patch on
ca-certificates using git-am, fix the conflicts, and regenerate the new
patch with git format-patch? You should preserve the existing
authorship, but you can do something like this:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Steve: refreshed to apply on ca-certificates version XYZ]
Signed-off-by: Steve Hay <me@stevenhay.com>
> diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> deleted file mode 100644
> index 0537da9224..0000000000
> --- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
> -From: Wataru Ashihara <wsh@iij.ad.jp>
> -Date: Wed, 2 Nov 2022 12:40:05 -0400
> -Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
The commit log should mention why this patch is dropped.
> -CA_CERTIFICATES_VERSION = 20211016
> +# batocera / version bump
What does this comment mean?
> +CA_CERTIFICATES_VERSION = 20230311
> CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
> -CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
> +CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230317T205011Z/pool/main/c/ca-certificates
> CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
> CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
> CA_CERTIFICATES_LICENSE_FILES = debian/copyright
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-03-18 20:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-18 20:44 [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311 Steve Hay via buildroot
2023-03-18 20:50 ` Thomas Petazzoni via buildroot [this message]
2023-03-19 2:24 ` ʎɐH ǝʌǝʇS via buildroot
-- strict thread matches above, loose matches on Subject: below --
2023-03-19 14:22 Steve Hay via buildroot
2023-03-19 17:49 ` Thomas Petazzoni via buildroot
2023-04-08 19:42 ` Peter Korsgaard
2023-03-19 2:18 Steve Hay via buildroot
2023-03-19 13:44 ` Thomas Petazzoni via buildroot
2023-03-19 14:23 ` ʎɐH ǝʌǝʇS via buildroot
2023-03-16 20:47 Daniel Lang
2023-03-18 22:22 ` Thomas Petazzoni via buildroot
2023-03-19 11:05 ` Daniel Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230318215012.3d48267b@windsurf \
--to=buildroot@buildroot.org \
--cc=martin@barkynet.com \
--cc=me@stevenhay.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox