* [gentoo-commits] repo/gentoo:master commit in: app-crypt/certbot/, app-crypt/certbot/files/
@ 2024-10-05 5:59 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2024-10-05 5:59 UTC (permalink / raw
To: gentoo-commits
commit: 6af2e1684b64a9e0d621903d02de17e3b8540a67
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 5 05:58:22 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Oct 5 05:58:22 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6af2e168
app-crypt/certbot: workaround cryptography deprecation warnings
Not ideal but the bug has been open a while and doing this as a drive-by;
the upstream bug doesn't seem to be going anywhere either.
Just suppress the dev-python/cryptography deprecation warnings for now
given it's very vocal and shows up in cron jobs.
Closes: https://bugs.gentoo.org/937889
Signed-off-by: Sam James <sam <AT> gentoo.org>
app-crypt/certbot/certbot-2.11.0-r1.ebuild | 69 ++++++++++++++++++++++
...karound-cryptography-deprecation-warnings.patch | 36 +++++++++++
2 files changed, 105 insertions(+)
diff --git a/app-crypt/certbot/certbot-2.11.0-r1.ebuild b/app-crypt/certbot/certbot-2.11.0-r1.ebuild
new file mode 100644
index 000000000000..7787932d9c6a
--- /dev/null
+++ b/app-crypt/certbot/certbot-2.11.0-r1.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..13} )
+
+inherit distutils-r1
+
+if [[ "${PV}" == *9999 ]]; then
+ inherit git-r3
+
+ EGIT_REPO_URI="https://github.com/certbot/certbot.git"
+ EGIT_SUBMODULES=()
+ EGIT_CHECKOUT_DIR="${WORKDIR}/${P}"
+else
+ SRC_URI="
+ https://github.com/certbot/certbot/archive/v${PV}.tar.gz
+ -> ${P}.gh.tar.gz
+ "
+ KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="Let’s Encrypt client to automate deployment of X.509 certificates"
+HOMEPAGE="
+ https://github.com/certbot/certbot/
+ https://pypi.org/project/certbot/
+ https://letsencrypt.org/
+"
+
+S="${WORKDIR}/${P}/${PN}"
+LICENSE="Apache-2.0"
+SLOT="0"
+
+IUSE="selinux"
+
+BDEPEND="
+ test? (
+ dev-python/typing-extensions[${PYTHON_USEDEP}]
+ )
+"
+
+# See certbot/setup.py for acme >= dep
+RDEPEND="
+ >=app-crypt/acme-${PV}[${PYTHON_USEDEP}]
+ >=dev-python/ConfigArgParse-1.5.3[${PYTHON_USEDEP}]
+ >=dev-python/configobj-5.0.6[${PYTHON_USEDEP}]
+ >=dev-python/cryptography-3.2.1[${PYTHON_USEDEP}]
+ >=dev-python/distro-1.0.1[${PYTHON_USEDEP}]
+ >=dev-python/josepy-1.13.0[${PYTHON_USEDEP}]
+ >=dev-python/parsedatetime-2.4[${PYTHON_USEDEP}]
+ dev-python/pyrfc3339[${PYTHON_USEDEP}]
+ >=dev-python/pytz-2019.3[${PYTHON_USEDEP}]
+ selinux? ( sec-policy/selinux-certbot )
+"
+
+PATCHES=(
+ "${FILESDIR}"/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
+)
+
+distutils_enable_sphinx docs \
+ dev-python/sphinx-rtd-theme
+distutils_enable_tests pytest
+
+python_test() {
+ local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1
+ epytest
+}
diff --git a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
new file mode 100644
index 000000000000..b0d59594d03f
--- /dev/null
+++ b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
@@ -0,0 +1,36 @@
+https://github.com/certbot/certbot/issues/9967
+https://bugs.gentoo.org/937889
+--- a/certbot/ocsp.py
++++ b/certbot/ocsp.py
+@@ -4,6 +4,7 @@ from datetime import timedelta
+ import logging
+ import re
+ import subprocess
++import warnings
+ from subprocess import PIPE
+ from typing import Optional
+ from typing import Tuple
+@@ -235,12 +236,17 @@ def _check_ocsp_response(response_ocsp: 'ocsp.OCSPResponse', request_ocsp: 'ocsp
+ # https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391
+ # thisUpdate/nextUpdate are expressed in UTC/GMT time zone
+ now = datetime.now(pytz.UTC).replace(tzinfo=None)
+- if not response_ocsp.this_update:
+- raise AssertionError('param thisUpdate is not set.')
+- if response_ocsp.this_update > now + timedelta(minutes=5):
+- raise AssertionError('param thisUpdate is in the future.')
+- if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
+- raise AssertionError('param nextUpdate is in the past.')
++ with warnings.catch_warnings():
++ # Workaround for deprecation warnings w/ newer cryptography
++ # https://github.com/certbot/certbot/issues/9967 (bug #937889)
++ warnings.filterwarnings("ignore",category=DeprecationWarning)
++
++ if not response_ocsp.this_update:
++ raise AssertionError('param thisUpdate is not set.')
++ if response_ocsp.this_update > now + timedelta(minutes=5):
++ raise AssertionError('param thisUpdate is in the future.')
++ if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
++ raise AssertionError('param nextUpdate is in the past.')
+
+
+ def _check_ocsp_response_signature(response_ocsp: 'ocsp.OCSPResponse',
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: app-crypt/certbot/, app-crypt/certbot/files/
@ 2024-10-09 10:32 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2024-10-09 10:32 UTC (permalink / raw
To: gentoo-commits
commit: 5180e4596a18e5f17b23364643c9d50b52e33f21
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 9 10:31:26 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 9 10:31:26 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5180e459
app-crypt/certbot: fix deprecation warning name
Closes: https://bugs.gentoo.org/937889
Fixes: 6af2e1684b64a9e0d621903d02de17e3b8540a67
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../certbot/{certbot-2.11.0-r1.ebuild => certbot-2.11.0-r2.ebuild} | 0
.../certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/app-crypt/certbot/certbot-2.11.0-r1.ebuild b/app-crypt/certbot/certbot-2.11.0-r2.ebuild
similarity index 100%
rename from app-crypt/certbot/certbot-2.11.0-r1.ebuild
rename to app-crypt/certbot/certbot-2.11.0-r2.ebuild
diff --git a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
index b0d59594d03f..ecaf4830eb24 100644
--- a/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
+++ b/app-crypt/certbot/files/certbot-2.11.0-workaround-cryptography-deprecation-warnings.patch
@@ -23,7 +23,7 @@ https://bugs.gentoo.org/937889
+ with warnings.catch_warnings():
+ # Workaround for deprecation warnings w/ newer cryptography
+ # https://github.com/certbot/certbot/issues/9967 (bug #937889)
-+ warnings.filterwarnings("ignore",category=DeprecationWarning)
++ warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning)
+
+ if not response_ocsp.this_update:
+ raise AssertionError('param thisUpdate is not set.')
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-10-09 10:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-05 5:59 [gentoo-commits] repo/gentoo:master commit in: app-crypt/certbot/, app-crypt/certbot/files/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2024-10-09 10:32 Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox