From nobody Thu Oct  5 10:51:23 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S1SzJ2MQDz4wHRn;
	Thu,  5 Oct 2023 10:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4S1SzJ1xQKz3RqL;
	Thu,  5 Oct 2023 10:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1696503084;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vvEegod06VcshCdDCVjcXuiPz7cEKrTlOpBhmcx9ApA=;
	b=B/qMwZJGl1e+QtosdcUOWIjJPHRQ96G+gLMxtWQjR/rYoCV7Fce5WZLJZnCiy2iXwco+/O
	olMpfUHIy5hFCA/1N5V20+6J3gMS7GnQA0/aX7NJbC/sEmjUKoF+bJ5uZVdny+pBtTF1fT
	KLgA9/JVVZHLE4aJZmgQX4UZqY6lsDdcuYVZbkGD7VpX3+d7TvfkaDaVwa+IkEVusuDW3X
	elMYaRP+3tcswmEyhTehUbwkCYnYw4eZfYgDPUsHIDwp07sxPeL8O6HkZDF3pelN34MjlS
	uOx1JDSfwmepJpMXud7rALYkWLH1Skj4h7KoIdiDfWJJWu/3KAwrGilyWMBbqA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1696503084; a=rsa-sha256; cv=none;
	b=iLCvZ8Z7WlKY0dAEI7iHNEMcTz5ZGVD1Yx4YyxQggouQwPde6Amlhz4a5wTr1b+uc5GYYc
	QY7xE7M/A0/BfPHrQLx9z57mXcTpsMYHgw5yi7YbvBkPpQkDQYv7VCsa59Vod7puefT1NL
	JmSU6g9qFR25CMS3StqbiMC1Sc01hMkj1w04ritiiyRKYHZe8wkmHqQ3r1jXO2TX936jXB
	3j7K1w3zBFdLRCs5sTKKgRpwEnrvn+O9gw19crnD9hG2eIyboZBRq5s0MLd6xE6oQ6GNrv
	Tk6unnh20XZwhE/WSrRGb8xtyjSoZONBUAz9PVwlR8MNjPccuWhFeGnb9L77wA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1696503084;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vvEegod06VcshCdDCVjcXuiPz7cEKrTlOpBhmcx9ApA=;
	b=JUl8I0GSIQ5NqY8sFjrZ3EUUl+9Iqmv1gqbB7fbmtQFWntljkHqdzFniFLPEEV0Xdt+8uf
	C0wOwXCrMmkeSFtKSBqYXkby7Q/SUKZiM0G3/gpC0V4dXKN7gPoFFxH8Mt5Z5ncLwCVZKC
	DxS5gayPf8NQUKOTBLLRSLzuIprMQCDSRGaaZ3OKWzpFvrGOHCpElz7TdRupBmaY6icltB
	25iO8PlcSUXC/2YTVIY7JFef245ulf+8EfPDihvz9MF/Mj3HaHVoD3cM9ZrnpFyyvGv3HL
	WcoIBguC9DFS9Z+tQbSseDP8irWlLlNDS8iFtjJRY8XJqsG0rx2SadpgnnM2bA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4S1SzJ0hZXz1HBF;
	Thu,  5 Oct 2023 10:51:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 395ApNQh042547;
	Thu, 5 Oct 2023 10:51:24 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 395ApNmV042544;
	Thu, 5 Oct 2023 10:51:23 GMT
	(envelope-from git)
Date: Thu, 5 Oct 2023 10:51:23 GMT
Message-Id: <202310051051.395ApNmV042544@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org>
Subject: git: 03b792c59a52 - main - devel/arcanist-lib: Drop
  ca_root_nss dependency.
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: des
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 03b792c59a52485ebf4a4bbb5675bc9b91df81a5
Auto-Submitted: auto-generated

The branch main has been updated by des:

URL: https://cgit.FreeBSD.org/ports/commit/?id=03b792c59a52485ebf4a4bbb5675bc9b91df81a5

commit 03b792c59a52485ebf4a4bbb5675bc9b91df81a5
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2023-10-05 10:51:00 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2023-10-05 10:51:00 +0000

    devel/arcanist-lib: Drop ca_root_nss dependency.
    
    This was much harder than it needs to be, because Arcanist is dead set
    on forcing a CA bundle instead of letting curl pick one or use the OS
    native trust store.  Remove the enforced fallback and set CURL_CAINFO
    only if a CA bundle was explicitly configured or custom.pem was found
    on disk.  Furthermore, if the configured value is a directory, set
    CURL_CAPATH instead.
    
    MFH:            2023Q4
    Reviewed by:    grembo
    Differential Revision:  https://reviews.freebsd.org/D42042
---
 devel/arcanist-lib/Makefile                        |  6 +---
 .../files/patch-src_future_http_HTTPSFuture.php    | 41 ++++++++++++++++++++++
 devel/arcanist-lib/pkg-plist                       |  1 -
 3 files changed, 42 insertions(+), 6 deletions(-)

diff --git a/devel/arcanist-lib/Makefile b/devel/arcanist-lib/Makefile
index ca0fcf463952..15d9df7c0bf1 100644
--- a/devel/arcanist-lib/Makefile
+++ b/devel/arcanist-lib/Makefile
@@ -1,6 +1,6 @@
 PORTNAME?=	arcanist
 PORTVERSION?=	20220518
-PORTREVISION?=	4
+PORTREVISION?=	5
 CATEGORIES?=	devel
 PKGNAMESUFFIX=	${SLAVE_PKGNAMESUFFIX}${PHP_PKGNAMESUFFIX}
 
@@ -38,8 +38,6 @@ PLIST=		${.CURDIR}/pkg-plist
 .if ${SLAVEPORT} == lib
 SLAVE_PKGNAMESUFFIX=	-${SLAVEPORT}
 
-RUN_DEPENDS=	ca_root_nss>0:security/ca_root_nss
-
 OPTIONS_DEFINE=	ENCODINGS
 OPTIONS_DEFAULT=ENCODINGS
 ENCODINGS_DESC=	Support for encodings other than utf-8
@@ -82,8 +80,6 @@ do-install:
 	@${REINPLACE_CMD} \
 		's|%%PYTHON_CMD%%|${PYTHON_CMD}|g' \
 		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/src/workflow/ArcanistAnoidWorkflow.php
-	${LN} -sf ${LOCALBASE}/share/certs/ca-root-nss.crt \
-		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/resources/ssl/default.pem
 	${RLN} ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/support/shell/hooks/bash-completion.sh \
 		 ${STAGEDIR}${PREFIX}/share/bash-completion/completions/arc
 	${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/bin/arc shell-complete --generate
diff --git a/devel/arcanist-lib/files/patch-src_future_http_HTTPSFuture.php b/devel/arcanist-lib/files/patch-src_future_http_HTTPSFuture.php
new file mode 100644
index 000000000000..4298c2616b8b
--- /dev/null
+++ b/devel/arcanist-lib/files/patch-src_future_http_HTTPSFuture.php
@@ -0,0 +1,41 @@
+--- src/future/http/HTTPSFuture.php.orig	2022-05-17 23:20:14 UTC
++++ src/future/http/HTTPSFuture.php
+@@ -375,31 +375,24 @@ final class HTTPSFuture extends BaseHTTPFuture {
+       //   means that the user wants to override everything (also because the
+       //   user might not have access to change the box's php.ini to add
+       //   curl.cainfo).
+-      // - Otherwise, try using curl.cainfo. If it's set explicitly, it's
+-      //   probably reasonable to try using it before we fall back to what
+-      //   libphutil ships with.
+-      // - Lastly, try the default that libphutil ships with. If it doesn't
+-      //   work, give up and yell at the user.
+ 
+       if (!$this->getCABundle()) {
+         $caroot = dirname(phutil_get_library_root('arcanist'));
+         $caroot = $caroot.'/resources/ssl/';
+-
+-        $ini_val = ini_get('curl.cainfo');
+         if (self::getGlobalCABundle()) {
+           $this->setCABundleFromPath(self::getGlobalCABundle());
+         } else if (Filesystem::pathExists($caroot.'custom.pem')) {
+           $this->setCABundleFromPath($caroot.'custom.pem');
+-        } else if ($ini_val) {
+-          // TODO: We can probably do a pathExists() here, even.
+-          $this->setCABundleFromPath($ini_val);
+-        } else {
+-          $this->setCABundleFromPath($caroot.'default.pem');
+         }
+       }
+ 
+-      if ($this->canSetCAInfo()) {
+-        curl_setopt($curl, CURLOPT_CAINFO, $this->getCABundle());
++      $ca_bundle = $this->getCABundle();
++      if ($ca_bundle && $this->canSetCAInfo()) {
++        if (is_dir($ca_bundle)) {
++          curl_setopt($curl, CURLOPT_CAPATH, $ca_bundle);
++        } else {
++          curl_setopt($curl, CURLOPT_CAINFO, $ca_bundle);
++        }
+       }
+ 
+       $verify_peer = 1;
diff --git a/devel/arcanist-lib/pkg-plist b/devel/arcanist-lib/pkg-plist
index f1b80cbfc2d9..c736efcb7ad0 100644
--- a/devel/arcanist-lib/pkg-plist
+++ b/devel/arcanist-lib/pkg-plist
@@ -17,7 +17,6 @@ lib/php/arcanist/resources/arclint/include-exclude.arclint.example
 lib/php/arcanist/resources/php/symbol-information.json
 lib/php/arcanist/resources/spelling/english.json
 lib/php/arcanist/resources/ssl/README
-lib/php/arcanist/resources/ssl/default.pem
 lib/php/arcanist/scripts/__init_script__.php
 lib/php/arcanist/scripts/arcanist.php
 lib/php/arcanist/scripts/hgdaemon/hgdaemon_client.php