On 2022-05-23 13:59, Steven Smith wrote:
...
The certs in curl-ca-bundle are updated regularly to clear out expired certs.
...> The “solution” appears to be to bump the revision of
privoxy-pki-bundle by hand whenever curl-ca-bundle is updated....
And how often is port curl-ca-bundle updated? What volume of revision
bumps are you trying to automate?
I'm not an expert, but as I read the Portfile for net/curl[1]:
1. port curl-ca-bundle is a subport of port curl[2],
2. it looks to me like port curl-ca-bundle only got updated about 7
times in the last 43 months[3]
3. it looks as if port curl-ca-bundle updates a file within curl,
security/nss/lib/ckfw/builtins/certdata.txt, and does some make and
install operations. Maybe building and installing curl itself does
those same operations.
4. Thus, maybe a version update to port curl also functions as an
update to port curl-ca-bundle, but I'm not sure.
5. it looks like port curl got updated about 25 times in the last 43
month[3], so three times as often as port curl-ca-bundle.
So it looks to me like you are working with an average update tempo of
either 2 updates/year or 9 updates/year, depending on whether #4 is true.
If #4 is true, it makes me wonder if maybe port curl-ca-bundle's values
for certdata_updated (epoch time) and certdata_date should get updated
each time the curl version gets updated.
Does that help?
--Jim DeLaHunt
[1]
<https://github.com/macports/macports-ports/commits/master/net/curl/Portfile>
[2]
<https://github.com/macports/macports-ports/blob/f0dd90b0d81d4fd8c902f909b1e9c0114a1b950c/net/curl/Portfile#L239-L322>
[3]
<https://github.com/macports/macports-ports/commits/master/net/curl/Portfile>
