We really shouldn't override what the user has set externally. While it's true
that `-Wall` is set in `DEBUG_CFLAGS` later, dropping it from `CFLAGS` breaks
Perl detection somehow. Instead of going through the work to figure out how to
fix that, just stop modifying `CFLAGS` from the beginning.
Testing Done:
Compiled on Rawhide with the attached patch.
"MUST_VERIFY_TRUST",# This explicitly tells us that it ISN'T a CA but is otherwise ok. In other words, this should tell the app to ignore any other sources that claim this is a CA.
"TRUSTED"# This cert is trusted, but only for itself and not for delegates (i.e. it is not a CA).
);
my$default_signature_algorithms=$opt_s="MD5";
my@valid_signature_algorithms=(
"MD5",
"SHA1",
"SHA256",
"SHA384",
"SHA512"
);
$0=~s@.*(/|\\)@@;
$Getopt::Std::STANDARD_HELP_VERSION=1;
getopts('bd:fhiklmnp:qs:tuvw:');
if(!defined($opt_d)){
# to make plain "-d" use not cause warnings, and actually still work
$opt_d='release';
}
# Use predefined URL or else custom URL specified on command line.
my$url;
if(defined($urls{$opt_d})){
$url=$urls{$opt_d};
if(!$opt_k&&$url!~/^https:\/\//i){
die"The URL for '$opt_d' is not HTTPS. Use -k to override (insecure).\n";
}
}
else{
$url=$opt_d;
}
my$curl=`curl -V`;
if($opt_i){
print("="x78."\n");
print"Script Version : $version\n";
print"Perl Version : $]\n";
print"Operating System Name : $^O\n";
print"Getopt::Std.pm Version : ${Getopt::Std::VERSION}\n";
print"Encode::Encoding.pm Version : ${Encode::Encoding::VERSION}\n";
print"MIME::Base64.pm Version : ${MIME::Base64::VERSION}\n";
print"LWP::UserAgent.pm Version : ${LWP::UserAgent::VERSION}\n"if($LWP::UserAgent::VERSION);
print"LWP.pm Version : ${LWP::VERSION}\n"if($LWP::VERSION);
print"Digest::SHA.pm Version : ${Digest::SHA::VERSION}\n"if($Digest::SHA::VERSION);
print"Digest::SHA::PurePerl.pm Version : ${Digest::SHA::PurePerl::VERSION}\n"if($Digest::SHA::PurePerl::VERSION);
print("="x78."\n");
}
subwarning_message(){
if($opt_d=~m/^risk$/i){# Long Form Warning and Exit
print"Warning: Use of this script may pose some risk:\n";
print"\n";
print" 1) If you use HTTP URLs they are subject to a man in the middle attack\n";
print" 2) Default to 'release', but more recent updates may be found in other trees\n";
print" 3) certdata.txt file format may change, lag time to update this script\n";
print" 4) Generally unwise to blindly trust CAs without manual review & verification\n";
print" 5) Mozilla apps use additional security checks aren't represented in certdata\n";
print" 6) Use of this script will make a security engineer grind his teeth and\n";
print" swear at you. ;)\n";
exit;
}else{# Short Form Warning
print"Warning: Use of this script may pose some risk, -d risk for more details.\n";
print"\t-f\tforce rebuild even if certdata.txt is current\n";
print"\t-i\tprint version info about used modules\n";
print"\t-k\tallow URLs other than HTTPS, enable HTTP fallback (insecure)\n";
print"\t-l\tprint license info about certdata.txt\n";
print"\t-m\tinclude meta data in output\n";
print"\t-n\tno download of certdata.txt (to use existing)\n";
printwrap("\t","\t\t","-p\tlist of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels. (default: $default_mozilla_trust_purposes:$default_mozilla_trust_levels)"),"\n";
print"\t-q\tbe really quiet (no progress output at all)\n";
printwrap("\t","\t\t","-s\tcomma separated list of certificate signatures/hashes to output in plain text mode. (default: $default_signature_algorithms)\n");