Patch mk-ca-bundle to make ca-certificates reproducible regardless of current date

Fixes #220
2023-03-17 17:06:55 +01:00 · 2023-03-17 17:06:55 +01:00 · 9999e075e9
parent d0722d42b1
commit 9999e075e9
2 changed files with 58 additions and 2 deletions
--- a/sysa/SHA256SUMS.pkgs
+++ b/sysa/SHA256SUMS.pkgs
@ -31,11 +31,11 @@ b2e45aec68221e6874ea8aa7d5b6a0aab7879a3dbee493536e034b246a884b05  bison-3.4.1_0.
 6a6111b1e8ca906406482053cf0af8c9dea46dc55e4bac9662c8fe47f94221cb  bison-3.4.1_2.tar.bz2
 e38ed21c4b4fa514e9a64d2b84bad72f3d242568183b6b84a6a2d0e8c49d0af2  bison-3.4.2_0.tar.bz2
 c6369fcf4ba1fae200a4a67f110563a11d6c51fa8ca80792dbc4630e3dba6f4d  bzip2-1.0.8_0.tar.bz2
-47ae56c19754ecab991aaa7ec5f68f294c6ddcad4e73253935fbaf10df42ee9b  ca-certificates-3.86_0.tar.bz2
+b70a6010c9eab4fcd03260dc76a216ebe337ae74ff5091b136d6401daa27332d  ca-certificates-3.86_0.tar.bz2
 0d02d37d02d6def11b5f12eab5d97f47dc1e4abd53627deb2d99994e1ab9c6a8  coreutils-5.0_0.tar.bz2
 27d0d3e84794f080f01c7c22547a308d1d781d8ce85d5b3f682c379f17bbeb47  coreutils-6.10_0.tar.bz2
 e41aba2caa7514704731d3b7a49f63ff8ffb2d22a64f14afdbaadbd0b24073f0  coreutils-8.32_0.tar.bz2
-b72e6a7b2ec147e2892322b1f0dcefc20f00f6ce0b5e1cee8d75192598fc67ce  curl-7.83.0_0.tar.bz2
+ea4b7a5bc7b152731d2d17f355725f8b683341803e89044a78be73a140fe64db  curl-7.83.0_0.tar.bz2
 c16709184a6ec2312746242379065f71fcbd7165749c9d58a9b0846f4bfc5dc0  curl-7.83.0_1.tar.bz2
 0b832d3efef962c10b61559052373267e9c85bbff37572b736a6996823e2d5b2  dhcpcd-9.4.1_0.tar.bz2
 f1a17f3d1c65140a6d3043ecb710e5fffe9c019cb3d2eaa982be03706876e534  diffutils-2.7_0.tar.bz2
--- a/sysa/curl-7.83.0/patches/timeless-mk-ca-bundle.patch
+++ b/sysa/curl-7.83.0/patches/timeless-mk-ca-bundle.patch
@ -0,0 +1,56 @@
+# SPDX-FileCopyrightText: 2023 Eduardo Sánchez Muñoz <eduardosm-dev@e64.io>
+#
+# SPDX-License-Identifier: curl
+
+Disables checking current date in mk-ca-bundle script, so it produces
+reproducible bundles.
+
+diff -ru scripts/mk-ca-bundle.pl scripts/mk-ca-bundle.pl
+--- scripts/mk-ca-bundle.pl
+++ scripts/mk-ca-bundle.pl
+@@ -497,19 +497,7 @@
+     if($main_block) {
+       push @precert, $_ if not /^#$/;
+       if(/^# Not Valid After : (.*)/) {
+-        my $stamp = $1;
+-        use Time::Piece;
+-        # Not Valid After : Thu Sep 30 14:01:15 2021
+-        my $t = Time::Piece->strptime($stamp, "%a %b %d %H:%M:%S %Y");
+-        my $delta = ($t->epoch - time()); # negative means no longer valid
+-        if($delta < 0) {
+-          $skipnum++;
+-          report "Skipping: $main_block_name is not valid anymore" if ($opt_v);
+-          $valid = 0;
+-        }
+-        else {
+-          $valid = 1;
+-        }
+        $valid = 1;
+       }
+     }
+     next;
+@@ -571,24 +559,6 @@
+         if($timestamp[12] ne "Z") {
+           report "distrust date stamp is not using UTC";
+         }
+-        # Example date: 200617000000Z
+-        # Means 2020-06-17 00:00:00 UTC
+-        my $distrustat =
+-          timegm($timestamp[10] . $timestamp[11], # second
+-                 $timestamp[8] . $timestamp[9],   # minute
+-                 $timestamp[6] . $timestamp[7],   # hour
+-                 $timestamp[4] . $timestamp[5],   # day
+-                 ($timestamp[2] . $timestamp[3]) - 1, # month
+-                 "20" . $timestamp[0] . $timestamp[1]); # year
+-        if(time >= $distrustat) {
+-          # not trusted anymore
+-          $skipnum++;
+-          report "Skipping: $main_block_name is not trusted anymore" if ($opt_v);
+-          $valid = 0;
+-        }
+-        else {
+-          # still trusted
+-        }
+       }
+       next;
+     }