Re: ca-certificates build error

To: Mayuresh <mayuresh%acm.org@localhost>
Subject: Re: ca-certificates build error
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Sun, 17 Jul 2022 04:54:18 +0200

On Sun, 17 Jul 2022 08:08:38 +0530
Mayuresh <mayuresh%acm.org@localhost> wrote:

> pkgsrc-git updated today, python version 3.10, netbsd 9.2 amd64:
> 
>     Traceback (most recent call last):
>       File "/usr/pkgsrc/work/security/ca-certificates/work/ca-certificates-20211016/mozilla/certdata2pem.py", line 125, in <module>
>         cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
>       File "/usr/pkg/lib/python3.10/site-packages/cryptography/x509/base.py", line 521, in load_der_x509_certificate
>         return rust_x509.load_der_x509_certificate(data)
>     TypeError: argument 'data': 'bytearray' object cannot be converted to 'PyBytes'
>     *** [all] Error code 1
> 
> Please advise. This is a critical package.

Likely fallout from py-cryptography update. Try this patch:

--- mozilla/certdata2pem.py.orig	2021-10-16 16:09:43.000000000 +0000
+++ mozilla/certdata2pem.py
@@ -122,7 +122,7 @@ for obj in objects:
         if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
             continue

-        cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
+        cert = x509.load_der_x509_certificate(bytes(obj['CKA_VALUE']))
         if cert.not_valid_after < datetime.datetime.now():
             print('!'*74)
             print('Trusted but expired certificate found: %s' % obj['CKA_LABEL'])

Follow-Ups:
- Re: ca-certificates build error
  - From: Mayuresh

References:
- ca-certificates build error
  - From: Mayuresh

Prev by Date: Re: ca-certificates build error
Next by Date: pbulk rust-bin "Read-only file system" errors
Previous by Thread: Re: ca-certificates build error
Next by Thread: Re: ca-certificates build error
Indexes:

Home | Main Index | Thread Index | Old Index