[Buildroot] [PATCH 1/1] package/ca-certificates: add support for cryptography > 3.0
Yann E. MORIN
yann.morin.1998 at free.fr
Sun Nov 6 10:51:24 UTC 2022
Justin, All,
On 2022-11-02 12:56 -0400, jwood+buildroot at starry.com spake thusly:
> From: Justin Wood <jwood at starry.com>
>
> This patch was originally submitted upstream at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
> by Wataru Ashihara <wsh at iij.ad.jp>. Minor changes by me to account for the Buildroot change in 0001-*.patch.
>
> Building ca-certificates with a newer cryptography is breaking without this patch, and building buildroots
> `python-cryptography` package first doesn't change the broken behavior.
I've reworded the commit log in a more logical manner (explain what
breaks and why, then how we fix it).
I also notice that the bug report states that cryptography 3.0 is also
affected, so I tweaked the commit title accordingly.
> Signed-off-by: Justin Wood <jwood at starry.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> ...2pem.py-Fix-compat-with-cryptography.patch | 29 +++++++++++++++++++
> 1 file changed, 29 insertions(+)
> create mode 100644 package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
>
> diff --git a/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> new file mode 100644
> index 0000000000..0537da9224
> --- /dev/null
> +++ b/package/ca-certificates/0002-mozilla-certdata2pem.py-Fix-compat-with-cryptography.patch
> @@ -0,0 +1,29 @@
> +From 5e493ca307a031e81528ceddb96f3da40bc062cf Mon Sep 17 00:00:00 2001
> +From: Wataru Ashihara <wsh at iij.ad.jp>
> +Date: Wed, 2 Nov 2022 12:40:05 -0400
> +Subject: [PATCH] mozilla/certdata2pem.py: Fix compat with cryptography > 3.0
> +
> +In newer cryptography packages, load_der_x509_certificate is enforced to be 'bytes' rather than currently used 'bytearray'. This fixes that.
> +
> +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008244
> +Signed-off-by: Justin Wood <jwood at starry.com>
> +---
> + mozilla/certdata2pem.py | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
> +index a6261f8..c0fa52c 100644
> +--- a/mozilla/certdata2pem.py
> ++++ b/mozilla/certdata2pem.py
> +@@ -122,7 +122,7 @@ for obj in objects:
> + try:
> + from cryptography import x509
> +
> +- cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
> ++ cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
> + if cert.not_valid_after < datetime.datetime.now():
> + print('!'*74)
> + print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
> +--
> +2.38.1
> +
> --
> 2.38.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list