app-misc/ca-certificates: add python 3 support #548374
authorMike Frysinger <vapier@gentoo.org>
Sat, 26 Sep 2015 16:23:38 +0000 (12:23 -0400)
committerMike Frysinger <vapier@gentoo.org>
Sat, 26 Sep 2015 17:45:28 +0000 (13:45 -0400)
Patch taken from Debian bug report.

app-misc/ca-certificates/ca-certificates-20150426.3.20.ebuild
app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch [new file with mode: 0644]

index 243150477ab95fe948f28891ca6b600fa6f6c63b..c37ecde622b319693001eb15486fdc6bba58dcba 100644 (file)
@@ -26,7 +26,7 @@
 #   https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificates&version=trunk
 
 EAPI="4"
-PYTHON_COMPAT=( python2_7 )
+PYTHON_COMPAT=( python{2_7,3_3,3_4} )
 
 inherit eutils python-any-r1
 
@@ -123,6 +123,9 @@ src_prepare() {
                -e '/="$ROOT/s:ROOT/:ROOT'"${EPREFIX}"'/:' \
                -e '/RELPATH="\.\./s:"$:'"${relp}"'":' \
                usr/sbin/update-ca-certificates || die
+
+       cd "${S}"
+       epatch "${FILESDIR}"/${PN}-20150426-nss-certdata2pem-py3.patch #548374
 }
 
 src_compile() {
diff --git a/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch b/app-misc/ca-certificates/files/ca-certificates-20150426-nss-certdata2pem-py3.patch
new file mode 100644 (file)
index 0000000..300ce47
--- /dev/null
@@ -0,0 +1,82 @@
+https://bugs.debian.org/789753
+https://bugs.gentoo.org/548374
+
+--- a/ca-certificates/mozilla/certdata2pem.py
++++ b/ca-certificates/mozilla/certdata2pem.py
+@@ -53,7 +53,7 @@ for line in open('certdata.txt', 'r'):
+             if type == 'MULTILINE_OCTAL':
+                 line = line.strip()
+                 for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
+-                    value += chr(int(i.group(1), 8))
++                    value.append(int(i.group(1), 8))
+             else:
+                 value += line
+             continue
+@@ -70,13 +70,13 @@ for line in open('certdata.txt', 'r'):
+         field, type = line_parts
+         value = None
+     else:
+-        raise NotImplementedError, 'line_parts < 2 not supported.'
++        raise NotImplementedError('line_parts < 2 not supported.')
+     if type == 'MULTILINE_OCTAL':
+         in_multiline = True
+-        value = ""
++        value = bytearray()
+         continue
+     obj[field] = value
+-if len(obj.items()) > 0:
++if len(obj) > 0:
+     objects.append(obj)
+ # Read blacklist.
+@@ -95,7 +95,7 @@ for obj in objects:
+     if obj['CKA_CLASS'] not in ('CKO_NETSCAPE_TRUST', 'CKO_NSS_TRUST'):
+         continue
+     if obj['CKA_LABEL'] in blacklist:
+-        print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL']
++        print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
+     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_TRUSTED_DELEGATOR',
+                                           'CKT_NSS_TRUSTED_DELEGATOR'):
+         trust[obj['CKA_LABEL']] = True
+@@ -104,13 +104,13 @@ for obj in objects:
+         trust[obj['CKA_LABEL']] = True
+     elif obj['CKA_TRUST_SERVER_AUTH'] in ('CKT_NETSCAPE_UNTRUSTED',
+                                           'CKT_NSS_NOT_TRUSTED'):
+-        print '!'*74
+-        print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL']
+-        print '!'*74
++        print('!'*74)
++        print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
++        print('!'*74)
+     else:
+-        print "Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
++        print("Ignoring certificate %s.  SAUTH=%s, EPROT=%s" % \
+               (obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
+-               obj['CKA_TRUST_EMAIL_PROTECTION'])
++               obj['CKA_TRUST_EMAIL_PROTECTION']))
+ for obj in objects:
+     if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
+@@ -121,13 +121,19 @@ for obj in objects:
+                                       .replace('(', '=')\
+                                       .replace(')', '=')\
+                                       .replace(',', '_')
+-        bname = bname.decode('string_escape')
++
++        # this is the only way to decode the way NSS stores multi-byte UTF-8
++        if bytes != str:
++            bname = bname.encode('utf-8')
++        bname = bname.decode('unicode_escape').encode('latin-1').decode('utf-8')
+         fname = bname + '.crt'
++
+         if os.path.exists(fname):
+-            print "Found duplicate certificate name %s, renaming." % bname
++            print("Found duplicate certificate name %s, renaming." % bname)
+             fname = bname + '_2.crt'
+         f = open(fname, 'w')
+         f.write("-----BEGIN CERTIFICATE-----\n")
+-        f.write("\n".join(textwrap.wrap(base64.b64encode(obj['CKA_VALUE']), 64)))
++        encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
++        f.write("\n".join(textwrap.wrap(encoded, 64)))
+         f.write("\n-----END CERTIFICATE-----\n")