gentoo auto-resync : 27:10:2024 - 03:04:35

4 files changed, 2 insertions, 144 deletions

diff --git a/dev-python/trustme/Manifest b/dev-python/trustme/Manifest
index ef7beef902d2..1a2d61e22de1 100644
--- a/dev-python/trustme/Manifest
+++ b/dev-python/trustme/Manifest
@@ -1,6 +1,3 @@
-AUX trustme-1.1.0-aki.patch 3621 BLAKE2B 1fda17f424373b5554ca36c91882608be9c33dbea23cb6f4c0457033cf5931a0ae071c37f15f3193e0d806d3f569c02e93dc1bd3eae3b198a1d51de00782f419 SHA512 e666c27b62cee678d9b2f1e22f283ce21a79839682a79d1a654b0b3f6d4a88e30f4511eb8f8099e7a84adfa139451002e4bc228911a3e9c21deaebacc6a299a6
-DIST trustme-1.1.0.tar.gz 29611 BLAKE2B 71210845c3bb919b731ab14db72376aa701c547c4b062e4dab9ccbb6b97c3416cb48b92a998aa26c85720b38514998e62005dd310513fc80a54502432ee4000b SHA512 f0ad39ffd9f4074107c90258738412ff8ca8ed1b4138e38edc6edad9a5cb8787a53a47fa78b12eba189774902ee3728961feed54b3b5e944e4737749912627b2
 DIST trustme-1.2.0.tar.gz 26350 BLAKE2B 885b96d8ef63a8bf0b96583ecac2c19148f7df28a9e2ad8816fe0d0f752718bb91d84f3d01a7e73663133a3094eb8199ad6eea609e27958db4720a14ff62b1be SHA512 84cfa02cf00bac1a304dacbae8b3d673307d066116e38c396f25fb868174f020c415921d4c56a6a37354e5205f294cf95611a8c4f2b02f82dda2aa9b2e80192b
-EBUILD trustme-1.1.0-r1.ebuild 978 BLAKE2B ae7a3733559ceb49b5847e5784b376536a80736ce74a2466ddecd06f19811258af835dece0b6f492fc2e8cb87697de7607be57aa1271723b54fe814165be71cc SHA512 ff1c9c8ca4d1870f5778b8600a9269066254ced8c150c1a4b8e141523a6e1381d39cfb6aa86003b3ded6efcf858e89304aa4f97f23c33c9a6c6ba840acf882ea
-EBUILD trustme-1.2.0.ebuild 867 BLAKE2B 6add6be41b2fd6b298106e2ffe1aee197f8396bb01bfc35d2579216dc1124dd8455435f26c1448db33fd17a0d073affa1ca7c781243aee9da3ab38b58f727016 SHA512 2bfa9120c8b7a92dfb04edd3d6b6a7b35dea1b437a9a53834c4fa2e3d64f15e2919e1cf7c165e04fb6b59f52b2af01c600add0fbdbba0b7b89c990c2998ae75e
+EBUILD trustme-1.2.0.ebuild 860 BLAKE2B 98a1f748a451b11dcdfbe5f293923adbe47de44c85abcd581acce1c5e6cdbe9f1c6626dfb453c7c84a51a13867b3121603c16b98d673a3364bdd75709a95fd17 SHA512 cdbd52d011acc2e75e82b8127f4e220ad87b23eaa7714212b973251ec553dd19b2f033fd3a9ff41aa0062dde59311126a97128a528009c7565ddd857882a1c5e
 MISC metadata.xml 503 BLAKE2B f9759fc8612b385d57ad6734f363b0d03a7a354c4486ebe98ee855c35d0ca11d54be27cb78b21b56178350bc5520908d2efa8345ecb060fc87bc784303325f2d SHA512 477a6d3a46f72e9a813c04102556742545798868dc526376f90dcc43cfd7675479271f5b0cc4a718e35c74e663a3f99db939202e771f2ff731adf871b161df00
diff --git a/dev-python/trustme/files/trustme-1.1.0-aki.patch b/dev-python/trustme/files/trustme-1.1.0-aki.patch
deleted file mode 100644
index a00fc85229a9..000000000000
--- a/dev-python/trustme/files/trustme-1.1.0-aki.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 84e347d9221e304f0158330e5101d23969d424d0 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 11:45:41 +0000
-Subject: [PATCH 1/3] Add AKI to child CA certificates
-
----
- src/trustme/__init__.py | 14 +++++++++++---
- tests/test_trustme.py   |  5 +++++
- 2 files changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py
-index 5fb24fb..0db1bb0 100644
---- a/src/trustme/__init__.py
-+++ b/src/trustme/__init__.py
-@@ -250,14 +250,22 @@ def __init__(
-             sign_key = parent_cert._private_key
-             parent_certificate = parent_cert._certificate
-             issuer = parent_certificate.subject
--
--        self._certificate = (
-+            ski_ext = parent_certificate.extensions.get_extension_for_class(
-+                x509.SubjectKeyIdentifier)
-+            aki = x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(ski_ext.value)
-+        else:
-+            aki = None
-+        cert_builder = (
-             _cert_builder_common(name, issuer, self._private_key.public_key())
-             .add_extension(
-                 x509.BasicConstraints(ca=True, path_length=path_length),
-                 critical=True,
-             )
--            .add_extension(
-+        )
-+        if aki:
-+            cert_builder = cert_builder.add_extension(aki, critical=False)
-+        self._certificate = (
-+            cert_builder.add_extension(
-                 x509.KeyUsage(
-                     digital_signature=True,  # OCSP
-                     content_commitment=False,
-diff --git a/tests/test_trustme.py b/tests/test_trustme.py
-index 1d901ad..581716e 100644
---- a/tests/test_trustme.py
-+++ b/tests/test_trustme.py
-@@ -200,6 +200,11 @@ def test_intermediate() -> None:
-     assert_is_ca(child_ca_cert)
-     assert child_ca_cert.issuer == ca_cert.subject
-     assert _path_length(child_ca_cert) == 8
-+    aki = child_ca_cert.extensions.get_extension_for_class(x509.AuthorityKeyIdentifier)
-+    assert aki.critical is False
-+    expected_aki_key_id = ca_cert.extensions.get_extension_for_class(
-+        x509.SubjectKeyIdentifier).value.digest
-+    assert aki.value.key_identifier == expected_aki_key_id
- 
-     child_server = child_ca.issue_cert("test-host.example.org")
-     assert len(child_server.cert_chain_pems) == 2
-
-From f507a28e0f4d97d63716aa5a81669bb747235f07 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 12:02:59 +0000
-Subject: [PATCH 2/3] Fix a typing issue
-
----
- src/trustme/__init__.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/trustme/__init__.py b/src/trustme/__init__.py
-index 0db1bb0..d126180 100644
---- a/src/trustme/__init__.py
-+++ b/src/trustme/__init__.py
-@@ -246,6 +246,7 @@ def __init__(
-         )
-         issuer = name
-         sign_key = self._private_key
-+        aki: Optional[x509.AuthorityKeyIdentifier]
-         if parent_cert is not None:
-             sign_key = parent_cert._private_key
-             parent_certificate = parent_cert._certificate
-
-From cdd2fd61aae9c92f902932bacd6b39189ecde4b1 Mon Sep 17 00:00:00 2001
-From: Illia Volochii <illia.volochii@gmail.com>
-Date: Wed, 27 Mar 2024 12:09:38 +0000
-Subject: [PATCH 3/3] Add a news entry
-
----
- newsfragments/642.bugfix.rst | 1 +
- 1 file changed, 1 insertion(+)
- create mode 100644 newsfragments/642.bugfix.rst
-
-diff --git a/newsfragments/642.bugfix.rst b/newsfragments/642.bugfix.rst
-new file mode 100644
-index 0000000..9d75e7a
---- /dev/null
-+++ b/newsfragments/642.bugfix.rst
-@@ -0,0 +1 @@
-+Add the Authority Key Identifier extension to child CA certificates.
diff --git a/dev-python/trustme/trustme-1.1.0-r1.ebuild b/dev-python/trustme/trustme-1.1.0-r1.ebuild
deleted file mode 100644
index 4a3e6481b916..000000000000
--- a/dev-python/trustme/trustme-1.1.0-r1.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..13} pypy3 )
-
-inherit distutils-r1 pypi
-
-DESCRIPTION="#1 quality TLS certs while you wait, for the discerning tester"
-HOMEPAGE="
-	https://github.com/python-trio/trustme/
-	https://pypi.org/project/trustme/
-"
-
-LICENSE="|| ( Apache-2.0 MIT )"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris"
-
-RDEPEND="
-	>=dev-python/cryptography-3.1[${PYTHON_USEDEP}]
-	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
-"
-BDEPEND="
-	test? (
-		dev-python/pyopenssl[${PYTHON_USEDEP}]
-		dev-python/service-identity[${PYTHON_USEDEP}]
-	)
-"
-
-distutils_enable_tests pytest
-
-PATCHES=(
-	# https://github.com/python-trio/trustme/pull/642
-	# (also fixes py3.13)
-	"${FILESDIR}/${P}-aki.patch"
-)
-
-python_test() {
-	local -x PYTEST_DISABLE_PLUGIN_AUTOLOAD=1
-	epytest
-}
diff --git a/dev-python/trustme/trustme-1.2.0.ebuild b/dev-python/trustme/trustme-1.2.0.ebuild
index d4e3518214a0..800e2c9be560 100644
--- a/dev-python/trustme/trustme-1.2.0.ebuild
+++ b/dev-python/trustme/trustme-1.2.0.ebuild
@@ -16,7 +16,7 @@ HOMEPAGE="
 
 LICENSE="|| ( Apache-2.0 MIT )"
 SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris"
+KEYWORDS="amd64 arm arm64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~ppc-macos ~x64-macos ~x64-solaris"
 
 RDEPEND="
 	>=dev-python/cryptography-3.1[${PYTHON_USEDEP}]