mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2025-11-04 06:54:27 -05:00
25bc66eb40
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
||
|---|---|---|
| .. | ||
| ca-certificates | ||
| fstools | ||
| fwtool | ||
| iucode-tool | ||
| mtd | ||
| openwrt-keyring | ||
| opkg | ||
| procd | ||
| refpolicy | ||
| rpcd | ||
| selinux-policy | ||
| ubox | ||
| ubus | ||
| ucert | ||
| uci | ||
| urandom-seed | ||
| urngd | ||
| usign | ||
| zram-swap | ||