aboutsummaryrefslogtreecommitdiffstats
path: root/package/system/ca-certificates
Commit message (Collapse)AuthorAgeFilesLines
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2021-12-011-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ca-certicficates: Update to version 20211016Christian Lamparter2021-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* download: add mirror alias for DebianDavid Bauer2021-02-261-1/+1
| | | | | | | Add an alias for Debian packages and download them from the Debian mirror redirector. Signed-off-by: David Bauer <mail@david-bauer.net>
* ca-certicficates: Update to version 20210119Paul Menzel2021-01-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20200601 to version 2021019. This version uses Python 3 for the build, fixing a build issue on systems, where `/usr/bin/python3` is a wrapper script [1]. Debian change-log entry [2]: > [ Julien Cristau ] > * New maintainer (closes: #976406) > * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate > authority > bundle to version 2.46. > The following certificate authorities were added (+): > + "certSIGN ROOT CA G2" > + "e-Szigno Root CA 2017" > + "Microsoft ECC Root Certificate Authority 2017" > + "Microsoft RSA Root Certificate Authority 2017" > + "NAVER Global Root Certification Authority" > + "Trustwave Global Certification Authority" > + "Trustwave Global ECC P256 Certification Authority" > + "Trustwave Global ECC P384 Certification Authority" > The following certificate authorities were removed (-): > - "EE Certification Centre Root CA" > - "GeoTrust Universal CA 2" > - "LuxTrust Global Root 2" > - "OISTE WISeKey Global Root GA CA" > - "Staat der Nederlanden Root CA - G2" (closes: #962079) > - "Taiwan GRCA" > - "Verisign Class 3 Public Primary Certification Authority - G3" > > [ Michael Shuler ] > * mozilla/blacklist: > Revert Symantec CA blacklist (#911289). Closes: #962596 > The following root certificates were added back (+): > + "GeoTrust Primary Certification Authority - G2" > + "VeriSign Universal Root Certification Authority" > > [ Gianfranco Costamagna ] > * debian/{rules,control}: > Merge Ubuntu patch from Matthias Klose to use Python3 during build. > Closes: #942915 [1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148 [2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
* ca-certificates: canonical the build dirJianhui Zhao2020-11-121-1/+7
| | | | | | | The previous build directory "build_dir/target-xx/work/" contaminated the entire build directory. Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
* ca-certificates: update to version 20200601Christian Lamparter2020-06-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch updates the ca-certificates and ca-bundle package. This version changed the files directory again, to work/, so PKG_BUILD_DIR was brought back. A list of changes from Debian's change-log entry for 20200601 [0]: * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.40. Closes: #956411, #955038 * mozilla/blacklist.txt Add distrusted Symantec CA list to blacklist for explicit removal. Closes: #911289 Blacklist expired root certificate, "AddTrust External Root" Closes: #961907 The following certificate authorities were added (+): + "Certigna Root CA" + "emSign ECC Root CA - C3" + "emSign ECC Root CA - G3" + "emSign Root CA - C1" + "emSign Root CA - G1" + "Entrust Root Certification Authority - G4" + "GTS Root R1" + "GTS Root R2" + "GTS Root R3" + "GTS Root R4" + "Hongkong Post Root CA 3" + "UCA Extended Validation Root" + "UCA Global G2 Root" The following certificate authorities were removed (-): - "AddTrust External Root" - "Certinomis - Root CA" - "Certplus Class 2 Primary CA" - "Deutsche Telekom Root CA 2" - "GeoTrust Global CA" - "GeoTrust Primary Certification Authority" - "GeoTrust Primary Certification Authority - G2" - "GeoTrust Primary Certification Authority - G3" - "GeoTrust Universal CA" - "thawte Primary Root CA" - "thawte Primary Root CA - G2" - "thawte Primary Root CA - G3" - "VeriSign Class 3 Public Primary Certification Authority - G4" - "VeriSign Class 3 Public Primary Certification Authority - G5" - "VeriSign Universal Root Certification Authority" [0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ca-certificates: provide ca-certs by both ca-certificates and ca-bundleMaxim Storchak2019-12-231-2/+4
| | | | | | | | | - both packages provide ca-certs - make ca-bundle the default provider This should allow easy transition between these two forms of CA certificates storage Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
* ca-certificates: update to version 20190110Josef Schlehofer2019-03-211-4/+3
| | | | | | | | | | - Tested on Turris MOX, OpenWrt master - Removed PKG_BUILD_DIR In build_dir there were two folders ca-certificates and ca-certificates-20190110 and it failed as files were in ca-certificates-20190110 Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
* ca-caertificates: remove myself as PKG_MAINTAINERChristian Schoenebeck2018-07-311-2/+2
| | | | | | remove myself as PKG_MAINTAINER Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* ca-certificates: ca-bundle: add symlink for openssl default settingYousong Zhou2018-07-071-0/+2
| | | | | | | | | | OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is needed for wget-ssl and possibly others to work seamlessly with fresh ca-bundle installation Fixes openwrt/packages#6152 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* ca-certificates: Update to Version 20180409Christian Schoenebeck2018-05-051-2/+2
| | | | | | ca-certificates: Update to Version 20180409 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* ca-certificates: Update to 20170717Christian Schoenebeck2017-08-181-4/+4
| | | | | | Update to 20170717 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-241-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ca-certificates: update to version 20161130Christian Schoenebeck2016-12-121-2/+2
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* ca-certificates: update to version 20161102Christian Schoenebeck2016-11-081-2/+2
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* ca-certificates: Add certificate bundle packageDaniel Dickinson2016-05-181-0/+12
| | | | | | | | Some SSL applications requires a certificates bundle rather than a directory containing certificates. For thos applications we build the ca-bundle package Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
* ca-certificates: update to version 20160104Felix Fietkau2016-01-171-3/+5
| | | | | | | | | | - update to latest version 20160104 - remove cpu dependency (PKGARCH:=all) - set myself as package maintainer Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 48271
* ca-certificates: update to version 20151214John Crispin2015-12-231-2/+3
| | | | | | | | update to version 20151214 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 48000
* ca-certificates: update to version 20150426John Crispin2015-05-311-4/+4
| | | | | | | | update to version 20150426 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 45858
* packages: use $(LN) macro, make symlinks relativeNicolas Thill2015-04-031-1/+1
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 45250
* packages: remove uneeded PKG_BUILD_DIR overridesNicolas Thill2015-02-221-1/+0
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> SVN-Revision: 44498
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* ca-certificates: Update to Version 20141019John Crispin2014-10-291-3/+3
| | | | | | | | Update to Version 20141019 Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 43111
* ca-certificates: create symbolic link for certificate hashesFelix Fietkau2014-09-251-0/+9
| | | | | | | | | | | Implementing "add-cert.sh" functionality described at http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile otherwise you need to create symbolic links for certificate hashes yourself. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> SVN-Revision: 42660
* ca-certificates: bump to 20140325Steven Barth2014-06-011-2/+2
| | | | SVN-Revision: 40894
* ca-certificates: install to /etc/ssl/certs/ directly instead of installing a ↵Felix Fietkau2014-03-231-4/+2
| | | | | | | | symlink (fixes #15351) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40007
* ca-certificates: add system CA certificates package (based on the debian one)Felix Fietkau2014-03-211-0/+41
Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39984