Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Oct 2021 11:18:34 GMT
From:      Michael Gmelin <grembo@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 21ddc093a48b - main - devel/arcanist-lib: Use Mozilla root CA bundle
Message-ID:  <202110011118.191BIY63050327@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by grembo:

URL: https://cgit.FreeBSD.org/ports/commit/?id=21ddc093a48b642a6a0c533069ed2118d0cdd066

commit 21ddc093a48b642a6a0c533069ed2118d0cdd066
Author:     Michael Gmelin <grembo@FreeBSD.org>
AuthorDate: 2021-10-01 11:03:43 +0000
Commit:     Michael Gmelin <grembo@FreeBSD.org>
CommitDate: 2021-10-01 11:17:28 +0000

    devel/arcanist-lib: Use Mozilla root CA bundle
    
    This fixes problems with Let's Encrypt certificates after
    the R3 Let's Encrypt intermediate CA expired.
    
    Arcanist uses its own certificate bundle by default (default.pem),
    overriding curl's default, unless curl.cainfo is set explicitly.
    
    The port now replaces this custom bundle with a symlink to Mozilla's
    root CA bundle as installed by security/ca_root_nss.
    
    PR: 258824
    Reported by: yasu
---
 devel/arcanist-lib/Makefile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/devel/arcanist-lib/Makefile b/devel/arcanist-lib/Makefile
index b73e2d8f8a7d..7344c35a2d3d 100644
--- a/devel/arcanist-lib/Makefile
+++ b/devel/arcanist-lib/Makefile
@@ -1,5 +1,6 @@
 PORTNAME?=	arcanist
 PORTVERSION?=	20210113
+PORTREVISION?=  1
 CATEGORIES?=	devel
 PKGNAMESUFFIX=	${SLAVE_PKGNAMESUFFIX}${PHP_PKGNAMESUFFIX}
 
@@ -36,6 +37,8 @@ PLIST=		${.CURDIR}/pkg-plist
 .if ${SLAVEPORT} == lib
 SLAVE_PKGNAMESUFFIX=	-${SLAVEPORT}
 
+RUN_DEPENDS=	ca_root_nss>0:security/ca_root_nss
+
 OPTIONS_DEFINE=	ENCODINGS
 OPTIONS_DEFAULT=ENCODINGS
 ENCODINGS_DESC=	Support for encodings other than utf-8
@@ -78,6 +81,8 @@ do-install:
 	@${REINPLACE_CMD} \
 		's|%%PYTHON_CMD%%|${PYTHON_CMD}|g' \
 		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/src/workflow/ArcanistAnoidWorkflow.php
+	${LN} -sf ${LOCALBASE}/share/certs/ca-root-nss.crt \
+		${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/resources/ssl/default.pem
 	${RLN} ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/support/shell/hooks/bash-completion.sh \
 		 ${STAGEDIR}${PREFIX}/share/bash-completion/completions/arc
 	${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/bin/arc shell-complete --generate

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110011118.191BIY63050327>