FreeBSD Bugzilla – Attachment 184124 Details for
Bug 220511
security/ca_root_nss: Add port option to remove duplicate certs based on Subject
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to add make option
ca_root_nss.patch (text/plain), 2.86 KB, created by
Jim Pirzyk
on 2017-07-06 12:52:31 UTC
(
hide
)
Description:
Patch to add make option
Filename:
MIME Type:
Creator:
Jim Pirzyk
Created:
2017-07-06 12:52:31 UTC
Size:
2.86 KB
patch
obsolete
>--- ./Makefile.orig 2017-06-11 13:20:07.000000000 -0500 >+++ ./Makefile 2017-07-05 08:30:27.514516000 -0500 >@@ -2,6 +2,7 @@ > > PORTNAME= ca_root_nss > PORTVERSION= ${VERSION_NSS} >+PORTREVISION= 1 > CATEGORIES= security > MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src > DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} >@@ -11,13 +12,14 @@ > > LICENSE= MPL > >-OPTIONS_DEFINE= ETCSYMLINK >+OPTIONS_DEFINE= ETCSYMLINK NODUPS > OPTIONS_DEFAULT= ETCSYMLINK > > OPTIONS_SUB= yes > > ETCSYMLINK_DESC= Add symlink to /etc/ssl/cert.pem > ETCSYMLINK_CONFLICTS_INSTALL= ca-roots-[0-9]* >+NODUPS_DESC= No subject duplicate certificates (use highest serial) > > USES= perl5 ssl:build > USE_PERL5= build >@@ -42,6 +44,10 @@ > > .include <bsd.port.options.mk> > >+.if ${PORT_OPTIONS:MNODUPS} >+NODUPS_CONFIGURE_ON=true >+.endif >+ > do-extract: > @${MKDIR} ${WRKDIR} > @${TAR} -C ${WRKDIR} -xf ${DISTDIR}/nss-${VERSION_NSS}${NSS_SUFFIX}${EXTRACT_SUFX} \ >@@ -50,7 +56,7 @@ > @${RM} -r ${WRKDIR}/nss-${VERSION_NSS} > > do-build: apply-slist >- @${SETENV} PATH=${LOCALBASE}/bin:$${PATH} \ >+ @${SETENV} PATH=${LOCALBASE}/bin:$${PATH} WITH_NODUPS=${NODUPS_CONFIGURE_ON} \ > ${PERL} ${WRKDIR}/${BUNDLE_PROCESSOR} \ > < ${WRKDIR}/certdata.txt > \ > ${WRKDIR}/ca-root-nss.crt >--- ./files/MAca-bundle.pl.in.orig 2013-08-29 03:10:09.000000000 -0500 >+++ ./files/MAca-bundle.pl.in 2017-07-03 13:50:55.642087000 -0500 >@@ -54,6 +54,10 @@ > $debug++ > if defined $ENV{'WITH_DEBUG'} > and $ENV{'WITH_DEBUG'} !~ m/(?i)^(no|0|false|)$/; >+my $dups = 1; >+$dups = 0 >+ if defined $ENV{'WITH_NODUPS'} >+ and $ENV{'WITH_NODUPS'} !~ m/(?i)^(no|0|false|)$/; > > my %certs; > my %trusts; >@@ -201,18 +205,29 @@ > } > } > >-print "## Untrusted certificates omitted from this bundle: $untrusted\n\n"; >+print "## Untrusted certificates omitted from this bundle: $untrusted\n"; > print STDERR "## Untrusted certificates omitted from this bundle: $untrusted\n"; >+print "## Ingnoring duplicate certificates\n\n" if ( ! $dups ); >+print STDERR "## Ingnoring duplicate certificates\n\n" if ( ! $dups ); > > my $certcount = 0; >-foreach my $it (sort {uc($a) cmp uc($b)} keys %certs) { >+my (%seensubjects); >+foreach my $it (sort { >+ my ($a1,$a2) = split("\0", $a); >+ my ($b1,$b2) = split("\0", $b); >+ uc($a1) cmp uc($b1) and $b2 == $a2 >+} keys %certs) { > if (!exists($trusts{$it})) { > die "Found certificate without trust block,\naborting"; > } >- printcert("", $certs{$it}); >- print "\n\n\n"; >- $certcount++; >- print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug; >+ my ($subject, $serial) = split("\0", $it); >+ if ( $dups == 1 or ! exists $seensubjects{$subject} ) { >+ $seensubjects{$subject} = 1; >+ printcert("", $certs{$it}); >+ print "\n\n\n"; >+ $certcount++; >+ print STDERR "Trusting $certcount: ".printlabel($it)."\n" if $debug; >+ } > } > > if ($certcount < 25) {
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 220511
:
184124
|
184255
|
202060