diff options
| author |   Sam James <sam@gentoo.org> | 2024-10-05 06:58:22 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2024-10-05 06:58:22 +0100 |
| commit | 6af2e1684b64a9e0d621903d02de17e3b8540a67 (patch) | |
| tree | 2117f918731e6164c15638e7833e0eba8fec6c00 /app-crypt | |
| parent | dev-python/bcrypt: add workaround for sys-cluster/ceph (diff) | |
| download | gentoo-6af2e1684b64a9e0d621903d02de17e3b8540a67.tar.gz gentoo-6af2e1684b64a9e0d621903d02de17e3b8540a67.tar.bz2 gentoo-6af2e1684b64a9e0d621903d02de17e3b8540a67.zip | |
app-crypt/certbot: workaround cryptography deprecation warnings
Not ideal but the bug has been open a while and doing this as a drive-by;
the upstream bug doesn't seem to be going anywhere either.
Just suppress the dev-python/cryptography deprecation warnings for now
given it's very vocal and shows up in cron jobs.
Closes: https://bugs.gentoo.org/937889
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-crypt')
| -rw-r--r-- | app-crypt/certbot/certbot-2.11.0-r1.ebuild | 69 | ||||
| -rw-r--r-- | app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch | 36 |
2 files changed, 105 insertions, 0 deletions
diff --git a/app-crypt/certbot/certbot-2.11.0-r1.ebuild b/app-crypt/certbot/certbot-2.11.0-r1.ebuild new file mode 100644 index 000000000000..7787932d9c6a --- /dev/null +++ b/app-crypt/certbot/certbot-2.11.0-r1.ebuild @@ -0,0 +1,69 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=setuptools +PYTHON_COMPAT=( python3_{10..13} ) + +inherit distutils-r1 + +if [[ "${PV}" == *9999 ]]; then + inherit git-r3 + + EGIT_REPO_URI="https://github.com/certbot/certbot.git" + EGIT_SUBMODULES=() + EGIT_CHECKOUT_DIR="${WORKDIR}/${P}" +else + SRC_URI=" + https://github.com/certbot/certbot/archive/v${PV}.tar.gz + -> ${P}.gh.tar.gz + " + KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +fi + +DESCRIPTION="Let’s Encrypt client to automate deployment of X.509 certificates" +HOMEPAGE=" + https://github.com/certbot/certbot/ + https://pypi.org/project/certbot/ + https://letsencrypt.org/ +" + +S="${WORKDIR}/${P}/${PN}" +LICENSE="Apache-2.0" +SLOT="0" + +IUSE="selinux" + +BDEPEND=" + test? ( + dev-python/typing-extensions[${PYTHON_USEDEP}] + ) +" + +# See certbot/setup.py for acme >= dep +RDEPEND=" + >=app-crypt/acme-${PV}[${PYTHON_USEDEP}] + >=dev-python/ConfigArgParse-1.5.3[${PYTHON_USEDEP}] + >=dev-python/configobj-5.0.6[${PYTHON_USEDEP}] + >=dev-python/cryptography-3.2.1[${PYTHON_USEDEP}] + >=dev-python/distro-1.0.1[${PYTHON_USEDEP}] + >=dev-python/josepy-1.13.0[${PYTHON_USEDEP}] + >=dev-python/parsedatetime-2.4[${PYTHON_USEDEP}] + dev-python/pyrfc3339[${PYTHON_USEDEP}] + >=dev-python/pytz-2019.3[${PYTHON_USEDEP}] + selinux? ( sec-policy/selinux-certbot ) +" + +PATCHES=( + "${FILESDIR}"/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch +) + +distutils_enable_sphinx docs \ + dev-python/sphinx-rtd-theme +distutils_enable_tests pytest + +python_test() { + local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 + epytest +} diff --git a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch new file mode 100644 index 000000000000..b0d59594d03f --- /dev/null +++ b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch @@ -0,0 +1,36 @@ +https://github.com/certbot/certbot/issues/9967 +https://bugs.gentoo.org/937889 +--- a/certbot/ocsp.py ++++ b/certbot/ocsp.py +@@ -4,6 +4,7 @@ from datetime import timedelta + import logging + import re + import subprocess ++import warnings + from subprocess import PIPE + from typing import Optional + from typing import Tuple +@@ -235,12 +236,17 @@ def _check_ocsp_response(response_ocsp: 'ocsp.OCSPResponse', request_ocsp: 'ocsp + # https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391 + # thisUpdate/nextUpdate are expressed in UTC/GMT time zone + now = datetime.now(pytz.UTC).replace(tzinfo=None) +- if not response_ocsp.this_update: +- raise AssertionError('param thisUpdate is not set.') +- if response_ocsp.this_update > now + timedelta(minutes=5): +- raise AssertionError('param thisUpdate is in the future.') +- if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5): +- raise AssertionError('param nextUpdate is in the past.') ++ with warnings.catch_warnings(): ++ # Workaround for deprecation warnings w/ newer cryptography ++ # https://github.com/certbot/certbot/issues/9967 (bug #937889) ++ warnings.filterwarnings("ignore",category=DeprecationWarning) ++ ++ if not response_ocsp.this_update: ++ raise AssertionError('param thisUpdate is not set.') ++ if response_ocsp.this_update > now + timedelta(minutes=5): ++ raise AssertionError('param thisUpdate is in the future.') ++ if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5): ++ raise AssertionError('param nextUpdate is in the past.') + + + def _check_ocsp_response_signature(response_ocsp: 'ocsp.OCSPResponse', |