diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-09-17 17:39:30 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-09-17 18:50:00 +0200 |
commit | 881006b65cd7693a1f473870fef1ae38f497f9ae (patch) | |
tree | e852ab9c0debc15f596fc55e04a03811b2b16c06 | |
parent | 0c19c0f272f89fd94e88f1d7fd8e581b47bad3e7 (diff) | |
download | guix-881006b65cd7693a1f473870fef1ae38f497f9ae.tar.gz |
gnu: certbot: Fix build with python-pyopenssl >= 17.3.0.
* gnu/packages/patches/python-acme-dont-use-openssl-rand.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/tls.scm (python-acme)[source]: Use it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/python-acme-dont-use-openssl-rand.patch | 28 | ||||
-rw-r--r-- | gnu/packages/tls.scm | 7 |
3 files changed, 33 insertions, 3 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 7c1ffba00d..c6fc436633 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -550,6 +550,7 @@ dist_patch_DATA = \ %D%/packages/patches/ceph-disable-unittest-throttle.patch \ %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ + %D%/packages/patches/python-acme-dont-use-openssl-rand.patch \ %D%/packages/patches/chicken-CVE-2017-6949.patch \ %D%/packages/patches/chicken-CVE-2017-11343.patch \ %D%/packages/patches/chmlib-inttypes.patch \ diff --git a/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch new file mode 100644 index 0000000000..78920629c0 --- /dev/null +++ b/gnu/packages/patches/python-acme-dont-use-openssl-rand.patch @@ -0,0 +1,28 @@ +Fix build with PyOpenSSL > 17.2.0. + +See <https://github.com/certbot/certbot/issues/5111>. + +Patch copied from upstream source repository: +https://github.com/certbot/certbot/commit/f6be07da74c664b57ac8c053585f919c79f9af44 + +diff --git a/acme/crypto_util.py b/acme/crypto_util.py +index de15284c03..b8fba03488 100644 +--- a/acme/crypto_util.py ++++ b/acme/crypto_util.py +@@ -2,6 +2,7 @@ + import binascii + import contextlib + import logging ++import os + import re + import socket + import sys +@@ -243,7 +244,7 @@ def gen_ss_cert(key, domains, not_before=None, + """ + assert domains, "Must provide one or more hostnames for the cert." + cert = OpenSSL.crypto.X509() +- cert.set_serial_number(int(binascii.hexlify(OpenSSL.rand.bytes(16)), 16)) ++ cert.set_serial_number(int(binascii.hexlify(os.urandom(16)), 16)) + cert.set_version(2) + + extensions = [ diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 4b3d766b05..add371ffa3 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -490,9 +490,10 @@ netcat implementation that supports TLS.") (source (origin (method url-fetch) (uri (pypi-uri "acme" version)) - (sha256 - (base32 - "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y")))) + (patches (search-patches "python-acme-dont-use-openssl-rand.patch")) + (sha256 + (base32 + "0ry6vhfkhds28sg232hngwfnkqihsxv9r8w92c6nz45r7w56qk0y")))) (build-system python-build-system) (arguments `(#:phases |