poky/meta/recipes-support/ca-certificates/ca-certificates/0001-Revert-mozilla-certdata2pem.py-print-a-warning-for-e.patch - openbmc/openbmc - Gitiles

 From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin <alex@linutronix.de>
 Date: Mon, 18 Oct 2021 12:05:49 +0200
 Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
  certificates."

 This avoids a dependency on python3-cryptography, and only checks
 for expired certs (which is upstream concern, but not ours).

 Upstream-Status: Inappropriate [oe-core specific]
 Signed-off-by: Alexander Kanavin <alex@linutronix.de>
 ---
  debian/changelog        |  1 -
  debian/control          |  2 +-
  mozilla/certdata2pem.py | 11 -----------
  3 files changed, 1 insertion(+), 13 deletions(-)

 diff --git a/debian/changelog b/debian/changelog
 index 531e4d0..4006509 100644
 --- a/debian/changelog
 +++ b/debian/changelog
 @@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
      - "Trustis FPS Root CA"
      - "Staat der Nederlanden Root CA - G3"
    * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
 -  * mozilla/certdata2pem.py: print a warning for expired certificates.

   -- Julien Cristau <jcristau@debian.org>  Thu, 07 Oct 2021 17:12:47 +0200

 diff --git a/debian/control b/debian/control
 index 4434b7a..5c6ba24 100644
 --- a/debian/control
 +++ b/debian/control
 @@ -3,7 +3,7 @@ Section: misc
  Priority: optional
  Maintainer: Julien Cristau <jcristau@debian.org>
  Build-Depends: debhelper-compat (= 13), po-debconf
 -Build-Depends-Indep: python3, openssl, python3-cryptography
 +Build-Depends-Indep: python3, openssl
  Standards-Version: 4.5.0.2
  Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
  Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
 diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
 index ede23d4..7d796f1 100644
 --- a/mozilla/certdata2pem.py
 +++ b/mozilla/certdata2pem.py
 @@ -21,16 +21,12 @@
  # USA.

  import base64
 -import datetime
  import os.path
  import re
  import sys
  import textwrap
  import io

 -from cryptography import x509
 -
 -
  objects = []

  # Dirty file parser.
 @@ -121,13 +117,6 @@ for obj in objects:
      if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
              continue
 -
 -        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
 -        if cert.not_valid_after < datetime.datetime.now():
 -            print('!'*74)
 -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
 -            print('!'*74)
 -
          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
                                        .replace(' ', '_')\
                                        .replace('(', '=')\
 --
 2.20.1
	From cb43ec15b700b25f3c4fe44043a1a021aaf5b768 Mon Sep 17 00:00:00 2001
	From: Alexander Kanavin <alex@linutronix.de>
	Date: Mon, 18 Oct 2021 12:05:49 +0200
	Subject: [PATCH] Revert "mozilla/certdata2pem.py: print a warning for expired
	certificates."

	This avoids a dependency on python3-cryptography, and only checks
	for expired certs (which is upstream concern, but not ours).

	Upstream-Status: Inappropriate [oe-core specific]
	Signed-off-by: Alexander Kanavin <alex@linutronix.de>
	---
	debian/changelog \| 1 -
	debian/control \| 2 +-
	mozilla/certdata2pem.py \| 11 -----------
	3 files changed, 1 insertion(+), 13 deletions(-)

	diff --git a/debian/changelog b/debian/changelog
	index 531e4d0..4006509 100644
	--- a/debian/changelog
	+++ b/debian/changelog
	@@ -37,7 +37,6 @@ ca-certificates (20211004) unstable; urgency=low
	- "Trustis FPS Root CA"
	- "Staat der Nederlanden Root CA - G3"
	* Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
	- * mozilla/certdata2pem.py: print a warning for expired certificates.

	-- Julien Cristau <jcristau@debian.org> Thu, 07 Oct 2021 17:12:47 +0200

	diff --git a/debian/control b/debian/control
	index 4434b7a..5c6ba24 100644
	--- a/debian/control
	+++ b/debian/control
	@@ -3,7 +3,7 @@ Section: misc
	Priority: optional
	Maintainer: Julien Cristau <jcristau@debian.org>
	Build-Depends: debhelper-compat (= 13), po-debconf
	-Build-Depends-Indep: python3, openssl, python3-cryptography
	+Build-Depends-Indep: python3, openssl
	Standards-Version: 4.5.0.2
	Vcs-Git: https://salsa.debian.org/debian/ca-certificates.git
	Vcs-Browser: https://salsa.debian.org/debian/ca-certificates
	diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
	index ede23d4..7d796f1 100644
	--- a/mozilla/certdata2pem.py
	+++ b/mozilla/certdata2pem.py
	@@ -21,16 +21,12 @@
	# USA.

	import base64
	-import datetime
	import os.path
	import re
	import sys
	import textwrap
	import io

	-from cryptography import x509
	-
	-
	objects = []

	# Dirty file parser.
	@@ -121,13 +117,6 @@ for obj in objects:
	if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
	if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
	continue
	-
	- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
	- if cert.not_valid_after < datetime.datetime.now():
	- print('!'*74)
	- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
	- print('!'*74)
	-
	bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
	.replace(' ', '_')\
	.replace('(', '=')\
	--
	2.20.1