Summary: | sysutils/vagrant: vagrant/files/cacert.pem over five years old | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | corvid | ||||
Component: | Individual Port(s) | Assignee: | Christoph Moench-Tegeder <cmt> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | cmt, joe | ||||
Priority: | --- | Flags: | joe:
maintainer-feedback+
|
||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
corvid
2018-12-26 17:48:48 UTC
Ping? The easiest improvement would be a BUILD_DEPENDS on security/ca_root_nss and copy $[PREFIX}/share/certs/ca-root-nss.crt from there - but embedding a certificate which is managed elsewhere is rather clumsy. A much more elegant way would be using the installed certificate from ca_root_nss at runtime - but I haven't really looked into the amount of patching required for that. Any comments? Hi! Sorry on the delay. Yes, that's the best way; it should depend on ca_root_nss and use it at run-time. Would you be able to make this change? Thanks, -Joe I am attaching a patch that resolves the old certificate inclusion, by depending upon ca_root_nss package. Additionally, a dependency upon curl was missing. I've bumped the port revision with these changes. Tested on 12.0-RELEASE and 11.2-RELEASE for basic functionality. Thanks, -Joe Created attachment 202790 [details]
vagrant 2.2.4_1 with curl and ca_root_nss dependencies
I'll look into this later this week (curse of the consultant: lots of travel). A commit references this bug: Author: cmt Date: Thu Mar 14 23:15:29 UTC 2019 New revision: 495742 URL: https://svnweb.freebsd.org/changeset/ports/495742 Log: Use CA certificates from ca_root_nss for TLS validation instead of embedding a very old version of that file, and depend on ca_root_nss for that. Add dependency on curl, which has been missing for a long time. PR: 234421 Submitted by: joe@thrallingpenguin.com Reported by: corvid@openmailbox.org Approved by: joe@thrallingpenguin.com (maintainer) Changes: head/sysutils/vagrant/Makefile head/sysutils/vagrant/files/cacert.pem head/sysutils/vagrant/files/patch-bin_vagrant head/sysutils/vagrant/pkg-plist committed ports r495742 - thanks! |