[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
07/07: gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.
|
From: |
Marius Bakke |
|
Subject: |
07/07: gnu: certbot: Fix build with python-pyopenssl >= 17.3.0. |
|
Date: |
Sun, 17 Sep 2017 14:14:05 -0400 (EDT) |
mbakke pushed a commit to branch master
in repository guix.
commit 881006b65cd7693a1f473870fef1ae38f497f9ae
Author: Marius Bakke <address@hidden>
Date: Sun Sep 17 17:39:30 2017 +0200
gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.
* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/tls.scm (python-acme)[source]: Use it.
---
gnu/local.mk | 1 +
.../python-acme-dont-use-openssl-rand.patch | 28 ++++++++++++++++++++++
gnu/packages/tls.scm | 7 +++---
3 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 7c1ffba..c6fc436 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -550,6 +550,7 @@ dist_patch_DATA =
\
%D%/packages/patches/ceph-disable-unittest-throttle.patch \
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
+ %D%/packages/patches/python-acme-dont-use-openssl-rand.patch \
%D%/packages/patches/chicken-CVE-2017-6949.patch \
%D%/packages/patches/chicken-CVE-2017-11343.patch \
%D%/packages/patches/chmlib-inttypes.patch \
diff --git a/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
new file mode 100644
index 0000000..7892062
--- /dev/null
+++ b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch
@@ -0,0 +1,28 @@
+Fix build with PyOpenSSL > 17.2.0.
+
+See <https://github.com/certbot/certbot/issues/5111>.
+
+Patch copied from upstream source repository:
+https://github.com/certbot/certbot/commit/f6be07da74c664b57ac8c053585f919c79f9af44
+
+diff --git a/acme/crypto_util.py b/acme/crypto_util.py
+index de15284c03..b8fba03488 100644
+--- a/acme/crypto_util.py
++++ b/acme/crypto_util.py
+@@ -2,6 +2,7 @@
+ import binascii
+ import contextlib
+ import logging
++import os
+ import re
+ import socket
+ import sys
+@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None,
+ """
+ assert domains, "Must provide one or more hostnames for the cert."
+ cert = OpenSSL.crypto.X509()
+- cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16))
++ cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16))
+ cert.set_version(2)
+
+ extensions = [
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 4b3d766..add371f 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -490,9 +490,10 @@ netcat implementation that supports TLS.")
(source (origin
(method url-fetch)
(uri (pypi-uri "acme" version))
- (sha256
- (base32
- "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
+ (patches (search-patches
"python-acme-dont-use-openssl-rand.patch"))
+ (sha256
+ (base32
+ "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y"))))
(build-system python-build-system)
(arguments
`(#:phases
- branch master updated (86805c1 -> 881006b), Marius Bakke, 2017/09/17
- 01/07: gnu: strace: Update to 4.19., Marius Bakke, 2017/09/17
- 05/07: gnu: lftp: Update to 4.8.1., Marius Bakke, 2017/09/17
- 06/07: gnu: python-pyopenssl: Update to 17.3.0., Marius Bakke, 2017/09/17
- 02/07: gnu: xf86-input-libinput: Update to 0.26.0., Marius Bakke, 2017/09/17
- 03/07: gnu: xf86-video-ati: Update to 7.10.0., Marius Bakke, 2017/09/17
- 04/07: gnu: jasper: Update to 2.0.14., Marius Bakke, 2017/09/17
- 07/07: gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.,
Marius Bakke <=