Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Tree: 76b6da9d4f
Branches Tags
buildroot
/
package
/
ca-certificates
/
0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch

0001-mozilla-certdata2pem.py-make-cryptography-module-opt.patch 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960 
  1. From a4e468a2a0afa80df174831c2f422184820bb0fa Mon Sep 17 00:00:00 2001
    2. 

  2. From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    3. 

  3. Date: Thu, 6 Jan 2022 23:15:00 +0100
    4. 

  4. Subject: [PATCH] mozilla/certdata2pem.py: make cryptography module optional
    5. 

  5. 

  6. The Python cryptography module is only used to verify if trusted
    7. 

  7. certificates have expired, but this is only a warning. For some build
    8. 

  8. systems and distributions, providing Python cryptography is costly,
    9. 

  9. especially since it's now partly written in Rust.
    10. 

  10. 

  11. As the check is only a warning, it's anyway going to be overlooked by
    12. 

  12. most people. This commit changes the check to be optional: if the
    13. 

  13. cryptography Python module is there, we perform the check, otherwise
    14. 

  14. the check is skipped.
    15. 

  15. 

  16. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
    17. 

  17. [Steve: refreshed to apply on ca-certificates version 20230311]
    18. 

  18. Signed-off-by: Steve Hay <me@stevenhay.com>
    19. 

  19. ---
    20. 

  20.  mozilla/certdata2pem.py | 17 ++++++++++-------
    21. 

  21.  1 file changed, 10 insertions(+), 7 deletions(-)
    22. 

  22. 

  23. diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py
    24. 

  24. index 4df86a2..3a6d7dc 100644
    25. 

  25. --- a/mozilla/certdata2pem.py
    26. 

  26. +++ b/mozilla/certdata2pem.py
    27. 

  27. @@ -28,8 +28,6 @@ import sys
    28. 

  28.  import textwrap
    29. 

  29.  import io
    30. 

  30.  
    31. 

  31. -from cryptography import x509
    32. 

  32. -
    33. 

  33.  
    34. 

  34.  objects = []
    35. 

  35.  
    36. 

  36. @@ -122,11 +120,16 @@ for obj in objects:
    37. 

  37.          if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
    38. 

  38.              continue
    39. 

  39.  
    40. 

  40. -        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
    41. 

  41. -        if cert.not_valid_after < datetime.datetime.utcnow():
    42. 

  42. -            print('!'*74)
    43. 

  43. -            print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
    44. 

  44. -            print('!'*74)
    45. 

  45. +        try:
    46. 

  46. +            from cryptography import x509
    47. 

  47. +
    48. 

  48. +            cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
    49. 

  49. +            if cert.not_valid_after < datetime.datetime.utcnow():
    50. 

  50. +                print('!'*74)
    51. 

  51. +                print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
    52. 

  52. +                print('!'*74)
    53. 

  53. +        except ImportError:
    54. 

  54. +            pass
    55. 

  55.  
    56. 

  56.          bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
    57. 

  57.                                        .replace(' ', '_')\
    58. 

  58. -- 
    59. 

  59. 2.30.2
    60. 

  60.