[arch-commits] Commit in nss/trunk (PKGBUILD certdata2pem.py)

[Jan Steffens]

    Date: Wednesday, January 22, 2020 @ 09:15:47
  Author: heftig
Revision: 373785

3.49.1-2: p11-kit 0.23.19

Modified:
  nss/trunk/PKGBUILD
  nss/trunk/certdata2pem.py

-----------------+
 PKGBUILD        |   10 +++++-----
 certdata2pem.py |   15 +++++++++++++++
 2 files changed, 20 insertions(+), 5 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-01-22 09:13:10 UTC (rev 373784)
+++ PKGBUILD	2020-01-22 09:15:47 UTC (rev 373785)
@@ -3,18 +3,18 @@
 pkgbase=nss
 pkgname=(nss ca-certificates-mozilla)
 pkgver=3.49.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Network Security Services"
 url="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS"
 arch=(x86_64)
 license=(MPL GPL)
-_nsprver=4.20
-depends=("nspr>=${_nsprver}" sqlite zlib sh p11-kit)
+_nsprver=4.24
+depends=("nspr>=${_nsprver}" sqlite zlib sh 'p11-kit>=0.23.19')
 makedepends=(perl python gyp)
 source=("https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/nss-${pkgver}.tar.gz"
         certdata2pem.py bundle.sh)
 sha256sums=('d9aa42e49e02bb0dc0a2f164604cfc718e11a2a06ddb266cd676376ac21b026e'
-            '0be02cecc27a6e55e1cad1783033b147f502b26f9fb1bb5a53e7a43bbcb68fa0'
+            'd2a1579dae05fd16175fac27ef08b54731ecefdf414085c610179afcf62b096c'
             '3bfadf722da6773bdabdd25bdf78158648043d1b7e57615574f189a88ca865dd')
 
 prepare() {
@@ -83,7 +83,7 @@
 
 package_ca-certificates-mozilla() {
   pkgdesc="Mozilla's set of trusted CA certificates"
-  depends=(ca-certificates-utils)
+  depends=('ca-certificates-utils>=20181109-3')
 
   install -Dm644 ca-bundle.trust.p11-kit \
     "$pkgdir/usr/share/ca-certificates/trust-source/mozilla.trust.p11-kit"

Modified: certdata2pem.py
===================================================================
--- certdata2pem.py	2020-01-22 09:13:10 UTC (rev 373784)
+++ certdata2pem.py	2020-01-22 09:15:47 UTC (rev 373785)
@@ -177,6 +177,11 @@
   "CKA_TRUST_EMAIL_PROTECTION": "emailProtection",
 }
 
+cert_distrust_types = {
+  "CKA_NSS_SERVER_DISTRUST_AFTER": "nss-server-distrust-after",
+  "CKA_NSS_EMAIL_DISTRUST_AFTER": "nss-email-distrust-after",
+}
+
 for tobj in objects:
     if tobj['CKA_CLASS'] == 'CKO_NSS_TRUST':
         key = tobj['CKA_LABEL'] + printable_serial(tobj)
@@ -369,6 +374,16 @@
             f.write("nss-mozilla-ca-policy: true\n")
             f.write("modifiable: false\n");
 
+            # requires p11-kit >= 0.23.19
+            for t in list(cert_distrust_types.keys()):
+                if t in obj:
+                    value = obj[t]
+                    if value == 'CK_FALSE':
+                        value = bytearray(1)
+                    f.write(cert_distrust_types[t] + ": \"")
+                    f.write(urllib.parse.quote(value));
+                    f.write("\"\n")
+
             f.write("-----BEGIN CERTIFICATE-----\n")
             temp_encoded_b64 = base64.b64encode(obj['CKA_VALUE'])
             temp_wrapped = textwrap.wrap(temp_encoded_b64.decode(), 64)