-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ca-certificates without hard dependency on p11-kit
- Loading branch information
Showing
11 changed files
with
1,057 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| # Maintainer: Alexey Pavlov <alexpux@gmail.com> | ||
|
|
||
| _realname=ca-certificates | ||
| pkgbase=mingw-w64-${_realname} | ||
| pkgname="${MINGW_PACKAGE_PREFIX}-${_realname}" | ||
| pkgver=20240203 | ||
| pkgrel=1 | ||
| pkgdesc='Common CA certificates (mingw-w64)' | ||
| arch=('any') | ||
| mingw_arch=('mingw32' 'mingw64' 'ucrt64' 'clang64' 'clang32' 'clangarm64') | ||
| url='https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/' | ||
| license=('MPL' 'GPL') | ||
| install="ca-certificates-${MSYSTEM}.install" | ||
| source=("https://ftp.debian.org/debian/pool/main/c/${_realname}/${_realname}_${pkgver}.tar.xz" | ||
| 'certdata2pem.py' | ||
| 'certdata2pem.patch' | ||
| 'update-ca-trust' | ||
| 'update-ca-trust.8') | ||
| makedepends=("${MINGW_PACKAGE_PREFIX}-p11-kit" | ||
| "${MINGW_PACKAGE_PREFIX}-openssl" | ||
| "${MINGW_PACKAGE_PREFIX}-python") | ||
| sha256sums=('3286d3fc42c4d11b7086711a85f865b44065ce05cf1fb5376b2abed07622a9c6' | ||
| '9508738b61cc89bfc1f42580b1091a650f0acbf5c1b49edc2aa4e0313276ea0d' | ||
| '5736cc3a73ff9bceed43bafad85100a2fcfdfae1cf2cb7e201b5fa6f1421fc2e' | ||
| 'ad9fd7ba5c304521128a0a15f3c3ccd79480d9414de08c93bca8bbb7a942f1b0' | ||
| 'b052972dd118a3e25f785b6caa141599f0db6fc1d943e9ebcd6ca0e1f0421f60') | ||
|
|
||
| prepare() { | ||
| cd "${srcdir}" | ||
| mv "${_realname}" "${srcdir}/${_realname}-${pkgver}" | ||
|
|
||
| sed "s|/usr/bin/python|${MINGW_PREFIX}/bin/python|g" -i certdata2pem.py | ||
| patch -p0 -i ${srcdir}/certdata2pem.patch | ||
| cp certdata2pem.py ${srcdir}/${_realname}-${pkgver}/mozilla/certdata2pem.py | ||
| cd ${srcdir}/${_realname}-${pkgver} | ||
| cp ${srcdir}/update-ca-trust sbin/ | ||
| cp ${srcdir}/update-ca-trust.8 sbin/ | ||
| } | ||
|
|
||
| build() { | ||
| cd ${srcdir}/${_realname}-${pkgver}/mozilla | ||
| mkdir -p legacy-{default,disable} | ||
|
|
||
| PYTHONUTF8=1 PYTHONIOENCODING=utf-8 ${MINGW_PREFIX}/bin/python ./certdata2pem.py | ||
|
|
||
| ( | ||
| cat <<EOF | ||
| # This is a bundle of X.509 certificates of public Certificate | ||
| # Authorities. It was generated from the Mozilla root CA list. | ||
| # These certificates and trust/distrust attributes use the file format accepted | ||
| # by the p11-kit-trust module. | ||
| # | ||
| # Source: nss/lib/ckfw/builtins/certdata.txt | ||
| # Source: nss/lib/ckfw/builtins/nssckbi.h | ||
| # | ||
| # Generated from: | ||
| EOF | ||
| cat nssckbi.h | grep -w NSS_BUILTINS_LIBRARY_VERSION | awk '{print "# " $2 " " $3}'; | ||
| echo '#'; | ||
| ) > ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt | ||
|
|
||
| touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt | ||
| local NUM_LEGACY_DEFAULT=`find ./legacy-default -type f | wc -l` | ||
| if [ $NUM_LEGACY_DEFAULT -ne 0 ]; then | ||
| for f in ./legacy-default/*.crt; do | ||
| echo "processing $f" | ||
| tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` | ||
| alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` | ||
| targs="" | ||
| if [ -n "$tbits" ]; then | ||
| for t in $tbits; do | ||
| targs="${targs} -addtrust $t" | ||
| done | ||
| fi | ||
| if [ -n "$targs" ]; then | ||
| echo "legacy default flags $targs for $f" >> info.trust | ||
| openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.default.crt | ||
| fi | ||
| done | ||
| fi | ||
|
|
||
| touch ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt | ||
| NUM_LEGACY_DISABLE=`find ./legacy-disable -type f | wc -l` | ||
| if [ $NUM_LEGACY_DISABLE -ne 0 ]; then | ||
| for f in ./legacy-disable/*.crt; do | ||
| echo "processing $f" | ||
| tbits=`sed -n '/^# openssl-trust/{s/^.*=//;p;}' $f` | ||
| alias=`sed -n '/^# alias=/{s/^.*=//;p;q;}' $f | sed "s/'//g" | sed 's/"//g'` | ||
| targs="" | ||
| if [ -n "$tbits" ]; then | ||
| for t in $tbits; do | ||
| targs="${targs} -addtrust $t" | ||
| done | ||
| fi | ||
| if [ -n "$targs" ]; then | ||
| echo "legacy disable flags $targs for $f" >> info.trust | ||
| openssl x509 -text -in "$f" -trustout $targs -setalias "$alias" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.legacy.disable.crt | ||
| fi | ||
| done | ||
| fi | ||
|
|
||
| local P11FILES=`find . -name \*.tmp-p11-kit | wc -l` | ||
| if [ $P11FILES -ne 0 ]; then | ||
| for p in ./*.tmp-p11-kit; do | ||
| cat "$p" >> ${srcdir}/${_realname}-${pkgver}/ca-bundle.trust.crt | ||
| done | ||
| fi | ||
| } | ||
|
|
||
| package() { | ||
| cd ${srcdir}/${_realname}-${pkgver} | ||
|
|
||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/{bin,lib,share} | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/etc | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/share/man/man8 | ||
|
|
||
| sed -e "s|@PREFIX@|${MINGW_PREFIX}|g" -i ${srcdir}/update-ca-trust | ||
| cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/bin/ | ||
| cp -f ${srcdir}/update-ca-trust.8 ${pkgdir}${MINGW_PREFIX}/share/man/man8/ | ||
|
|
||
| # for p11-kit | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/lib/p11-kit | ||
| cp -f ${srcdir}/update-ca-trust ${pkgdir}${MINGW_PREFIX}/lib/p11-kit/p11-kit-extract-trust | ||
|
|
||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-{source,legacy} | ||
| install -p -m 644 ca-bundle.trust.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-source/ca-bundle.trust.crt | ||
| install -p -m 644 ca-bundle.legacy.default.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt | ||
| install -p -m 644 ca-bundle.legacy.disable.crt ${pkgdir}${MINGW_PREFIX}/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt | ||
|
|
||
| # touch all files overwritten by update-ca-trust for easy cleanup | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/{extracted,source} | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/source/{anchors,blacklist} | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/{openssl,pem,java} | ||
| touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt | ||
| touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/{tls,email,objsign}-ca-bundle.pem | ||
| touch ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/java/cacerts | ||
|
|
||
| # for OpenSSL and static ca-certificates consumers | ||
| mkdir -p ${pkgdir}${MINGW_PREFIX}/etc/ssl/certs | ||
| cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ${pkgdir}${MINGW_PREFIX}/etc/ssl/cert.pem | ||
| cp -f ${pkgdir}${MINGW_PREFIX}/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt ${pkgdir}${MINGW_PREFIX}/etc/ssl/certs/ca-bundle.trust.crt | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=clang32 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=clang64 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
26 changes: 26 additions & 0 deletions
26
mingw-w64-ca-certificates/ca-certificates-CLANGARM64.install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=clangarm64 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=mingw32 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=mingw64 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| export LC_ALL=C | ||
|
|
||
| post_install() { | ||
| local _mingw_prefix=ucrt64 | ||
| DEST=${_mingw_prefix}/etc/pki/ca-trust/extracted | ||
|
|
||
| # OpenSSL PEM bundle that includes trust flags | ||
| # (BEGIN TRUSTED CERTIFICATE) | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth $DEST/pem/tls-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email $DEST/pem/email-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing $DEST/pem/objsign-ca-bundle.pem | ||
| ${_mingw_prefix}/bin/p11-kit.exe extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts | ||
|
|
||
| mkdir -p ${_mingw_prefix}/etc/ssl/certs | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/certs/ca-bundle.crt | ||
| cp -f $DEST/pem/tls-ca-bundle.pem ${_mingw_prefix}/etc/ssl/cert.pem | ||
| cp -f $DEST/openssl/ca-bundle.trust.crt ${_mingw_prefix}/etc/ssl/certs/ca-bundle.trust.crt | ||
|
|
||
| #${_mingw_prefix}/bin/update-ca-trust >/dev/null 2>&1 | ||
| } | ||
|
|
||
| post_upgrade() { | ||
| post_install | ||
| } | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| --- certdata2pem.py 2019-10-25 21:30:36.106307900 +0200 | ||
| +++ certdata2pem_new.py 2019-10-25 21:31:02.041144900 +0200 | ||
| @@ -126,7 +126,7 @@ | ||
| continue | ||
| label = labelbytes.decode('utf-8') | ||
| serial = printable_serial(obj) | ||
| - return label + ":" + serial | ||
| + return urllib.parse.quote(label + "_" + serial) | ||
|
|
||
| def write_cert_ext_to_file(f, oid, value, public_key): | ||
| f.write("[p11-kit-object-v1]\n") | ||
| @@ -268,7 +268,7 @@ | ||
| pk_fname = "pubkey-" + fname | ||
| fpkout = open(pk_fname, "w") | ||
| dump_pk_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-pubkey"] | ||
| - subprocess.call(dump_pk_command, stdout=fpkout) | ||
| + subprocess.check_call(dump_pk_command, stdout=fpkout) | ||
| fpkout.close() | ||
| with open (pk_fname, "r") as myfile: | ||
| pk=myfile.read() | ||
| @@ -276,10 +276,10 @@ | ||
| comment_fname = "comment-" + fname | ||
| fcout = open(comment_fname, "w") | ||
| comment_command = ["openssl", "x509", "-in", cert_fname, "-noout", "-text"] | ||
| - subprocess.call(comment_command, stdout=fcout) | ||
| + subprocess.check_call(comment_command, stdout=fcout) | ||
| fcout.close() | ||
| sed_command = ["sed", "--in-place", "s/^/#/", comment_fname] | ||
| - subprocess.call(sed_command) | ||
| + subprocess.check_call(sed_command) | ||
| with open (comment_fname, "r", errors = 'replace') as myfile: | ||
| cert_comment=myfile.read() | ||
|
|
Oops, something went wrong.