| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.
Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
| bundle to version 2.50
| The following certificate authorities were added (+):
| + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
| + "GlobalSign Root R46"
| + "GlobalSign Root E46"
| + "GLOBALTRUST 2020"
| + "ANF Secure Server Root CA"
| + "Certum EC-384 CA"
| + "Certum Trusted Root CA"
| The following certificate authorities were removed (-):
| - "QuoVadis Root CA"
| - "Sonera Class 2 Root CA"
| - "GeoTrust Primary Certification Authority - G2"
| - "VeriSign Universal Root Certification Authority"
| - "Chambers of Commerce Root - 2008"
| - "Global Chambersign Root - 2008"
| - "Trustis FPS Root CA"
| - "Staat der Nederlanden Root CA - G3"
| * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]
[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
| |
Add an alias for Debian packages and download them from the Debian
mirror redirector.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the ca-certificates and ca-bundle package from version 20200601 to
version 2021019.
This version uses Python 3 for the build, fixing a build issue on systems,
where `/usr/bin/python3` is a wrapper script [1].
Debian change-log entry [2]:
> [ Julien Cristau ]
> * New maintainer (closes: #976406)
> * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate
> authority
> bundle to version 2.46.
> The following certificate authorities were added (+):
> + "certSIGN ROOT CA G2"
> + "e-Szigno Root CA 2017"
> + "Microsoft ECC Root Certificate Authority 2017"
> + "Microsoft RSA Root Certificate Authority 2017"
> + "NAVER Global Root Certification Authority"
> + "Trustwave Global Certification Authority"
> + "Trustwave Global ECC P256 Certification Authority"
> + "Trustwave Global ECC P384 Certification Authority"
> The following certificate authorities were removed (-):
> - "EE Certification Centre Root CA"
> - "GeoTrust Universal CA 2"
> - "LuxTrust Global Root 2"
> - "OISTE WISeKey Global Root GA CA"
> - "Staat der Nederlanden Root CA - G2" (closes: #962079)
> - "Taiwan GRCA"
> - "Verisign Class 3 Public Primary Certification Authority - G3"
>
> [ Michael Shuler ]
> * mozilla/blacklist:
> Revert Symantec CA blacklist (#911289). Closes: #962596
> The following root certificates were added back (+):
> + "GeoTrust Primary Certification Authority - G2"
> + "VeriSign Universal Root Certification Authority"
>
> [ Gianfranco Costamagna ]
> * debian/{rules,control}:
> Merge Ubuntu patch from Matthias Klose to use Python3 during build.
> Closes: #942915
[1]: https://github.molgen.mpg.de/mariux64/mxtools/issues/148
[2]: https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20210119_changelog
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
|
|
|
|
|
|
|
| |
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.
A list of changes from Debian's change-log entry for 20200601 [0]:
* mozilla/{certdata.txt,nssckbi.h}:
Update Mozilla certificate authority bundle to version 2.40.
Closes: #956411, #955038
* mozilla/blacklist.txt
Add distrusted Symantec CA list to blacklist for explicit removal.
Closes: #911289
Blacklist expired root certificate, "AddTrust External Root"
Closes: #961907
The following certificate authorities were added (+):
+ "Certigna Root CA"
+ "emSign ECC Root CA - C3"
+ "emSign ECC Root CA - G3"
+ "emSign Root CA - C1"
+ "emSign Root CA - G1"
+ "Entrust Root Certification Authority - G4"
+ "GTS Root R1"
+ "GTS Root R2"
+ "GTS Root R3"
+ "GTS Root R4"
+ "Hongkong Post Root CA 3"
+ "UCA Extended Validation Root"
+ "UCA Global G2 Root"
The following certificate authorities were removed (-):
- "AddTrust External Root"
- "Certinomis - Root CA"
- "Certplus Class 2 Primary CA"
- "Deutsche Telekom Root CA 2"
- "GeoTrust Global CA"
- "GeoTrust Primary Certification Authority"
- "GeoTrust Primary Certification Authority - G2"
- "GeoTrust Primary Certification Authority - G3"
- "GeoTrust Universal CA"
- "thawte Primary Root CA"
- "thawte Primary Root CA - G2"
- "thawte Primary Root CA - G3"
- "VeriSign Class 3 Public Primary Certification Authority - G4"
- "VeriSign Class 3 Public Primary Certification Authority - G5"
- "VeriSign Universal Root Certification Authority"
[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
| |
- both packages provide ca-certs
- make ca-bundle the default provider
This should allow easy transition between these two forms of CA certificates storage
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
|
|
|
|
|
|
| |
remove myself as PKG_MAINTAINER
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixes openwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
| |
ca-certificates: Update to Version 20180409
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
|
|
| |
Update to 20170717
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
| |
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
|
|
| |
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
| |
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
|
|
|
|
|
|
|
|
| |
Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
|
|
|
|
|
|
|
|
|
|
| |
- update to latest version 20160104
- remove cpu dependency (PKGARCH:=all)
- set myself as package maintainer
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48271
|
|
|
|
|
|
|
|
| |
update to version 20151214
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 48000
|
|
|
|
|
|
|
|
| |
update to version 20150426
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 45858
|
|
|
|
|
|
| |
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 45250
|
|
|
|
|
|
| |
Signed-off-by: Nicolas Thill <nico@openwrt.org>
SVN-Revision: 44498
|
|
|
|
|
|
|
|
| |
turns out that r43155 adds duplicate info.
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 43167
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.
I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.
However, I can not garantee that I always picked the correct information
and/or did not miss license information.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
SVN-Revision: 43155
|
|
|
|
|
|
|
|
| |
Update to Version 20141019
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 43111
|
|
|
|
|
|
|
|
|
|
|
| |
Implementing "add-cert.sh" functionality described at
http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
otherwise you need to create symbolic links for certificate hashes
yourself.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
SVN-Revision: 42660
|
|
|
|
| |
SVN-Revision: 40894
|
|
|
|
|
|
|
|
| |
symlink (fixes #15351)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40007
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 39984
|