* [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
@ 2023-03-16 20:47 Daniel Lang
2023-03-18 22:22 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 12+ messages in thread
From: Daniel Lang @ 2023-03-16 20:47 UTC (permalink / raw)
To: buildroot; +Cc: Daniel Lang, Martin Bark
Signed-off-by: Daniel Lang <dalang@gmx.at>
---
...2pem.py-make-cryptography-module-opt.patch | 10 ++++---
...2pem.py-Fix-compat-with-cryptography.patch | 29 -------------------
package/ca-certificates/ca-certificates.hash | 4 +--
package/ca-certificates/ca-certificates.mk | 4 +--
4 files changed, 10 insertions(+), 37 deletions(-)
delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
index b76c1bfd7f..ce6fa19e12 100644
--- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
+++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
@@ -14,6 +14,8 @@ cryptography Python module is there, we perform the check, otherwise
the check is skipped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+[Daniel: update patch for 20230311]
+Signed-off-by: Daniel Lang <dalang@gmx.at>
---
mozilla/certdata2pem.py | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
@@ -36,16 +38,16 @@ index ede23d4..a6261f8 100644
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-- if cert.not_valid_after < datetime.datetime.now():
+- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
+ try:
+ from cryptography import x509
+
-+ cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if cert.not_valid_after < datetime.datetime.now():
++ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
++ if cert.not_valid_after < datetime.datetime.utcnow():
+ print('!'*74)
+ print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+ print('!'*74)
diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
deleted file mode 100644
index 0537da9224..0000000000
--- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
-From: Wataru Ashihara <wsh@iij.ad.jp>
-Date: Wed, 2 Nov 2022 12:40:05 -0400
-Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
-
-In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
-Signed-off-by: Justin Wood <jwood@starry.com>
----
- mozilla/certdata2pem.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index a6261f8..c0fa52c 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -122,7 +122,7 @@ for obj in objects:
- try:
- from cryptography import x509
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
---
-2.38.1
-
diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
index a1675b999e..b07ddb924f 100644
--- a/package/ca-certificates/ca-certificates.hash
+++ b/package/ca-certificates/ca-certificates.hash
@@ -1,6 +1,6 @@
# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1 bce5a8fac45456dbebf256f3a812c6cd0a853e3e ca-certificates_20211016.tar.xz
-sha256 2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88 ca-certificates_20211016.tar.xz
+sha1 61ca9ac8493972dffd304a94f3cb2c63b3ac697e ca-certificates_20230311.tar.xz
+sha256 83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3 ca-certificates_20230311.tar.xz
# Locally computed
sha256 e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c debian/copyright
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index 0b6962ab7b..a31d3a35fd 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -4,9 +4,9 @@
#
################################################################################
-CA_CERTIFICATES_VERSION = 20211016
+CA_CERTIFICATES_VERSION = 20230311
CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230314T211539Z/pool/main/c/ca-certificates
CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
CA_CERTIFICATES_LICENSE_FILES = debian/copyright
--
2.40.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
@ 2023-03-18 20:44 Steve Hay via buildroot
2023-03-18 20:50 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 12+ messages in thread
From: Steve Hay via buildroot @ 2023-03-18 20:44 UTC (permalink / raw)
To: buildroot; +Cc: Martin Bark, Steve Hay
The impetus for this change was that wget fails to load pages signed by
Let's Encrypt due to missing root certs. This version has the updated and
correct certs.
Signed-off-by: Steve Hay <me@stevenhay.com>
---
...2pem.py-make-cryptography-module-opt.patch | 31 +++++++++++--------
...2pem.py-Fix-compat-with-cryptography.patch | 29 -----------------
package/ca-certificates/ca-certificates.hash | 4 +--
package/ca-certificates/ca-certificates.mk | 5 +--
4 files changed, 22 insertions(+), 47 deletions(-)
delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
index b76c1bfd7f..ced593664e 100644
--- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
+++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
@@ -1,4 +1,10 @@
-From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
+From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
+From: Steve Hay <me@stevenhay.com>
+Date: Sat, 18 Mar 2023 17:57:18 +0100
+Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
+
+Modified for a newer version of the ca-certificates module.
+
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Thu, 6 Jan 2022 23:15:00 +0100
Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
@@ -15,37 +21,36 @@ the check is skipped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
- mozilla/certdata2pem.py | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
+ mozilla/certdata2pem.py | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index ede23d4..a6261f8 100644
+index 4df86a2..3a6d7dc 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
-@@ -28,9 +28,6 @@ import sys
+@@ -28,8 +28,6 @@ import sys
import textwrap
import io
-from cryptography import x509
-
--
+
objects = []
- # Dirty file parser.
-@@ -122,11 +119,16 @@ for obj in objects:
+@@ -122,11 +120,16 @@ for obj in objects:
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-- if cert.not_valid_after < datetime.datetime.now():
+- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
+ try:
+ from cryptography import x509
+
-+ cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if cert.not_valid_after < datetime.datetime.now():
++ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
++ if cert.not_valid_after < datetime.datetime.utcnow():
+ print('!'*74)
+ print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+ print('!'*74)
@@ -55,5 +60,5 @@ index ede23d4..a6261f8 100644
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
--
-2.33.1
+2.30.2
diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
deleted file mode 100644
index 0537da9224..0000000000
--- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
-From: Wataru Ashihara <wsh@iij.ad.jp>
-Date: Wed, 2 Nov 2022 12:40:05 -0400
-Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
-
-In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
-Signed-off-by: Justin Wood <jwood@starry.com>
----
- mozilla/certdata2pem.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index a6261f8..c0fa52c 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -122,7 +122,7 @@ for obj in objects:
- try:
- from cryptography import x509
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
---
-2.38.1
-
diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
index a1675b999e..8a5b48dd79 100644
--- a/package/ca-certificates/ca-certificates.hash
+++ b/package/ca-certificates/ca-certificates.hash
@@ -1,6 +1,4 @@
# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1 bce5a8fac45456dbebf256f3a812c6cd0a853e3e ca-certificates_20211016.tar.xz
-sha256 2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88 ca-certificates_20211016.tar.xz
-
+sha256 83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3 ca-certificates_20230311.tar.xz
# Locally computed
sha256 e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c debian/copyright
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index 0b6962ab7b..5246b6e543 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -4,9 +4,10 @@
#
################################################################################
-CA_CERTIFICATES_VERSION = 20211016
+# batocera / version bump
+CA_CERTIFICATES_VERSION = 20230311
CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230317T205011Z/pool/main/c/ca-certificates
CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
CA_CERTIFICATES_LICENSE_FILES = debian/copyright
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-18 20:44 Steve Hay via buildroot
@ 2023-03-18 20:50 ` Thomas Petazzoni via buildroot
2023-03-19 2:24 ` ʎɐH ǝʌǝʇS via buildroot
0 siblings, 1 reply; 12+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-03-18 20:50 UTC (permalink / raw)
To: Steve Hay via buildroot; +Cc: Martin Bark, Steve Hay
Hello Steve,
On Sat, 18 Mar 2023 21:44:06 +0100
Steve Hay via buildroot <buildroot@buildroot.org> wrote:
> The impetus for this change was that wget fails to load pages signed by
> Let's Encrypt due to missing root certs. This version has the updated and
> correct certs.
>
> Signed-off-by: Steve Hay <me@stevenhay.com>
Thanks for the patch, see some comments below.
> diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> index b76c1bfd7f..ced593664e 100644
> --- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> +++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> @@ -1,4 +1,10 @@
> -From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
> +From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
> +From: Steve Hay <me@stevenhay.com>
> +Date: Sat, 18 Mar 2023 17:57:18 +0100
> +Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> +
> +Modified for a newer version of the ca-certificates module.
> +
> From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> Date: Thu, 6 Jan 2022 23:15:00 +0100
> Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> @@ -15,37 +21,36 @@ the check is skipped.
The way you did that makes the patch no longer applicable with "git
format-patch". The patch now has two From/Date/Subject fields.
Could you instead make sure to apply the existing patch on
ca-certificates using git-am, fix the conflicts, and regenerate the new
patch with git format-patch? You should preserve the existing
authorship, but you can do something like this:
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[Steve: refreshed to apply on ca-certificates version XYZ]
Signed-off-by: Steve Hay <me@stevenhay.com>
> diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> deleted file mode 100644
> index 0537da9224..0000000000
> --- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> +++ /dev/null
> @@ -1,29 +0,0 @@
> -From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
> -From: Wataru Ashihara <wsh@iij.ad.jp>
> -Date: Wed, 2 Nov 2022 12:40:05 -0400
> -Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
The commit log should mention why this patch is dropped.
> -CA_CERTIFICATES_VERSION = 20211016
> +# batocera / version bump
What does this comment mean?
> +CA_CERTIFICATES_VERSION = 20230311
> CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
> -CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
> +CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230317T205011Z/pool/main/c/ca-certificates
> CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
> CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
> CA_CERTIFICATES_LICENSE_FILES = debian/copyright
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-16 20:47 Daniel Lang
@ 2023-03-18 22:22 ` Thomas Petazzoni via buildroot
2023-03-19 11:05 ` Daniel Lang
0 siblings, 1 reply; 12+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-03-18 22:22 UTC (permalink / raw)
To: Daniel Lang; +Cc: Martin Bark, buildroot
On Thu, 16 Mar 2023 21:47:43 +0100
Daniel Lang <dalang@gmx.at> wrote:
> Signed-off-by: Daniel Lang <dalang@gmx.at>
> ---
> ...2pem.py-make-cryptography-module-opt.patch | 10 ++++---
> ...2pem.py-Fix-compat-with-cryptography.patch | 29 -------------------
> package/ca-certificates/ca-certificates.hash | 4 +--
> package/ca-certificates/ca-certificates.mk | 4 +--
> 4 files changed, 10 insertions(+), 37 deletions(-)
> delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
I didn't look carefully, but it doesn't apply here:
Applying patch #1757985 using "git am -s"
Description: package/ca-certificates: bump version to 20230311
Applying: package/ca-certificates: bump version to 20230311
error: patch failed: package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch:36
error: package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch: patch does not apply
error: patch failed: package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch:1
error: package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch: patch does not apply
Patch failed at 0001 package/ca-certificates: bump version to 20230311
hint: Use 'git am --show-current-patch=diff' to see the failed patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
'git am' failed with exit status 128
Does your patch apply on the master branch?
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
@ 2023-03-19 2:18 Steve Hay via buildroot
2023-03-19 13:44 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 12+ messages in thread
From: Steve Hay via buildroot @ 2023-03-19 2:18 UTC (permalink / raw)
To: buildroot; +Cc: Martin Bark, Steve Hay
The impetus for this change was that wget fails to load pages signed by
Let's Encrypt due to missing root certs. This version has the updated and
correct certs.
0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
Patch dropped because the fix is incorporated upstream.
Signed-off-by: Steve Hay <me@stevenhay.com>
---
Changes v1 -> v2
- Removed the extraneous comment in the make file.
- Fixed patch header.
- Added note to the log as to why the patch was dropped.
---
...2pem.py-make-cryptography-module-opt.patch | 31 +++++++++++--------
...2pem.py-Fix-compat-with-cryptography.patch | 29 -----------------
package/ca-certificates/ca-certificates.hash | 4 +--
package/ca-certificates/ca-certificates.mk | 5 +--
4 files changed, 22 insertions(+), 47 deletions(-)
delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
index b76c1bfd7f..ced593664e 100644
--- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
+++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
@@ -1,4 +1,10 @@
-From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
+From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
+From: Steve Hay <me@stevenhay.com>
+Date: Sat, 18 Mar 2023 17:57:18 +0100
+Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
+
+Modified for a newer version of the ca-certificates module.
+
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Thu, 6 Jan 2022 23:15:00 +0100
Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
@@ -15,37 +21,36 @@ the check is skipped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
- mozilla/certdata2pem.py | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
+ mozilla/certdata2pem.py | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index ede23d4..a6261f8 100644
+index 4df86a2..3a6d7dc 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
-@@ -28,9 +28,6 @@ import sys
+@@ -28,8 +28,6 @@ import sys
import textwrap
import io
-from cryptography import x509
-
--
+
objects = []
- # Dirty file parser.
-@@ -122,11 +119,16 @@ for obj in objects:
+@@ -122,11 +120,16 @@ for obj in objects:
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-- if cert.not_valid_after < datetime.datetime.now():
+- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
+ try:
+ from cryptography import x509
+
-+ cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if cert.not_valid_after < datetime.datetime.now():
++ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
++ if cert.not_valid_after < datetime.datetime.utcnow():
+ print('!'*74)
+ print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+ print('!'*74)
@@ -55,5 +60,5 @@ index ede23d4..a6261f8 100644
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
--
-2.33.1
+2.30.2
diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
deleted file mode 100644
index 0537da9224..0000000000
--- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
-From: Wataru Ashihara <wsh@iij.ad.jp>
-Date: Wed, 2 Nov 2022 12:40:05 -0400
-Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
-
-In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
-Signed-off-by: Justin Wood <jwood@starry.com>
----
- mozilla/certdata2pem.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index a6261f8..c0fa52c 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -122,7 +122,7 @@ for obj in objects:
- try:
- from cryptography import x509
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
---
-2.38.1
-
diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
index a1675b999e..8a5b48dd79 100644
--- a/package/ca-certificates/ca-certificates.hash
+++ b/package/ca-certificates/ca-certificates.hash
@@ -1,6 +1,4 @@
# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1 bce5a8fac45456dbebf256f3a812c6cd0a853e3e ca-certificates_20211016.tar.xz
-sha256 2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88 ca-certificates_20211016.tar.xz
-
+sha256 83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3 ca-certificates_20230311.tar.xz
# Locally computed
sha256 e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c debian/copyright
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index 0b6962ab7b..5246b6e543 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -4,9 +4,10 @@
#
################################################################################
-CA_CERTIFICATES_VERSION = 20211016
+# batocera / version bump
+CA_CERTIFICATES_VERSION = 20230311
CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230317T205011Z/pool/main/c/ca-certificates
CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
CA_CERTIFICATES_LICENSE_FILES = debian/copyright
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-18 20:50 ` Thomas Petazzoni via buildroot
@ 2023-03-19 2:24 ` ʎɐH ǝʌǝʇS via buildroot
0 siblings, 0 replies; 12+ messages in thread
From: ʎɐH ǝʌǝʇS via buildroot @ 2023-03-19 2:24 UTC (permalink / raw)
To: Thomas Petazzoni, Steve Hay via buildroot; +Cc: Martin Bark
Thanks Thomas.
On 3/18/23 4:50 PM, Thomas Petazzoni wrote:
> The way you did that makes the patch no longer applicable with "git
> format-patch". The patch now has two From/Date/Subject fields.
>
> Could you instead make sure to apply the existing patch on
> ca-certificates using git-am, fix the conflicts, and regenerate the new
> patch with git format-patch? You should preserve the existing
> authorship, but you can do something like this:
Fixed.
> The commit log should mention why this patch is dropped.
Fixed.
>> -CA_CERTIFICATES_VERSION = 20211016
>> +# batocera / version bump
Removed. The comment accidentally included.
The revised patch has been sent.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-18 22:22 ` Thomas Petazzoni via buildroot
@ 2023-03-19 11:05 ` Daniel Lang
0 siblings, 0 replies; 12+ messages in thread
From: Daniel Lang @ 2023-03-19 11:05 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Martin Bark, buildroot
On 18.03.23 23:22, Thomas Petazzoni wrote:
> On Thu, 16 Mar 2023 21:47:43 +0100
> Daniel Lang <dalang@gmx.at> wrote:
>
>> Signed-off-by: Daniel Lang <dalang@gmx.at>
>> ---
>> ...2pem.py-make-cryptography-module-opt.patch | 10 ++++---
>> ...2pem.py-Fix-compat-with-cryptography.patch | 29 -------------------
>> package/ca-certificates/ca-certificates.hash | 4 +--
>> package/ca-certificates/ca-certificates.mk | 4 +--
>> 4 files changed, 10 insertions(+), 37 deletions(-)
>> delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
>
> I didn't look carefully, but it doesn't apply here:
>
> Applying patch #1757985 using "git am -s"
> Description: package/ca-certificates: bump version to 20230311
> Applying: package/ca-certificates: bump version to 20230311
> error: patch failed: package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch:36
> error: package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch: patch does not apply
> error: patch failed: package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch:1
> error: package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch: patch does not apply
> Patch failed at 0001 package/ca-certificates: bump version to 20230311
> hint: Use 'git am --show-current-patch=diff' to see the failed patch
> When you have resolved this problem, run "git am --continue".
> If you prefer to skip this patch, run "git am --skip" instead.
> To restore the original branch and stop patching, run "git am --abort".
> 'git am' failed with exit status 128
>
> Does your patch apply on the master branch?
It does locally, but unfortunately my private email provider
decided to start eating trailing white spaces. Will try to
figure out how to stop it from doing that.
Steve's patch [1] is probably applied by then, but would still
be helpful for the future.
Regards
Daniel
[1]: https://patchwork.ozlabs.org/project/buildroot/patch/20230319021851.2593117-1-me@stevenhay.com/
>
> Thomas
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-19 2:18 Steve Hay via buildroot
@ 2023-03-19 13:44 ` Thomas Petazzoni via buildroot
2023-03-19 14:23 ` ʎɐH ǝʌǝʇS via buildroot
0 siblings, 1 reply; 12+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-03-19 13:44 UTC (permalink / raw)
To: Steve Hay via buildroot; +Cc: Martin Bark, Steve Hay
Hello Steve,
On Sun, 19 Mar 2023 03:18:50 +0100
Steve Hay via buildroot <buildroot@buildroot.org> wrote:
> The impetus for this change was that wget fails to load pages signed by
> Let's Encrypt due to missing root certs. This version has the updated and
> correct certs.
>
> 0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
>
> Patch dropped because the fix is incorporated upstream.
>
> Signed-off-by: Steve Hay <me@stevenhay.com>
>
> ---
> Changes v1 -> v2
> - Removed the extraneous comment in the make file.
> - Fixed patch header.
Are you sure your generated the correct version of the patch?
> diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> index b76c1bfd7f..ced593664e 100644
> --- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> +++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
> @@ -1,4 +1,10 @@
> -From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
> +From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
> +From: Steve Hay <me@stevenhay.com>
> +Date: Sat, 18 Mar 2023 17:57:18 +0100
> +Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> +
> +Modified for a newer version of the ca-certificates module.
> +
> From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> Date: Thu, 6 Jan 2022 23:15:00 +0100
> Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
> @@ -15,37 +21,36 @@ the check is skipped.
The header of the patch is still not correct.
> -CA_CERTIFICATES_VERSION = 20211016
> +# batocera / version bump
And the comment is still there in the .mk file.
Am I missing something here? :-)
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
@ 2023-03-19 14:22 Steve Hay via buildroot
2023-03-19 17:49 ` Thomas Petazzoni via buildroot
2023-04-08 19:42 ` Peter Korsgaard
0 siblings, 2 replies; 12+ messages in thread
From: Steve Hay via buildroot @ 2023-03-19 14:22 UTC (permalink / raw)
To: buildroot; +Cc: Martin Bark, Steve Hay
The impetus for this change was that wget fails to load pages signed by
Let's Encrypt due to missing root certs. This version has the updated and
correct certs.
0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
Patch dropped because the fix is incorporated upstream.
Signed-off-by: Steve Hay <me@stevenhay.com>
---
Changes v1 -> v2
- Removed the extraneous comment in the make file.
- Fixed patch header.
- Added note to the log as to why the patch was dropped.
Changes v2 -> v3
- The v2 patch did not include the changes. This one does.
Signed-off-by: Steve Hay <me@stevenhay.com>
---
...2pem.py-make-cryptography-module-opt.patch | 27 ++++++++---------
...2pem.py-Fix-compat-with-cryptography.patch | 29 -------------------
package/ca-certificates/ca-certificates.hash | 4 +--
package/ca-certificates/ca-certificates.mk | 4 +--
4 files changed, 17 insertions(+), 47 deletions(-)
delete mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
diff --git a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
index b76c1bfd7f..ed90c217ec 100644
--- a/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
+++ b/package/ca-certificates/0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch
@@ -1,4 +1,4 @@
-From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
+From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Date: Thu, 6 Jan 2022 23:15:00 +0100
Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
@@ -14,38 +14,39 @@ cryptography Python module is there, we perform the check, otherwise
the check is skipped.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
+[Steve: refreshed to apply on ca-certificates version 20230311]
+Signed-off-by: Steve Hay <me@stevenhay.com>
---
- mozilla/certdata2pem.py | 18 ++++++++++--------
- 1 file changed, 10 insertions(+), 8 deletions(-)
+ mozilla/certdata2pem.py | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index ede23d4..a6261f8 100644
+index 4df86a2..3a6d7dc 100644
--- a/mozilla/certdata2pem.py
+++ b/mozilla/certdata2pem.py
-@@ -28,9 +28,6 @@ import sys
+@@ -28,8 +28,6 @@ import sys
import textwrap
import io
-from cryptography import x509
-
--
+
objects = []
- # Dirty file parser.
-@@ -122,11 +119,16 @@ for obj in objects:
+@@ -122,11 +120,16 @@ for obj in objects:
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-- if cert.not_valid_after < datetime.datetime.now():
+- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
+- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
+ try:
+ from cryptography import x509
+
-+ cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ if cert.not_valid_after < datetime.datetime.now():
++ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
++ if cert.not_valid_after < datetime.datetime.utcnow():
+ print('!'*74)
+ print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
+ print('!'*74)
@@ -55,5 +56,5 @@ index ede23d4..a6261f8 100644
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
--
-2.33.1
+2.30.2
diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
deleted file mode 100644
index 0537da9224..0000000000
--- a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
-From: Wataru Ashihara <wsh@iij.ad.jp>
-Date: Wed, 2 Nov 2022 12:40:05 -0400
-Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
-
-In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
-
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
-Signed-off-by: Justin Wood <jwood@starry.com>
----
- mozilla/certdata2pem.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
-index a6261f8..c0fa52c 100644
---- a/mozilla/certdata2pem.py
-+++ b/mozilla/certdata2pem.py
-@@ -122,7 +122,7 @@ for obj in objects:
- try:
- from cryptography import x509
-
-- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
-+ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.now():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
---
-2.38.1
-
diff --git a/package/ca-certificates/ca-certificates.hash b/package/ca-certificates/ca-certificates.hash
index a1675b999e..8a5b48dd79 100644
--- a/package/ca-certificates/ca-certificates.hash
+++ b/package/ca-certificates/ca-certificates.hash
@@ -1,6 +1,4 @@
# hashes from: $(CA_CERTIFICATES_SITE)/ca-certificates_$(CA_CERTIFICATES_VERSION).dsc :
-sha1 bce5a8fac45456dbebf256f3a812c6cd0a853e3e ca-certificates_20211016.tar.xz
-sha256 2ae9b6dc5f40c25d6d7fe55e07b54f12a8967d1955d3b7b2f42ee46266eeef88 ca-certificates_20211016.tar.xz
-
+sha256 83de934afa186e279d1ed08ea0d73f5cf43a6fbfb5f00874b6db3711c64576f3 ca-certificates_20230311.tar.xz
# Locally computed
sha256 e85e1bcad3a915dc7e6f41412bc5bdeba275cadd817896ea0451f2140a93967c debian/copyright
diff --git a/package/ca-certificates/ca-certificates.mk b/package/ca-certificates/ca-certificates.mk
index 0b6962ab7b..202d0b92ac 100644
--- a/package/ca-certificates/ca-certificates.mk
+++ b/package/ca-certificates/ca-certificates.mk
@@ -4,9 +4,9 @@
#
################################################################################
-CA_CERTIFICATES_VERSION = 20211016
+CA_CERTIFICATES_VERSION = 20230311
CA_CERTIFICATES_SOURCE = ca-certificates_$(CA_CERTIFICATES_VERSION).tar.xz
-CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20211022T144903Z/pool/main/c/ca-certificates
+CA_CERTIFICATES_SITE = https://snapshot.debian.org/archive/debian/20230317T205011Z/pool/main/c/ca-certificates
CA_CERTIFICATES_DEPENDENCIES = host-openssl host-python3
CA_CERTIFICATES_LICENSE = GPL-2.0+ (script), MPL-2.0 (data)
CA_CERTIFICATES_LICENSE_FILES = debian/copyright
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-19 13:44 ` Thomas Petazzoni via buildroot
@ 2023-03-19 14:23 ` ʎɐH ǝʌǝʇS via buildroot
0 siblings, 0 replies; 12+ messages in thread
From: ʎɐH ǝʌǝʇS via buildroot @ 2023-03-19 14:23 UTC (permalink / raw)
To: Thomas Petazzoni, Steve Hay via buildroot; +Cc: Martin Bark
On 3/19/23 9:44 AM, Thomas Petazzoni wrote:
> Hello Steve,
>
> Are you sure your generated the correct version of the patch?
I am now. Fixed. Sorry about that. I am not used to this workflow.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-19 14:22 [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311 Steve Hay via buildroot
@ 2023-03-19 17:49 ` Thomas Petazzoni via buildroot
2023-04-08 19:42 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-03-19 17:49 UTC (permalink / raw)
To: Steve Hay via buildroot; +Cc: Martin Bark, Steve Hay
On Sun, 19 Mar 2023 15:22:12 +0100
Steve Hay via buildroot <buildroot@buildroot.org> wrote:
> The impetus for this change was that wget fails to load pages signed by
> Let's Encrypt due to missing root certs. This version has the updated and
> correct certs.
>
> 0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
>
> Patch dropped because the fix is incorporated upstream.
>
> Signed-off-by: Steve Hay <me@stevenhay.com>
>
> ---
> Changes v1 -> v2
> - Removed the extraneous comment in the make file.
> - Fixed patch header.
> - Added note to the log as to why the patch was dropped.
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311
2023-03-19 14:22 [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311 Steve Hay via buildroot
2023-03-19 17:49 ` Thomas Petazzoni via buildroot
@ 2023-04-08 19:42 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2023-04-08 19:42 UTC (permalink / raw)
To: Steve Hay via buildroot; +Cc: Martin Bark, Steve Hay
>>>>> "Steve" == Steve Hay via buildroot <buildroot@buildroot.org> writes:
> The impetus for this change was that wget fails to load pages signed by
> Let's Encrypt due to missing root certs. This version has the updated and
> correct certs.
> 0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> Patch dropped because the fix is incorporated upstream.
> Signed-off-by: Steve Hay <me@stevenhay.com>
> ---
> Changes v1 -> v2
> - Removed the extraneous comment in the make file.
> - Fixed patch header.
> - Added note to the log as to why the patch was dropped.
> Changes v2 -> v3
> - The v2 patch did not include the changes. This one does.
> Signed-off-by: Steve Hay <me@stevenhay.com>
Committed to 2023.02.x and 2022.02.x, thanks.
You seem to have done something funky upside down unicode with your
from, please don't do that.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-04-08 19:42 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-03-19 14:22 [Buildroot] [PATCH] package/ca-certificates: bump version to 20230311 Steve Hay via buildroot
2023-03-19 17:49 ` Thomas Petazzoni via buildroot
2023-04-08 19:42 ` Peter Korsgaard
-- strict thread matches above, loose matches on Subject: below --
2023-03-19 2:18 Steve Hay via buildroot
2023-03-19 13:44 ` Thomas Petazzoni via buildroot
2023-03-19 14:23 ` ʎɐH ǝʌǝʇS via buildroot
2023-03-18 20:44 Steve Hay via buildroot
2023-03-18 20:50 ` Thomas Petazzoni via buildroot
2023-03-19 2:24 ` ʎɐH ǝʌǝʇS via buildroot
2023-03-16 20:47 Daniel Lang
2023-03-18 22:22 ` Thomas Petazzoni via buildroot
2023-03-19 11:05 ` Daniel Lang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox