From a3020deaf674d6e328fba16f80261525f50b659ac77b5ce4597e84267f32f574 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 19 Jul 2013 10:18:57 +0000 Subject: [PATCH] Accepting request 182875 from home:dimstar:branches:GNOME:Factory Allow to running without certs.pem defined OBS-URL: https://build.opensuse.org/request/show/182875 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/glib-networking?expand=0&rev=71 --- glib-networking-fix-no-cert-bundles.patch | 30 +++++++++++++++++++++++ glib-networking.changes | 11 +++++++++ glib-networking.spec | 6 ++++- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 glib-networking-fix-no-cert-bundles.patch diff --git a/glib-networking-fix-no-cert-bundles.patch b/glib-networking-fix-no-cert-bundles.patch new file mode 100644 index 0000000..6e7f8bc --- /dev/null +++ b/glib-networking-fix-no-cert-bundles.patch @@ -0,0 +1,30 @@ +Index: glib-networking-2.37.4/tls/gnutls/gtlsbackend-gnutls.c +=================================================================== +--- glib-networking-2.37.4.orig/tls/gnutls/gtlsbackend-gnutls.c ++++ glib-networking-2.37.4/tls/gnutls/gtlsbackend-gnutls.c +@@ -103,8 +103,10 @@ g_tls_backend_gnutls_real_create_databas + const gchar *anchor_file = NULL; + #ifdef GTLS_SYSTEM_CA_FILE + anchor_file = GTLS_SYSTEM_CA_FILE; +-#endif + return g_tls_file_database_new (anchor_file, error); ++#else ++ return NULL; ++#endif + } + + static void +@@ -144,11 +146,13 @@ g_tls_backend_gnutls_get_default_databas + error->message); + g_clear_error (&error); + } ++#ifdef GTLS_SYSTEM_CA_FILE + else + { + g_assert (result); + self->priv->default_database = g_object_ref (result); + } ++#endif + } + + g_mutex_unlock (&self->priv->mutex); diff --git a/glib-networking.changes b/glib-networking.changes index 846199a..42031af 100644 --- a/glib-networking.changes +++ b/glib-networking.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Thu Jul 11 21:11:29 UTC 2013 - dimstar@opensuse.org + +- Build using system pkcs#11 certificate store instead of using + /etc/ssl/certs.pem: + + Pass the following parameters to configure + --with-pkcs + --without-ca-certificate + + Add glib-networking-fix-no-cert-bundles.patch: do not fail if + no certificate bundle (anchor) is specified. + ------------------------------------------------------------------- Tue Jul 9 16:18:44 UTC 2013 - dimstar@opensuse.org diff --git a/glib-networking.spec b/glib-networking.spec index b243085..28224c7 100644 --- a/glib-networking.spec +++ b/glib-networking.spec @@ -24,6 +24,8 @@ License: LGPL-2.1+ Group: System/Libraries Source: http://download.gnome.org/sources/glib-networking/2.37/%{name}-%{version}.tar.xz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM glib-networking-fix-no-cert-bundles.patch bgo#704058 bnc#825903 dimstar@opensuse.org -- Allow to fully operate without gnutls anchors, passing the responsibility to gnutls. +Patch0: glib-networking-fix-no-cert-bundles.patch # For directory ownership BuildRequires: dbus-1 BuildRequires: intltool @@ -50,12 +52,14 @@ Currently, there is only a proxy module based on libproxy. %lang_package %prep %setup -q +%patch0 -p1 translation-update-upstream %build %configure \ --disable-static \ - --with-ca-certificates=/etc/ssl/ca-bundle.pem + --with-pkcs \ + --without-ca-certificates %__make %{?_smp_mflags} V=1 %install