diff options
author | redfish | 2023-09-03 19:54:20 -0400 |
---|---|---|
committer | redfish | 2023-09-03 19:54:36 -0400 |
commit | 5de20bc9821d7f9937f19373bc749b7020ddaebe (patch) | |
tree | 05c4a90f905449f91f109c05d170bdf675989a53 | |
parent | 6e047ed64450f2c2aa705ed7a46d8e4104506f24 (diff) | |
download | aur-5de20bc9821d7f9937f19373bc749b7020ddaebe.tar.gz |
update to 0.3.2
Skeleton taken from ncprop279 package.
-rw-r--r-- | .SRCINFO | 15 | ||||
-rw-r--r-- | PKGBUILD | 79 | ||||
-rw-r--r-- | x509-compressed--drop-godebug-options.patch | 79 |
3 files changed, 140 insertions, 33 deletions
@@ -1,6 +1,6 @@ pkgbase = ncdns pkgdesc = Namecoin to DNS bridge daemon - pkgver = 0.1.2 + pkgver = 0.3.2 pkgrel = 1 url = https://github.com/namecoin/ncdns install = ncdns.install @@ -11,12 +11,15 @@ pkgbase = ncdns depends = libcap optdepends = namecoin-core: the Namecoin node backup = etc/ncdns.conf - source = ncdns-0.1.2.tar.gz::https://github.com/namecoin/ncdns/archive/v0.1.2.tar.gz - source = x509-compressed-11c148e3a82a374dc8cc7800729ae31d1de3514b.tar.gz::https://github.com/namecoin/x509-compressed/archive/11c148e3a82a374dc8cc7800729ae31d1de3514b.tar.gz + source = ncdns-0.3.2.tar.gz::https://github.com/namecoin/ncdns/archive/v0.3.2.tar.gz + source = certinject-0.1.1.tar.gz::https://github.com/namecoin/certinject/archive/v0.1.1.tar.gz + source = x509-compressed-0.0.3.tar.gz::https://github.com/namecoin/x509-compressed/archive/v0.0.3.tar.gz + source = x509-compressed--drop-godebug-options.patch source = ncdns.service - sha512sums = a7b95bdaeb781f49f6bc70e4d43f6a513b48d46f279a2c1993002cf20ef63330799e32a7442db37cda84590d57a352e3bd2642db1d863cb858bd8de7d7741177 - sha512sums = 6a78e4777ea041ccfb7299322cc2bf6ab0db10ad7a28c6f8ec8293409fd4af1638e0c91618b465b6b4fbbaf25bc2b8f32af0e08191713afe420620a8534c5910 + sha512sums = f56f9b4f7c740370d0c07c437835c29158a5898892726492c130c4c3df79add6c03dc5a905c7564e7be2efa01a346ed3ef6895640557af9a4f0a4d30dccafa2a + sha512sums = e4e4888558fdc8abe53daf8850ea0deb41ef79fcfae70d78dcc50da6a1f7e24240e8d978f48bcb2a8f4c1811afd87a71a5c97789882f6973ab6477b679037914 + sha512sums = b2df29980557a10a2d7798ba43639437223ef554ee66e78a1a0e67e39484e3edc136d5d68a4ad1f9414bc6649e32a67e17fad883a8ba5d2d4d7f74f3d130defe + sha512sums = ced953e98ad47868985caca36ff100636c1e96d45960b690d81c27ddda9879f7c10dfc6cfde503aacdfa5b9c50fb7ac9e02fd1b49892b2ec64b23a00548ae80c sha512sums = 4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40 pkgname = ncdns - @@ -1,9 +1,11 @@ # Maintainer: redfish <redfish@galactica.pw> pkgname=ncdns -pkgver=0.1.2 +pkgver=0.3.2 pkgrel=1 -_x509_compressed_commit=11c148e3a82a374dc8cc7800729ae31d1de3514b +_certinject_ver=0.1.1 +_x509_compressed_ver=0.0.3 +_gen_deps=("certinject=${_certinject_ver}" "x509-compressed=${_x509_compressed_ver}") pkgdesc='Namecoin to DNS bridge daemon' url='https://github.com/namecoin/ncdns' @@ -17,45 +19,66 @@ install="ncdns.install" backup=("etc/ncdns.conf") source=($pkgname-$pkgver.tar.gz::https://github.com/namecoin/ncdns/archive/v${pkgver}.tar.gz - x509-compressed-${_x509_compressed_commit}.tar.gz::https://github.com/namecoin/x509-compressed/archive/${_x509_compressed_commit}.tar.gz - ncdns.service) + certinject-${_certinject_ver}.tar.gz::https://github.com/namecoin/certinject/archive/v${_certinject_ver}.tar.gz + x509-compressed-${_x509_compressed_ver}.tar.gz::https://github.com/namecoin/x509-compressed/archive/v${_x509_compressed_ver}.tar.gz + x509-compressed--drop-godebug-options.patch + ncdns.service) -_gopath=gopath -_pkgpath=github.com/namecoin +_gopath_dir="_gopath" prepare() { - export GOPATH=$srcdir/${_gopath} + export GOPATH="$srcdir/${_gopath_dir}" - mkdir -p "${_pkgpath}" - mv x509-compressed-${_x509_compressed_commit} ${_pkgpath}/x509-compressed - mv $pkgname-$pkgver ${_pkgpath}/$pkgname + local _mod_rewrites=( + # Workaround for a problem with a downstream dependency, whose + # public path has changed, see + # https://github.com/alecthomas/kingpin/commit/2e61e1e95c3b456c2414aada0efb75737df3b9a5 + "-replace=gopkg.in/alecthomas/kingpin.v2=github.com/alecthomas/kingpin/v2@v2.3.2" + ) - pushd ${_pkgpath}/x509-compressed - go mod init ${_pkgpath}/x509-compressed - go mod tidy - go generate ./... + cd $srcdir + + # Wrap the special dependencies that need a 'go generate' step into go modules + local _dep_ver + for _dep_ver in ${_gen_deps[*]} + do + local _dep=${_dep_ver%=*} + local _ver=${_dep_ver#*=} + pushd "${_dep}-${_ver}" + go mod init github.com/namecoin/${_dep} + go mod edit ${_mod_rewrites[*]} + go mod tidy + go generate ./... + go mod tidy + _mod_rewrites+=("-replace=github.com/namecoin/${_dep}=../${_dep}-${_ver}") + popd + done + + # Wrap the top-level application executable into a module + pushd "$pkgname-$pkgver" + go mod init github.com/namecoin/ncdns + go mod edit ${_mod_rewrites[*]} go mod tidy popd - pushd ${_pkgpath}/$pkgname - go mod init ${_pkgpath}/$pkgname - go mod tidy - go mod edit -replace ${_pkgpath}/x509-compressed=../x509-compressed - go mod tidy + # Patch a minor issue, where 'internal' godebug module is used by disallowed + # Upstream: https://github.com/namecoin/x509-compressed/pull/4 + pushd "x509-compressed-${_x509_compressed_ver}" + patch -p1 -i ../x509-compressed--drop-godebug-options.patch popd } build() { - export GOPATH=$srcdir/${_gopath} - - cd ${_pkgpath}/$pkgname - go install ./... + export GOPATH="$srcdir/${_gopath_dir}" + cd "$srcdir/$pkgname-$pkgver" + go build ./... } package() { - export GOPATH=$srcdir/${_gopath} + export GOPATH="$srcdir/${_gopath_dir}" + cd "$srcdir/$pkgname-$pkgver" - cd ${_pkgpath}/$pkgname + go install ./... install -Dm 755 $GOPATH/bin/ncdns "$pkgdir/usr/bin/ncdns" install -Dm 644 $srcdir/ncdns.service "$pkgdir/usr/lib/systemd/system/ncdns.service" @@ -64,6 +87,8 @@ package() { install -Dm 644 _doc/ncdns.conf.example "$pkgdir/etc/ncdns.conf" } -sha512sums=('a7b95bdaeb781f49f6bc70e4d43f6a513b48d46f279a2c1993002cf20ef63330799e32a7442db37cda84590d57a352e3bd2642db1d863cb858bd8de7d7741177' - '6a78e4777ea041ccfb7299322cc2bf6ab0db10ad7a28c6f8ec8293409fd4af1638e0c91618b465b6b4fbbaf25bc2b8f32af0e08191713afe420620a8534c5910' +sha512sums=('f56f9b4f7c740370d0c07c437835c29158a5898892726492c130c4c3df79add6c03dc5a905c7564e7be2efa01a346ed3ef6895640557af9a4f0a4d30dccafa2a' + 'e4e4888558fdc8abe53daf8850ea0deb41ef79fcfae70d78dcc50da6a1f7e24240e8d978f48bcb2a8f4c1811afd87a71a5c97789882f6973ab6477b679037914' + 'b2df29980557a10a2d7798ba43639437223ef554ee66e78a1a0e67e39484e3edc136d5d68a4ad1f9414bc6649e32a67e17fad883a8ba5d2d4d7f74f3d130defe' + 'ced953e98ad47868985caca36ff100636c1e96d45960b690d81c27ddda9879f7c10dfc6cfde503aacdfa5b9c50fb7ac9e02fd1b49892b2ec64b23a00548ae80c' '4fca961ae7fc17fbb159dc6cfe3bf6be52b7e1423f0c04591100780a72f250cb87263e3eb736b363d2e67dbd8485018cbaa720ccaa4450bb93d220f802b4be40') diff --git a/x509-compressed--drop-godebug-options.patch b/x509-compressed--drop-godebug-options.patch new file mode 100644 index 000000000000..ad7d53f1a525 --- /dev/null +++ b/x509-compressed--drop-godebug-options.patch @@ -0,0 +1,79 @@ +--- a/x509/root.go 2023-09-03 03:22:13.790252625 -0400 ++++ b/x509/root.go 2023-09-03 03:54:13.053185803 -0400 +@@ -33,8 +33,6 @@ + } + } + +-var x509usefallbackroots = godebug.New("x509usefallbackroots") +- + // SetFallbackRoots sets the roots to use during certificate verification, if no + // custom roots are specified and a platform verifier or a system certificate + // pool is not available (for instance in a container which does not have a root +@@ -42,12 +40,6 @@ + // + // SetFallbackRoots may only be called once, if called multiple times it will + // panic. +-// +-// The fallback behavior can be forced on all platforms, even when there is a +-// system certificate pool, by setting GODEBUG=x509usefallbackroots=1 (note that +-// on Windows and macOS this will disable usage of the platform verification +-// APIs and cause the pure Go verifier to be used). Setting +-// x509usefallbackroots=1 without calling SetFallbackRoots has no effect. + func SetFallbackRoots(roots *CertPool) { + if roots == nil { + panic("roots must be non-nil") +@@ -66,10 +58,7 @@ + fallbacksSet = true + + if systemRoots != nil && (systemRoots.len() > 0 || systemRoots.systemPool) { +- if x509usefallbackroots.Value() != "1" { +- return +- } +- x509usefallbackroots.IncNonDefault() ++ return + } + systemRoots, systemRootsErr = roots, nil + } +--- a/x509/x509.go 2023-09-03 03:23:45.787219667 -0400 ++++ b/x509/x509.go 2023-09-03 03:52:21.772822467 -0400 +@@ -781,18 +781,10 @@ + + // An InsecureAlgorithmError indicates that the SignatureAlgorithm used to + // generate the signature is not secure, and the signature has been rejected. +-// +-// To temporarily restore support for SHA-1 signatures, include the value +-// "x509sha1=1" in the GODEBUG environment variable. Note that this option will +-// be removed in a future release. + type InsecureAlgorithmError SignatureAlgorithm + + func (e InsecureAlgorithmError) Error() string { +- var override string +- if SignatureAlgorithm(e) == SHA1WithRSA || SignatureAlgorithm(e) == ECDSAWithSHA1 { +- override = " (temporarily override with GODEBUG=x509sha1=1)" +- } +- return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e)) + override ++ return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e)) + } + + // ConstraintViolationError results when a requested usage is not permitted by +@@ -869,8 +861,6 @@ + return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey) + } + +-var x509sha1 = godebug.New("x509sha1") +- + // checkSignature verifies that signature is a valid signature over signed from + // a crypto.PublicKey. + func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey, allowSHA1 bool) (err error) { +@@ -894,10 +884,7 @@ + case crypto.SHA1: + // SHA-1 signatures are mostly disabled. See go.dev/issue/41682. + if !allowSHA1 { +- if x509sha1.Value() != "1" { +- return InsecureAlgorithmError(algo) +- } +- x509sha1.IncNonDefault() ++ return InsecureAlgorithmError(algo) + } + fallthrough + default: |