From 80e4e3f08ac66871fd953ab4806e1be6f5f130b0 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 14 Jun 2024 01:15:11 +0200 Subject: d/gbp.conf: Set 'debian-branch = debian/bookworm'. --- debian/gbp.conf | 2 +- ...e-against-current-Let-s-Encrypt-staging-e.patch | 2 +- .../Fix-post-issuance-validation-logic.patch | 35 ++++++++++++++++------ 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/debian/gbp.conf b/debian/gbp.conf index 97c190b..0492ed6 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = debian/latest +debian-branch = debian/bookworm upstream-tag = v%(version)s debian-tag = debian/%(version)s pristine-tar = False diff --git a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch index 0065c39..af9d7f8 100644 --- a/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch +++ b/debian/patches/Adjust-test-suite-against-current-Let-s-Encrypt-staging-e.patch @@ -40,7 +40,7 @@ index e79a528..a3ad707 100644 # vim: set filetype=sh : diff --git a/tests/cert-install b/tests/cert-install -index 4415cdd..03360fd 100644 +index c38f3cf..279309f 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -79,7 +79,7 @@ check_chain() { diff --git a/debian/patches/Fix-post-issuance-validation-logic.patch b/debian/patches/Fix-post-issuance-validation-logic.patch index f5ecbed..1453055 100644 --- a/debian/patches/Fix-post-issuance-validation-logic.patch +++ b/debian/patches/Fix-post-issuance-validation-logic.patch @@ -24,10 +24,10 @@ Encrypt's latest recommendations: Origin: https://git.guilhem.org/lacme/commit/?id=9cb882a468843bf8ce9598de8769d5baaaaae3ea Bug-Debian: https://bugs.debian.org/1072847 --- - Makefile | 8 ++----- - lacme | 26 +++++++++++++++++---- - tests/cert-install | 67 ++++++++++++++++++++++++++++++++++++++++++------------ - 3 files changed, 76 insertions(+), 25 deletions(-) + Makefile | 8 ++---- + lacme | 26 +++++++++++++---- + tests/cert-install | 82 +++++++++++++++++++++++++++++++++++------------------- + 3 files changed, 76 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index 10e55c5..cb2f4ed 100644 @@ -111,7 +111,7 @@ index 6284c66..86a0516 100755 if (spawn(\%args, 'openssl', 'verify', @options)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; diff --git a/tests/cert-install b/tests/cert-install -index 4b3e820..4415cdd 100644 +index 4b3e820..c38f3cf 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -28,6 +28,55 @@ EOF @@ -170,15 +170,32 @@ index 4b3e820..4415cdd 100644 # 'certificate' installs only the leaf certificate openssl genpkey -algorithm RSA -out /etc/lacme/test1.key subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME" -@@ -42,6 +91,7 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 +@@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 test /etc/lacme/test1.crt -nt /etc/lacme/test1.key sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem +check_spki /etc/lacme/test1.crt /etc/lacme/test1.key - check_hash() { -@@ -70,16 +120,7 @@ EOF +-check_hash() { +- local p1="$1" p2 s1 s2 +- s1="$(openssl x509 -noout -hash <"$p1")" +- for p2 in /usr/share/lacme/ca-certificates.pem.*; do +- s2="$(openssl x509 -noout -hash <"$p2")" +- if [ "$s1" = "$s2" ]; then +- return 0 +- fi +- done +- return 1 +-} +-csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \ +- "/-----BEGIN CERTIFICATE-----/" "{*}" +-rm -f /usr/share/lacme/ca-certificates.pem.00 +- + # 'certificate-chain' appends the chain of trust + openssl genpkey -algorithm RSA -out /etc/lacme/test2.key + cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF +@@ -70,16 +105,7 @@ EOF lacme newOrder test2 2>"$STDERR" || fail newOrder test2 test /etc/lacme/test2.crt -nt /etc/lacme/test2.key @@ -196,7 +213,7 @@ index 4b3e820..4415cdd 100644 # 'certificate' + 'certificate-chain' openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -@@ -94,10 +135,8 @@ EOF +@@ -94,10 +120,8 @@ EOF lacme newOrder test3 2>"$STDERR" || fail newOrder test3 test /etc/lacme/test3.pem -nt /etc/lacme/test3.key test /etc/lacme/test3.crt -nt /etc/lacme/test3.key -- cgit v1.2.3