Commit e2926ab2 authored by Jérome Perrin's avatar Jérome Perrin

Prevent usage of system python3

See merge request nexedi/slapos!1437
parents d45129bf 5f05b413
Pipeline #30354 passed with stage
in 0 seconds
...@@ -12,12 +12,13 @@ parts = ...@@ -12,12 +12,13 @@ parts =
[ca-certificates] [ca-certificates]
recipe = slapos.recipe.cmmi recipe = slapos.recipe.cmmi
shared = true shared = true
url = http://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20210119.tar.xz url = https://deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20230311.tar.xz
md5sum = c02582bf9ae338e558617291897615eb md5sum = fc1c3ec0067385f0be8ac7f6e670a0f8
patch-binary = ${patch:location}/bin/patch patch-binary = ${patch:location}/bin/patch
patches = patches =
${:_profile_base_location_}/ca-certificates-any-python.patch#c13b44dfc3157dda13a9a2ff97a9d501 ${:_profile_base_location_}/ca-certificates-any-python.patch#c13b44dfc3157dda13a9a2ff97a9d501
${:_profile_base_location_}/ca-certificates-sbin-dir.patch#0b4e7d82ce768823c01954ee41ef177b ${:_profile_base_location_}/ca-certificates-mkdir-p.patch#02ed8a6d60c39c4b088657888af345ef
${:_profile_base_location_}/ca-certificates-no-cryptography.patch#14ad1308623b0d15420906ae3d9b4867
patch-options = -p0 patch-options = -p0
configure-command = true configure-command = true
make-targets = install DESTDIR=@@LOCATION@@ CERTSDIR=certs SBINDIR=sbin make-targets = install DESTDIR=@@LOCATION@@ CERTSDIR=certs SBINDIR=sbin
......
...@@ -9,19 +9,3 @@ ...@@ -9,19 +9,3 @@
$(MAKE) -C $$dir install CERTSDIR=$(DESTDIR)/$(CERTSDIR)/$$dir; \ $(MAKE) -C $$dir install CERTSDIR=$(DESTDIR)/$(CERTSDIR)/$$dir; \
done done
for dir in sbin; do \ for dir in sbin; do \
--- sbin/Makefile.orig 2011-12-11 20:54:02.000000000 +0100
+++ sbin/Makefile 2012-01-09 17:31:45.207387898 +0100
@@ -3,9 +3,12 @@
#
#
+SBINDIR=/usr/sbin
+
all:
clean:
install:
- install -m755 update-ca-certificates $(DESTDIR)/usr/sbin/
+ mkdir -p $(DESTDIR)/$(SBINDIR)
+ install -m755 update-ca-certificates $(DESTDIR)/$(SBINDIR)
Don't depend on cryptography
Revert https://salsa.debian.org/debian/ca-certificates/-/commit/8033d52259172b4bddc0f8bbcb6f6566b348db72
we don't need this here.
--- mozilla/certdata2pem.py 2023-01-14 22:58:27.000000000 +0900
+++ mozilla/certdata2pem.py 2023-10-02 22:13:31.355540545 +0900
@@ -21,15 +21,12 @@
# USA.
import base64
-import datetime
import os.path
import re
import sys
import textwrap
import io
-from cryptography import x509
-
objects = []
@@ -122,12 +119,6 @@
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
- cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
- if cert.not_valid_after < datetime.datetime.utcnow():
- print('!'*74)
- print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])
- print('!'*74)
-
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
...@@ -7,6 +7,7 @@ extends = ...@@ -7,6 +7,7 @@ extends =
../patch/buildout.cfg ../patch/buildout.cfg
../pcre2/buildout.cfg ../pcre2/buildout.cfg
../perl/buildout.cfg ../perl/buildout.cfg
../python3/buildout.cfg
../pkgconfig/buildout.cfg ../pkgconfig/buildout.cfg
../xz-utils/buildout.cfg ../xz-utils/buildout.cfg
../zlib/buildout.cfg ../zlib/buildout.cfg
...@@ -27,7 +28,7 @@ make-binary = ninja -C builddir ...@@ -27,7 +28,7 @@ make-binary = ninja -C builddir
pkg_config_depends = ${pcre2:location}/lib/pkgconfig:${libffi:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig pkg_config_depends = ${pcre2:location}/lib/pkgconfig:${libffi:location}/lib/pkgconfig:${zlib:location}/lib/pkgconfig
environment = environment =
PKG_CONFIG_PATH=${:pkg_config_depends} PKG_CONFIG_PATH=${:pkg_config_depends}
PATH=${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s PATH=${python3:location}/bin:${ninja:location}/bin:${pkgconfig:location}/bin:${patch:location}/bin:${perl:location}/bin:${xz-utils:location}/bin:%(PATH)s
CFLAGS=-I${gettext:location}/include CFLAGS=-I${gettext:location}/include
LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib -Wl,-rpath=${pcre2:location}/lib LDFLAGS=-L${gettext:location}/lib -lintl -Wl,-rpath=${gettext:location}/lib -Wl,-rpath=${libffi:location}/lib -Wl,-rpath=${zlib:location}/lib -Wl,-rpath=@@LOCATION@@/lib -Wl,-rpath=${pcre2:location}/lib
post-install = rm %(location)s/bin/gtester-report post-install = rm %(location)s/bin/gtester-report
...@@ -23,7 +23,7 @@ extends = ...@@ -23,7 +23,7 @@ extends =
parts = parts =
eggs/scripts eggs/scripts
python2.7-disabled system-python-disabled
slapos-cookbook slapos-cookbook
template template
...@@ -272,8 +272,8 @@ branch = master ...@@ -272,8 +272,8 @@ branch = master
egg = slapos.core egg = slapos.core
setup = ${slapos.core-repository:location} setup = ${slapos.core-repository:location}
[python2.7-disabled] [system-python-disabled]
# An "intentionally broken" python2 command that should catch # An "intentionally broken" python command that should catch
# accidental usage of things like #!/usr/bin/env python2 # accidental usage of things like #!/usr/bin/env python2
recipe = zc.recipe.egg recipe = zc.recipe.egg
# we need an egg to generate a script, use the one from this part's recipe # we need an egg to generate a script, use the one from this part's recipe
...@@ -286,10 +286,11 @@ entry-points = ...@@ -286,10 +286,11 @@ entry-points =
scripts = scripts =
python python
python2 python2
python3
python2.7 python2.7
initialization = initialization =
import sys import sys
print("Error: attempt to use system python2", file=sys.stderr) print("Error: attempt to use system python", file=sys.stderr)
sys.exit(2) sys.exit(2)
[recurls-repository] [recurls-repository]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment