Patch mk-ca-bundle to make ca-certificates reproducible regardless of current date
Fixes #220
This commit is contained in:
parent
d0722d42b1
commit
9999e075e9
|
@ -31,11 +31,11 @@ b2e45aec68221e6874ea8aa7d5b6a0aab7879a3dbee493536e034b246a884b05 bison-3.4.1_0.
|
|||
6a6111b1e8ca906406482053cf0af8c9dea46dc55e4bac9662c8fe47f94221cb bison-3.4.1_2.tar.bz2
|
||||
e38ed21c4b4fa514e9a64d2b84bad72f3d242568183b6b84a6a2d0e8c49d0af2 bison-3.4.2_0.tar.bz2
|
||||
c6369fcf4ba1fae200a4a67f110563a11d6c51fa8ca80792dbc4630e3dba6f4d bzip2-1.0.8_0.tar.bz2
|
||||
47ae56c19754ecab991aaa7ec5f68f294c6ddcad4e73253935fbaf10df42ee9b ca-certificates-3.86_0.tar.bz2
|
||||
b70a6010c9eab4fcd03260dc76a216ebe337ae74ff5091b136d6401daa27332d ca-certificates-3.86_0.tar.bz2
|
||||
0d02d37d02d6def11b5f12eab5d97f47dc1e4abd53627deb2d99994e1ab9c6a8 coreutils-5.0_0.tar.bz2
|
||||
27d0d3e84794f080f01c7c22547a308d1d781d8ce85d5b3f682c379f17bbeb47 coreutils-6.10_0.tar.bz2
|
||||
e41aba2caa7514704731d3b7a49f63ff8ffb2d22a64f14afdbaadbd0b24073f0 coreutils-8.32_0.tar.bz2
|
||||
b72e6a7b2ec147e2892322b1f0dcefc20f00f6ce0b5e1cee8d75192598fc67ce curl-7.83.0_0.tar.bz2
|
||||
ea4b7a5bc7b152731d2d17f355725f8b683341803e89044a78be73a140fe64db curl-7.83.0_0.tar.bz2
|
||||
c16709184a6ec2312746242379065f71fcbd7165749c9d58a9b0846f4bfc5dc0 curl-7.83.0_1.tar.bz2
|
||||
0b832d3efef962c10b61559052373267e9c85bbff37572b736a6996823e2d5b2 dhcpcd-9.4.1_0.tar.bz2
|
||||
f1a17f3d1c65140a6d3043ecb710e5fffe9c019cb3d2eaa982be03706876e534 diffutils-2.7_0.tar.bz2
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
# SPDX-FileCopyrightText: 2023 Eduardo Sánchez Muñoz <eduardosm-dev@e64.io>
|
||||
#
|
||||
# SPDX-License-Identifier: curl
|
||||
|
||||
Disables checking current date in mk-ca-bundle script, so it produces
|
||||
reproducible bundles.
|
||||
|
||||
diff -ru scripts/mk-ca-bundle.pl scripts/mk-ca-bundle.pl
|
||||
--- scripts/mk-ca-bundle.pl
|
||||
+++ scripts/mk-ca-bundle.pl
|
||||
@@ -497,19 +497,7 @@
|
||||
if($main_block) {
|
||||
push @precert, $_ if not /^#$/;
|
||||
if(/^# Not Valid After : (.*)/) {
|
||||
- my $stamp = $1;
|
||||
- use Time::Piece;
|
||||
- # Not Valid After : Thu Sep 30 14:01:15 2021
|
||||
- my $t = Time::Piece->strptime($stamp, "%a %b %d %H:%M:%S %Y");
|
||||
- my $delta = ($t->epoch - time()); # negative means no longer valid
|
||||
- if($delta < 0) {
|
||||
- $skipnum++;
|
||||
- report "Skipping: $main_block_name is not valid anymore" if ($opt_v);
|
||||
- $valid = 0;
|
||||
- }
|
||||
- else {
|
||||
- $valid = 1;
|
||||
- }
|
||||
+ $valid = 1;
|
||||
}
|
||||
}
|
||||
next;
|
||||
@@ -571,24 +559,6 @@
|
||||
if($timestamp[12] ne "Z") {
|
||||
report "distrust date stamp is not using UTC";
|
||||
}
|
||||
- # Example date: 200617000000Z
|
||||
- # Means 2020-06-17 00:00:00 UTC
|
||||
- my $distrustat =
|
||||
- timegm($timestamp[10] . $timestamp[11], # second
|
||||
- $timestamp[8] . $timestamp[9], # minute
|
||||
- $timestamp[6] . $timestamp[7], # hour
|
||||
- $timestamp[4] . $timestamp[5], # day
|
||||
- ($timestamp[2] . $timestamp[3]) - 1, # month
|
||||
- "20" . $timestamp[0] . $timestamp[1]); # year
|
||||
- if(time >= $distrustat) {
|
||||
- # not trusted anymore
|
||||
- $skipnum++;
|
||||
- report "Skipping: $main_block_name is not trusted anymore" if ($opt_v);
|
||||
- $valid = 0;
|
||||
- }
|
||||
- else {
|
||||
- # still trusted
|
||||
- }
|
||||
}
|
||||
next;
|
||||
}
|
Loading…
Reference in New Issue