#43512 closed enhancement (fixed)
weechat @0.4.3 use CA certificates provided by curl-ca-bundle
| Reported by: | anddam (Andrea D'Amore) | Owned by: | harciga |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.2.1 |
| Keywords: | ssl | Cc: | cooljeanius (Eric Gallager) |
| Port: | weechat |
Description
I'm attaching a patch adding run dependency on port curl-ca-bundles, the config option to use those by default in weechat and bumping the revision.
Attachments (2)
Change History (12)
Changed 11 years ago by anddam (Andrea D'Amore)
| Attachment: | patch-weechat_port.diff added |
|---|
comment:1 follow-up: 3 Changed 11 years ago by cooljeanius (Eric Gallager)
comment:3 Changed 11 years ago by harciga
Replying to egall@…:
Should probably be a path-style dependency so that certsync can satisfy it
This should do it:
depends_run path:share/curl/curl-ca-bundle.crt:curl-ca-bundle
I'll test the patch later tonight
Changed 11 years ago by harciga
| Attachment: | Portfile-weechat.diff added |
|---|
comment:4 Changed 11 years ago by harciga
I've attached the Portfile.diff, if anyone with commit rights would be kind enough to apply it.
Thanks.
comment:5 follow-up: 6 Changed 11 years ago by anddam (Andrea D'Amore)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Committed in r119526, I used the same share/[…] path as configure option since certsync doesn't provide the symlink in $prefix/etc (should it?).
Thanks for the prompt reply, ticket closed.
comment:6 follow-up: 7 Changed 11 years ago by harciga
Replying to and.damore@…:
Committed in r119526, I used the same share/[…] path as configure option since certsync doesn't provide the symlink in $prefix/etc (should it?).
Thanks for the prompt reply, ticket closed.
I thought certsync did provide ${prefix}/etc because of
ln -s ${prefix}/etc/openssl/cert.pem ${destroot}${prefix}/share/curl/curl-ca-bundle.crt
at http://trac.macports.org/browser/trunk/dports/security/certsync/Portfile#L70
anyway, both paths will work.
Thanks
comment:7 Changed 11 years ago by anddam (Andrea D'Amore)
Replying to starkhalo@…:
I thought
certsyncdid provide ${prefix}/etc because ofln -s ${prefix}/etc/openssl/cert.pem ${destroot}${prefix}/share/curl/curl-ca-bundle.crt
As you can see it's the opposite, that line is creating a symlink located in ${prefix}/share/curl and pointing to ${prefix}/etc/openssl/cert.pem even if the latter doesn't exist. I'm not sure what certsync is doing, I'll check with the maintainer.
Actually I didn't even check the certsync portfile, I activated the package from the binary package repository and noticed etc/openssl/cert.pem was not there.
edit:
certsync provides a dynamic update of cert.pem from Apple's CAs in Keychain, its behavior is correct I just didn't leave it the time to populate cert.pem on my system before removing the port, also certsync is preferred due to its auto-updating and "official" nature, see
https://lists.macosforge.org/pipermail/macports-dev/2013-May/022793.html
https://lists.macosforge.org/pipermail/macports-dev/2013-August/023792.html
and following parts of the thread.
comment:8 follow-up: 9 Changed 11 years ago by anddam (Andrea D'Amore)
I'd say to make the path dependency default to certsync and change the default value of gnutls_ca_file to the etc/openssl file, any thoughts?
comment:9 Changed 11 years ago by harciga
Replying to and.damore@…:
I'd say to make the path dependency default to certsync and change the default value of gnutls_ca_file to the etc/openssl file, any thoughts?
depends_run path:share/curl/curl-ca-bundle.crt:certsync
and
-DCA_FILE=${prefix}/etc/openssl/cert.pem
Sounds about right, I'll attach the Portfile diff in a few hours, I'm off to bed atm
Should probably be a path-style dependency so that certsync can satisfy it