首页 发现 帮助
登录
PUBLIC_REPOS
/
buildroot
镜像自地址 git://git.buildroot.net/buildroot
2
1
派生 0
文件
目录树: 363dd649f3
分支列表 标签列表
buildroot
/
package
/
ca-certificates
/
0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch

0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch 2.0 KB
文件历史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. From bf18b564122e8f976681a2398862fde1eafd84ba Mon Sep 17 00:00:00 2001
    2. 

  2. From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    3. 

  3. Date: Thu, 6 Jan 2022 23:15:00 +0100
    4. 

  4. Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
    5. 

  5. 

  6. The Python cryptography module is only used to verify if trusted
    7. 

  7. certificates have expired, but this is only a warning. For some build
    8. 

  8. systems and distributions, providing Python cryptography is costly,
    9. 

  9. especially since it's now partly written in Rust.
    10. 

  10. 

  11. As the check is only a warning, it's anyway going to be overlooked by
    12. 

  12. most people. This commit changes the check to be optional: if the
    13. 

  13. cryptography Python module is there, we perform the check, otherwise
    14. 

  14. the check is skipped.
    15. 

  15. 

  16. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    17. 

  17. ---
    18. 

  18.  mozilla/certdata2pem.py | 18 ++++++++++--------
    19. 

  19.  1 file changed, 10 insertions(+), 8 deletions(-)
    20. 

  20. 

  21. diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
    22. 

  22. index ede23d4..a6261f8 100644
    23. 

  23. --- a/mozilla/certdata2pem.py
    24. 

  24. +++ b/mozilla/certdata2pem.py
    25. 

  25. @@ -28,9 +28,6 @@ import sys
    26. 

  26.  import textwrap
    27. 

  27.  import io
    28. 

  28.  
    29. 

  29. -from cryptography import x509
    30. 

  30. -
    31. 

  31. -
    32. 

  32.  objects = []
    33. 

  33.  
    34. 

  34.  # Dirty file parser.
    35. 

  35. @@ -122,11 +119,16 @@ for obj in objects:
    36. 

  36.          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
    37. 

  37.              continue
    38. 

  38.  
    39. 

  39. -        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
    40. 

  40. -        if cert.not_valid_after < datetime.datetime.now():
    41. 

  41. -            print('!'*74)
    42. 

  42. -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
    43. 

  43. -            print('!'*74)
    44. 

  44. +        try:
    45. 

  45. +            from cryptography import x509
    46. 

  46. +
    47. 

  47. +            cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
    48. 

  48. +            if cert.not_valid_after < datetime.datetime.now():
    49. 

  49. +                print('!'*74)
    50. 

  50. +                print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
    51. 

  51. +                print('!'*74)
    52. 

  52. +        except ImportError:
    53. 

  53. +            pass
    54. 

  54.  
    55. 

  55.          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
    56. 

  56.                                        .replace(' ', '_')\
    57. 

  57. -- 
    58. 

  58. 2.33.1
    59. 

  59.