Index: devel/arcanist-lib/Makefile =================================================================== --- devel/arcanist-lib/Makefile +++ devel/arcanist-lib/Makefile @@ -1,6 +1,6 @@ PORTNAME?= arcanist PORTVERSION?= 20220518 -PORTREVISION?= 4 +PORTREVISION?= 5 CATEGORIES?= devel PKGNAMESUFFIX= ${SLAVE_PKGNAMESUFFIX}${PHP_PKGNAMESUFFIX} @@ -38,8 +38,6 @@ .if ${SLAVEPORT} == lib SLAVE_PKGNAMESUFFIX= -${SLAVEPORT} -RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss - OPTIONS_DEFINE= ENCODINGS OPTIONS_DEFAULT=ENCODINGS ENCODINGS_DESC= Support for encodings other than utf-8 @@ -82,8 +80,6 @@ @${REINPLACE_CMD} \ 's|%%PYTHON_CMD%%|${PYTHON_CMD}|g' \ ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/src/workflow/ArcanistAnoidWorkflow.php - ${LN} -sf ${LOCALBASE}/share/certs/ca-root-nss.crt \ - ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/resources/ssl/default.pem ${RLN} ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/support/shell/hooks/bash-completion.sh \ ${STAGEDIR}${PREFIX}/share/bash-completion/completions/arc ${STAGEDIR}${PREFIX}/${PHP_DESTDIR}/bin/arc shell-complete --generate Index: devel/arcanist-lib/files/patch-src_future_http_HTTPSFuture.php =================================================================== --- /dev/null +++ devel/arcanist-lib/files/patch-src_future_http_HTTPSFuture.php @@ -0,0 +1,48 @@ +--- src/future/http/HTTPSFuture.php.orig 2022-05-17 23:20:14 UTC ++++ src/future/http/HTTPSFuture.php +@@ -366,40 +366,13 @@ final class HTTPSFuture extends BaseHTTPFuture { + // Assume we have custom CA settings to start with; we'll clear this + // flag if we read the default CA info below. + +- // Try some decent fallbacks here: +- // - First, check if a bundle is set explicitly for this request, via +- // `setCABundle()` or similar. +- // - Then, check if a global bundle is set explicitly for all requests, +- // via `setGlobalCABundle()` or similar. +- // - Then, if a local custom.pem exists, use that, because it probably +- // means that the user wants to override everything (also because the +- // user might not have access to change the box's php.ini to add +- // curl.cainfo). +- // - Otherwise, try using curl.cainfo. If it's set explicitly, it's +- // probably reasonable to try using it before we fall back to what +- // libphutil ships with. +- // - Lastly, try the default that libphutil ships with. If it doesn't +- // work, give up and yell at the user. +- +- if (!$this->getCABundle()) { +- $caroot = dirname(phutil_get_library_root('arcanist')); +- $caroot = $caroot.'/resources/ssl/'; +- +- $ini_val = ini_get('curl.cainfo'); +- if (self::getGlobalCABundle()) { +- $this->setCABundleFromPath(self::getGlobalCABundle()); +- } else if (Filesystem::pathExists($caroot.'custom.pem')) { +- $this->setCABundleFromPath($caroot.'custom.pem'); +- } else if ($ini_val) { +- // TODO: We can probably do a pathExists() here, even. +- $this->setCABundleFromPath($ini_val); ++ $ca_bundle = $this->getCABundle(); ++ if ($ca_bundle && $this->canSetCAInfo()) { ++ if (is_dir($ca_bundle)) { ++ curl_setopt($curl, CURLOPT_CAPATH, $ca_bundle); + } else { +- $this->setCABundleFromPath($caroot.'default.pem'); ++ curl_setopt($curl, CURLOPT_CAINFO, $ca_bundle); + } +- } +- +- if ($this->canSetCAInfo()) { +- curl_setopt($curl, CURLOPT_CAINFO, $this->getCABundle()); + } + + $verify_peer = 1; Index: devel/arcanist-lib/pkg-plist =================================================================== --- devel/arcanist-lib/pkg-plist +++ devel/arcanist-lib/pkg-plist @@ -17,7 +17,6 @@ lib/php/arcanist/resources/php/symbol-information.json lib/php/arcanist/resources/spelling/english.json lib/php/arcanist/resources/ssl/README -lib/php/arcanist/resources/ssl/default.pem lib/php/arcanist/scripts/__init_script__.php lib/php/arcanist/scripts/arcanist.php lib/php/arcanist/scripts/hgdaemon/hgdaemon_client.php