Summary: | mail/claws-mail: dont install Win certs bundle, depend on security/ca_root_nss | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Piotr Smyrak <ps.ports> | ||||||
Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Only Me | CC: | fernape, portmaster | ||||||
Priority: | --- | Keywords: | patch | ||||||
Version: | Latest | Flags: | portmaster:
maintainer-feedback+
|
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
Attachments: |
|
Comment on attachment 215179 [details]
ports patch with additional upstream patch
Looks good.
Good catch, and thank you, Piotr! :-)
Approved.
--Chris
Created attachment 215201 [details]
additional improvements on top of submitter's patch
I reworked the original patch (good work!) so this applies whatever LOCALBASE the user is using.
Let me know if it looks good.
Comment on attachment 215201 [details]
additional improvements on top of submitter's patch
Yes. This will work well.
Thanks for doing this, Fernando! :-)
Approved.
--Chris
Oh, yes, I did consider hardcoding of /usr/local as kind of ugly. I wonder if it would make sense to consolidates the 2 steps into just post-patch and eliminate the additional patch file completely this way: post-patch: # Also search for certs in LOCALBASE dir to workaround # potential lack of /etc symlink in security/ca_root_nss @${REINPLACE_CMD} -e 's|"/etc/ssl/cert.pem",|& "'${LOCALBASE}'/share/certs/ca-root-nss.crt",|' \ ${WRKSRC}/src/common/ssl.c I am fine with any option. A commit references this bug: Author: fernape Date: Thu Jun 4 05:48:35 UTC 2020 New revision: 537868 URL: https://svnweb.freebsd.org/changeset/ports/537868 Log: mail/claws-mail: make it depend on security/ca_root_nss Instead of installing the Win certs bundle. A new patch is needed so it looks for certs by default in out LOCALBASE PR: 246944 Submitted by: ps.ports@smyrak.com Reviewed by: portmaster@bsdforge.com (maintainer) Changes: head/mail/claws-mail/Makefile head/mail/claws-mail/files/patch-configure.ac head/mail/claws-mail/files/patch-src_common_ssl.c head/mail/claws-mail/pkg-plist Committed, Thanks both for your work! |
Created attachment 215179 [details] ports patch with additional upstream patch claws port installs a %%DATADIR%%/ca-certificates.crt bundle, yet according to the application code (src/common/ssl.c:196), it is used only by Windows builds. Instead of doing so, make the port run depend on security/ca_root_nss and add a tiny patch that handles a situation, where operator have decided to install security/ca_root_nss without its knob ETCSYMLINK turned on, letting claws search the CA bundle both in /etc/ssl/cert.pem as if the symlink was enabled, and it ${LOCALBASE}/share/certs/ca-root-nss.crt