update to 0.3.2

Skeleton taken from ncprop279 package.

3 files changed, 140 insertions, 33 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 33ec5b46937d..a297eaa455c2 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = ncdns
 	pkgdesc = Namecoin to DNS bridge daemon
-	pkgver = 0.1.2
+	pkgver = 0.3.2
 	pkgrel = 1
 	url = https://github.com/namecoin/ncdns
 	install = ncdns.install
@@ -11,12 +11,15 @@ pkgbase = ncdns
 	depends = libcap
 	optdepends = namecoin-core: the Namecoin node
 	backup = etc/ncdns.conf
-	source = ncdns-0.1.2.tar.gz::https://github.com/namecoin/ncdns/archive/v0.1.2.tar.gz
-	source = x509-compressed-11c148e3a82a374dc8cc7800729ae31d1de3514b.tar.gz::https://github.com/namecoin/x509-compressed/archive/11c148e3a82a374dc8cc7800729ae31d1de3514b.tar.gz
+	source = ncdns-0.3.2.tar.gz::https://github.com/namecoin/ncdns/archive/v0.3.2.tar.gz
+	source = certinject-0.1.1.tar.gz::https://github.com/namecoin/certinject/archive/v0.1.1.tar.gz
+	source = x509-compressed-0.0.3.tar.gz::https://github.com/namecoin/x509-compressed/archive/v0.0.3.tar.gz
+	source = x509-compressed--drop-godebug-options.patch
 	source = ncdns.service
-	sha512sums = a7b95bdaeb781f49f6bc70e4d43f6a513b48d46f279a2c1993002cf20ef63330799e32a7442db37cda84590d57a352e3bd2642db1d863cb858bd8de7d7741177
-	sha512sums = 6a78e4777ea041ccfb7299322cc2bf6ab0db10ad7a28c6f8ec8293409fd4af1638e0c91618b465b6b4fbbaf25bc2b8f32af0e08191713afe420620a8534c5910
+	sha512sums = f56f9b4f7c740370d0c07c437835c29158a5898892726492c130c4c3df79add6c03dc5a905c7564e7be2efa01a346ed3ef6895640557af9a4f0a4d30dccafa2a
+	sha512sums = e4e4888558fdc8abe53daf8850ea0deb41ef79fcfae70d78dcc50da6a1f7e24240e8d978f48bcb2a8f4c1811afd87a71a5c97789882f6973ab6477b679037914
+	sha512sums = b2df29980557a10a2d7798ba43639437223ef554ee66e78a1a0e67e39484e3edc136d5d68a4ad1f9414bc6649e32a67e17fad883a8ba5d2d4d7f74f3d130defe
+	sha512sums = ced953e98ad47868985caca36ff100636c1e96d45960b690d81c27ddda9879f7c10dfc6cfde503aacdfa5b9c50fb7ac9e02fd1b49892b2ec64b23a00548ae80c
 	sha512sums = 4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40
 
 pkgname = ncdns
-
diff --git a/PKGBUILD b/PKGBUILD
index 104fa24eab78..fc1f01fd960d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,9 +1,11 @@
 # Maintainer: redfish <redfish@galactica.pw>
 
 pkgname=ncdns
-pkgver=0.1.2
+pkgver=0.3.2
 pkgrel=1
-_x509_compressed_commit=11c148e3a82a374dc8cc7800729ae31d1de3514b
+_certinject_ver=0.1.1
+_x509_compressed_ver=0.0.3
+_gen_deps=("certinject=${_certinject_ver}" "x509-compressed=${_x509_compressed_ver}")
 
 pkgdesc='Namecoin to DNS bridge daemon'
 url='https://github.com/namecoin/ncdns'
@@ -17,45 +19,66 @@ install="ncdns.install"
 backup=("etc/ncdns.conf")
 
 source=($pkgname-$pkgver.tar.gz::https://github.com/namecoin/ncdns/archive/v${pkgver}.tar.gz
-	x509-compressed-${_x509_compressed_commit}.tar.gz::https://github.com/namecoin/x509-compressed/archive/${_x509_compressed_commit}.tar.gz
-	ncdns.service)
+  certinject-${_certinject_ver}.tar.gz::https://github.com/namecoin/certinject/archive/v${_certinject_ver}.tar.gz
+  x509-compressed-${_x509_compressed_ver}.tar.gz::https://github.com/namecoin/x509-compressed/archive/v${_x509_compressed_ver}.tar.gz
+  x509-compressed--drop-godebug-options.patch
+  ncdns.service)
 
-_gopath=gopath
-_pkgpath=github.com/namecoin
+_gopath_dir="_gopath"
 
 prepare() {
-  export GOPATH=$srcdir/${_gopath}
+  export GOPATH="$srcdir/${_gopath_dir}"
 
-  mkdir -p "${_pkgpath}"
-  mv x509-compressed-${_x509_compressed_commit} ${_pkgpath}/x509-compressed
-  mv $pkgname-$pkgver ${_pkgpath}/$pkgname
+  local _mod_rewrites=(
+      # Workaround for a problem with a downstream dependency, whose
+      # public path has changed, see
+      # https://github.com/alecthomas/kingpin/commit/2e61e1e95c3b456c2414aada0efb75737df3b9a5
+    "-replace=gopkg.in/alecthomas/kingpin.v2=github.com/alecthomas/kingpin/v2@v2.3.2"
+  )
 
-  pushd ${_pkgpath}/x509-compressed
-  go mod init ${_pkgpath}/x509-compressed
-  go mod tidy
-  go generate ./...
+  cd $srcdir
+
+  # Wrap the special dependencies that need a 'go generate' step into go modules
+  local _dep_ver
+  for _dep_ver in ${_gen_deps[*]}
+  do
+    local _dep=${_dep_ver%=*}
+    local _ver=${_dep_ver#*=}
+    pushd "${_dep}-${_ver}"
+    go mod init github.com/namecoin/${_dep}
+    go mod edit ${_mod_rewrites[*]}
+    go mod tidy
+    go generate ./...
+    go mod tidy
+    _mod_rewrites+=("-replace=github.com/namecoin/${_dep}=../${_dep}-${_ver}")
+    popd
+  done
+
+  # Wrap the top-level application executable into a module
+  pushd "$pkgname-$pkgver"
+  go mod init github.com/namecoin/ncdns
+  go mod edit ${_mod_rewrites[*]}
   go mod tidy
   popd
 
-  pushd ${_pkgpath}/$pkgname
-  go mod init ${_pkgpath}/$pkgname
-  go mod tidy
-  go mod edit -replace ${_pkgpath}/x509-compressed=../x509-compressed
-  go mod tidy
+  # Patch a minor issue, where 'internal' godebug module is used by disallowed
+  # Upstream: https://github.com/namecoin/x509-compressed/pull/4
+  pushd "x509-compressed-${_x509_compressed_ver}"
+  patch -p1 -i ../x509-compressed--drop-godebug-options.patch
   popd
 }
 
 build() {
-  export GOPATH=$srcdir/${_gopath}
-
-  cd ${_pkgpath}/$pkgname
-  go install ./...
+  export GOPATH="$srcdir/${_gopath_dir}"
+  cd "$srcdir/$pkgname-$pkgver"
+  go build ./...
 }
 
 package() {
-  export GOPATH=$srcdir/${_gopath}
+  export GOPATH="$srcdir/${_gopath_dir}"
+  cd "$srcdir/$pkgname-$pkgver"
 
-  cd ${_pkgpath}/$pkgname
+  go install ./...
 
   install -Dm 755 $GOPATH/bin/ncdns "$pkgdir/usr/bin/ncdns"
   install -Dm 644 $srcdir/ncdns.service "$pkgdir/usr/lib/systemd/system/ncdns.service"
@@ -64,6 +87,8 @@ package() {
   install -Dm 644  _doc/ncdns.conf.example "$pkgdir/etc/ncdns.conf"
 }
 
-sha512sums=('a7b95bdaeb781f49f6bc70e4d43f6a513b48d46f279a2c1993002cf20ef63330799e32a7442db37cda84590d57a352e3bd2642db1d863cb858bd8de7d7741177'
-            '6a78e4777ea041ccfb7299322cc2bf6ab0db10ad7a28c6f8ec8293409fd4af1638e0c91618b465b6b4fbbaf25bc2b8f32af0e08191713afe420620a8534c5910'
+sha512sums=('f56f9b4f7c740370d0c07c437835c29158a5898892726492c130c4c3df79add6c03dc5a905c7564e7be2efa01a346ed3ef6895640557af9a4f0a4d30dccafa2a'
+            'e4e4888558fdc8abe53daf8850ea0deb41ef79fcfae70d78dcc50da6a1f7e24240e8d978f48bcb2a8f4c1811afd87a71a5c97789882f6973ab6477b679037914'
+            'b2df29980557a10a2d7798ba43639437223ef554ee66e78a1a0e67e39484e3edc136d5d68a4ad1f9414bc6649e32a67e17fad883a8ba5d2d4d7f74f3d130defe'
+            'ced953e98ad47868985caca36ff100636c1e96d45960b690d81c27ddda9879f7c10dfc6cfde503aacdfa5b9c50fb7ac9e02fd1b49892b2ec64b23a00548ae80c'
             '4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40')
diff --git a/x509-compressed--drop-godebug-options.patch b/x509-compressed--drop-godebug-options.patch
new file mode 100644
index 000000000000..ad7d53f1a525
--- /dev/null
+++ b/x509-compressed--drop-godebug-options.patch
@@ -0,0 +1,79 @@
+--- a/x509/root.go	2023-09-03 03:22:13.790252625 -0400
++++ b/x509/root.go	2023-09-03 03:54:13.053185803 -0400
+@@ -33,8 +33,6 @@
+ 	}
+ }
+ 
+-var x509usefallbackroots = godebug.New("x509usefallbackroots")
+-
+ // SetFallbackRoots sets the roots to use during certificate verification, if no
+ // custom roots are specified and a platform verifier or a system certificate
+ // pool is not available (for instance in a container which does not have a root
+@@ -42,12 +40,6 @@
+ //
+ // SetFallbackRoots may only be called once, if called multiple times it will
+ // panic.
+-//
+-// The fallback behavior can be forced on all platforms, even when there is a
+-// system certificate pool, by setting GODEBUG=x509usefallbackroots=1 (note that
+-// on Windows and macOS this will disable usage of the platform verification
+-// APIs and cause the pure Go verifier to be used). Setting
+-// x509usefallbackroots=1 without calling SetFallbackRoots has no effect.
+ func SetFallbackRoots(roots *CertPool) {
+ 	if roots == nil {
+ 		panic("roots must be non-nil")
+@@ -66,10 +58,7 @@
+ 	fallbacksSet = true
+ 
+ 	if systemRoots != nil && (systemRoots.len() > 0 || systemRoots.systemPool) {
+-		if x509usefallbackroots.Value() != "1" {
+-			return
+-		}
+-		x509usefallbackroots.IncNonDefault()
++		return
+ 	}
+ 	systemRoots, systemRootsErr = roots, nil
+ }
+--- a/x509/x509.go	2023-09-03 03:23:45.787219667 -0400
++++ b/x509/x509.go	2023-09-03 03:52:21.772822467 -0400
+@@ -781,18 +781,10 @@
+ 
+ // An InsecureAlgorithmError indicates that the SignatureAlgorithm used to
+ // generate the signature is not secure, and the signature has been rejected.
+-//
+-// To temporarily restore support for SHA-1 signatures, include the value
+-// "x509sha1=1" in the GODEBUG environment variable. Note that this option will
+-// be removed in a future release.
+ type InsecureAlgorithmError SignatureAlgorithm
+ 
+ func (e InsecureAlgorithmError) Error() string {
+-	var override string
+-	if SignatureAlgorithm(e) == SHA1WithRSA || SignatureAlgorithm(e) == ECDSAWithSHA1 {
+-		override = " (temporarily override with GODEBUG=x509sha1=1)"
+-	}
+-	return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e)) + override
++	return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e))
+ }
+ 
+ // ConstraintViolationError results when a requested usage is not permitted by
+@@ -869,8 +861,6 @@
+ 	return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
+ }
+ 
+-var x509sha1 = godebug.New("x509sha1")
+-
+ // checkSignature verifies that signature is a valid signature over signed from
+ // a crypto.PublicKey.
+ func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey, allowSHA1 bool) (err error) {
+@@ -894,10 +884,7 @@
+ 	case crypto.SHA1:
+ 		// SHA-1 signatures are mostly disabled. See go.dev/issue/41682.
+ 		if !allowSHA1 {
+-			if x509sha1.Value() != "1" {
+-				return InsecureAlgorithmError(algo)
+-			}
+-			x509sha1.IncNonDefault()
++			return InsecureAlgorithmError(algo)
+ 		}
+ 		fallthrough
+ 	default: