Task Todo List Use system CA store

2022-06-27 - Felix Yan

We have a long-standing issue of having multiple vendored CA stores across various packages. This makes customizing CA store not possible for a subset of packages, the additional copies are often out-of-date, and it's inconsistent in general.

Some packages were made solely for providing another copy for a language ecosystem, for example python-certifi and perl-mozilla-ca, and some are vendoring the formers.

This draft TODO is collecting packages following this pattern and providing a possible clean solution:

- Make the language-specific CA store packages providing "/etc/ssl/certs/ca-certificates.crt" and depends on ca-certificates, possibly via making a symlink for maximum compatibility.
- Try to devendor packages containing them with a system copy, thus our alternative packages could be used instead.
- For not applicable packages (for example, vendoring CA store themselves without calling a third party provider), try to symlink or patch manually and make it depends on ca-certificates.

The list may not be complete. Some packages are also added to the list for manually patching out calls to certifi.where(), etc, which should not be needed anymore after step 1 above was done.

Link to lists of pkgbase values:

Filter Todo List Packages

Select filter criteria
26 packages displayed out of 26 total packages.
Arch Repository Name Current Version Staging Version Maintainers Status Last Touched By
any Community flyspray 1.0rc10-1 dvzrv Incomplete
x86_64 Community gitlab 15.1.2-1 anatolik Incomplete
x86_64 Community gnustep-base 1.28.0-4 Incomplete
any Community jython 2.7.2-3 felixonmars Incomplete
x86_64 Community kodi 19.4-5 idevolder Incomplete
x86_64 Community metasploit 6.2.10-1 anthraxx, kpcyrd Incomplete
any Community mitmproxy 8.1.1-1 felixonmars, FFY00, kpcyrd Complete felixonmars
x86_64 Community opensips 3.2.6-1 spupykin Incomplete
any Extra perl-lwp-protocol-https 6.10-4 felixonmars Complete felixonmars
any Extra perl-mozilla-ca 20211001-1 felixonmars Complete felixonmars
any Community phpmyadmin 5.2.0-1 spupykin Incomplete
any Community python-aiogram 2.21-1 felixonmars Complete felixonmars
any Community python-botocore 1.27.44-1 jsteel Incomplete
any Community python-certifi 2022.06.15-1 felixonmars, alucryd Complete felixonmars
any Community python-dephell alerque Incomplete
any Community python-elasticsearch 7.9.0-1 felixonmars Complete felixonmars
x86_64 Community python-elasticsearch-curator 5.7.6-7 anthraxx Incomplete
any Community python-google-auth 1.34.0-4 felixonmars Incomplete
x86_64 Community python-kivy 2.1.0-1 FFY00 Incomplete
any Extra python-pip 22.2.2-1 dvzrv Complete dvzrv
any Community python-pipenv 2022.7.24-1 andrewSC, Foxboron Incomplete
any Community python-raven 6.10.0-10 felixonmars Incomplete
any Extra python-requests 2.28.1-1 Incomplete
any Extra python-virtualenv 20.11.0-1 felixonmars Incomplete
any Community ruby-httpclient 2.8.3-9 bastelfreak Incomplete
x86_64 Community vagrant 2.2.19-2 jsteel Incomplete