Bug 209670 - lang/mono: Update certificates store at install/update time
Summary: lang/mono: Update certificates store at install/update time
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-mono (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-05-20 17:18 UTC by Jean-Sébastien Pédron
Modified: 2018-01-30 19:10 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (mono)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jean-Sébastien Pédron freebsd_committer freebsd_triage 2016-05-20 17:18:53 UTC
Hi!

On FreeBSD, I had to run "mozroots --import --sync" to fetch trusted certificates before I was able to use a tool called "paket" which wants to download files from eg. GitHub.

Apparently, this is not required on at least Debian and other OSes. If I understand correctly, the Debian package populates Mono's trust store during the package install/update (or the update of ca-certificates) by calling cert-sync:
http://anonscm.debian.org/cgit/pkg-mono/packages/mono.git/tree/debian/mono-keystore

Would it be possible to implement a similar thing in the FreeBSD port?
Comment 1 Walter Schwarzenfeld freebsd_triage 2018-01-14 01:20:34 UTC
Maintainer feedback?
Comment 2 David Naylor freebsd_committer freebsd_triage 2018-01-14 15:38:37 UTC
This is partially implemented in the upcoming update to mono (https://reviews.freebsd.org/D13752).  WHat is currently missing is:
 a) a mechanism to update the certificates when ca_roots_nss is updated, and
 b) to prevent mono from poluting the /usr/share namespace.
Comment 3 commit-hook freebsd_committer freebsd_triage 2018-01-30 19:01:35 UTC
A commit references this bug:

Author: dbn
Date: Tue Jan 30 19:00:31 UTC 2018
New revision: 460430
URL: https://svnweb.freebsd.org/changeset/ports/460430

Log:
  lang/mono: update to version 5.2.0.215 (and enhance USES=mono)

  Highlights:
   - New Roslyn compiler for C# available
   - Improved support for nuget packages in USES=mono

  General:
   - fix pkg-plist: mono now produces '.pdb' debug files instead of '.mdb'
   - bump all dependant ports

  USES=mono:
   - properly handle caching of nuget packages
   - add support for multiple feeds for nuget packages
   - add support for nuget dependencies in a separate file
   - add support for paket packages

  lang/mono:
   - update to version 5.2.0.215
   - automate certificate initialisation [2]
   - increase test coverage
   - mark as conflicting with net/czmq (conflicting on makecert) [1]
   - patch mono to use $PREFIX/share/mono instead of /usr/share/.mono

  devel/google-gdata:
   - use nunit.framework nuget package as the Mono shipped version is no longer suppport.
   - switch to using csc(1) for compiling (mcs(1) is depreciated).
   - use delayed signing (and then sign with sn(1)) as csc(1) does not support signing.
   - fix reference to system assemblies (the '.dll' suffix is required).
   - fix reference to HttpUtility: csc(1) is more strict about scoping

  devel/monodevelop:
   - reroll distinfo (no changes to content)

  lang/fsharp:
   - reroll distinfo (no changes to content)

  security/gnome-keyring-sharp:
   - delay sign (then sign with sn(1)) as csc(1) does not support direct signing.

  PR:	223188 [1]
  PR:	209670 [2]
  Differential Revision:	https://reviews.freebsd.org/D13752

Changes:
  head/Mk/Uses/mono.mk
  head/audio/taglib-sharp/Makefile
  head/deskutils/tomboy/Makefile
  head/devel/dbus-sharp/Makefile
  head/devel/dbus-sharp/pkg-plist
  head/devel/flickrnet/Makefile
  head/devel/google-gdata/Makefile
  head/devel/google-gdata/distinfo
  head/devel/google-gdata/files/patch-Makefile
  head/devel/google-gdata/files/patch-src_gapps_auditservice.cs
  head/devel/log4net/Makefile
  head/devel/mono-addins/Makefile
  head/devel/mono-addins/pkg-plist
  head/devel/monodevelop/Makefile
  head/devel/monodevelop/distinfo
  head/devel/monodevelop/pkg-plist
  head/devel/nant/Makefile
  head/devel/ndesk-dbus/Makefile
  head/devel/ndesk-dbus-glib/Makefile
  head/devel/ndesk-options/Makefile
  head/devel/newtonsoft-json/Makefile
  head/devel/nini/Makefile
  head/devel/notify-sharp/Makefile
  head/devel/omnisharp-server/Makefile
  head/devel/omnisharp-server/pkg-plist
  head/games/gbrainy/Makefile
  head/games/openclaw/Makefile
  head/games/openra/Makefile
  head/graphics/nplot/Makefile
  head/irc/smartirc4net/Makefile
  head/lang/fsharp/Makefile
  head/lang/fsharp/distinfo
  head/lang/mono/Makefile
  head/lang/mono/distinfo
  head/lang/mono/files/patch-configure.ac
  head/lang/mono/files/patch-eglib_src_gfile-posix.c
  head/lang/mono/files/patch-mcs_class_Mono.Security_Mono.Security.Cryptography_KeyPairPersistence.cs
  head/lang/mono/files/patch-mcs_class_Mono.Security_Mono.Security.X509_X509StoreManager.cs
  head/lang/mono/files/patch-mcs_tools_mono-configuration-crypto_lib_Mono.Configuration.Crypto_KeyContainerCollection.cs
  head/lang/mono/files/patch-mcs_tools_xbuild_data_12.0_Microsoft.CSharp.targets
  head/lang/mono/files/patch-mcs_tools_xbuild_data_14.0_Microsoft.CSharp.targets
  head/lang/mono/files/patch-mono_metadata_socket-io.c
  head/lang/mono/files/patch-mono_mini_mini-posix.c
  head/lang/mono/files/patch-mono_profiler_ptestrunner.pl
  head/lang/mono/files/patch-mono_utils_mono-compiler.h
  head/lang/mono/files/patch-mono_utils_mono-proclib.c
  head/lang/mono/files/patch-mono_utils_mono-threads.c
  head/lang/mono/files/patch-mono_utils_w32handle.c
  head/lang/mono/files/patch-scripts_mono-heapviz
  head/lang/mono/pkg-plist
  head/lang/mono-basic/Makefile
  head/mail/gmime2-sharp/Makefile
  head/mail/gmime24-sharp/Makefile
  head/misc/cdcollect/Makefile
  head/misc/podsleuth/Makefile
  head/multimedia/emby-server/Makefile
  head/multimedia/emby-server/pkg-plist
  head/multimedia/gnome-subtitles/Makefile
  head/net/avahi-sharp/Makefile
  head/net/mono-zeroconf/Makefile
  head/net/ntpa/Makefile
  head/security/gnome-keyring-sharp/Makefile
  head/security/gnome-keyring-sharp/files/
  head/security/gnome-keyring-sharp/files/patch-configure.ac
  head/security/gnome-keyring-sharp/files/patch-src_Gnome.Keyring_AssemblyInfo.cs.in
  head/security/gnome-keyring-sharp/files/patch-src_Makefile.am
  head/security/gnome-keyring-sharp/pkg-plist
  head/security/keepass/Makefile
  head/www/mod_mono/Makefile
  head/www/webkit-sharp/Makefile
  head/www/xsp/Makefile
  head/x11-toolkits/gnome-sharp20/Makefile
  head/x11-toolkits/gtk-sharp20/Makefile
  head/x11-toolkits/gtk-sharp30/Makefile
Comment 4 David Naylor freebsd_committer freebsd_triage 2018-01-30 19:10:47 UTC
Fix committed, thanks for the PR.