Bug 246944 - mail/claws-mail: dont install Win certs bundle, depend on security/ca_root_nss
Summary: mail/claws-mail: dont install Win certs bundle, depend on security/ca_root_nss
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2020-06-02 20:38 UTC by Piotr Smyrak
Modified: 2020-06-04 05:52 UTC (History)
2 users (show)

See Also:
portmaster: maintainer-feedback+


Attachments
ports patch with additional upstream patch (1.85 KB, patch)
2020-06-02 20:38 UTC, Piotr Smyrak
no flags Details | Diff
additional improvements on top of submitter's patch (3.47 KB, patch)
2020-06-03 16:41 UTC, Fernando Apesteguía
portmaster: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Smyrak 2020-06-02 20:38:39 UTC
Created attachment 215179 [details]
ports patch with additional upstream patch

claws port installs a %%DATADIR%%/ca-certificates.crt bundle, yet according 
to the application code (src/common/ssl.c:196), it is used only by Windows 
builds. 

Instead of doing so, make the port run depend on security/ca_root_nss and add 
a tiny patch that handles a situation, where operator have decided to install 
security/ca_root_nss without its knob ETCSYMLINK turned on, letting claws 
search the CA bundle both in /etc/ssl/cert.pem as if the symlink was enabled, 
and it ${LOCALBASE}/share/certs/ca-root-nss.crt
Comment 1 Chris Hutchinson 2020-06-03 01:54:19 UTC
Comment on attachment 215179 [details]
ports patch with additional upstream patch

Looks good.
Good catch, and thank you,  Piotr! :-)

Approved.

--Chris
Comment 2 Fernando Apesteguía freebsd_committer 2020-06-03 16:41:32 UTC
Created attachment 215201 [details]
additional improvements on top of submitter's patch

I reworked the original patch (good work!) so this applies whatever LOCALBASE the user is using.

Let me know if it looks good.
Comment 3 Chris Hutchinson 2020-06-03 16:54:07 UTC
Comment on attachment 215201 [details]
additional improvements on top of submitter's patch

Yes. This will work well.
Thanks for doing this, Fernando! :-)

Approved.

--Chris
Comment 4 Piotr Smyrak 2020-06-03 21:08:17 UTC
Oh, yes, I did consider hardcoding of /usr/local as kind of ugly. 

I wonder if it would make sense to consolidates the 2 steps into just post-patch and eliminate the additional patch file completely this way:

post-patch:
	# Also search for certs in LOCALBASE dir to workaround
	# potential lack of /etc symlink in security/ca_root_nss
	@${REINPLACE_CMD} -e 's|"/etc/ssl/cert.pem",|& "'${LOCALBASE}'/share/certs/ca-root-nss.crt",|' \
	${WRKSRC}/src/common/ssl.c

I am fine with any option.
Comment 5 commit-hook freebsd_committer 2020-06-04 05:48:41 UTC
A commit references this bug:

Author: fernape
Date: Thu Jun  4 05:48:35 UTC 2020
New revision: 537868
URL: https://svnweb.freebsd.org/changeset/ports/537868

Log:
  mail/claws-mail: make it depend on security/ca_root_nss

  Instead of installing the Win certs bundle.

  A new patch is needed so it looks for certs by default in out LOCALBASE

  PR:	246944
  Submitted by:	ps.ports@smyrak.com
  Reviewed by:	portmaster@bsdforge.com (maintainer)

Changes:
  head/mail/claws-mail/Makefile
  head/mail/claws-mail/files/patch-configure.ac
  head/mail/claws-mail/files/patch-src_common_ssl.c
  head/mail/claws-mail/pkg-plist
Comment 6 Fernando Apesteguía freebsd_committer 2020-06-04 05:52:05 UTC
Committed,

Thanks both for your work!