search

oven-sh / bun

Incredibly fast JavaScript runtime, bundler, test runner, and package manager – all in one
https://bun.sh
Other
74.35k stars 2.78k forks source link

fix(root_cert) use a more reliable source for the latest cert #15262

Closed cirospaciari closed 1 day ago

cirospaciari commented 2 days ago

What does this PR do?

How did you verify your code works?

The command bellow should emit the NSS + lastest firefox stable release

bun generate-root-certs.mjs -v

Example of output:

Fetching NSS release from FIREFOX_132_0_2_RELEASE
Found NSS version:
{
  version: "3.105",
  firefoxVersion: "132.0.2",
  firefoxDate: "2024-11-12",
  date: "2024-11-12",
}
Fetching https://hg.mozilla.org/projects/nss/raw-file/NSS_3_105_RTM/lib/ckfw/builtins/certdata.txt
Writing /Users/cirospaciari/Repos/bun/packages/bun-usockets/certdata.txt
Running generate-root-certs.pl
Parsing: GlobalSign Root CA
Parsing: Entrust.net Premium 2048 Secure Server CA
Parsing: Baltimore CyberTrust Root
Parsing: Entrust Root Certification Authority
Parsing: Comodo AAA Services root
Parsing: QuoVadis Root CA 2
Parsing: QuoVadis Root CA 3
Parsing: XRamp Global CA Root
Parsing: Go Daddy Class 2 CA
Parsing: Starfield Class 2 CA
Parsing: DigiCert Assured ID Root CA
Parsing: DigiCert Global Root CA
Parsing: DigiCert High Assurance EV Root CA
Parsing: SwissSign Gold CA - G2
Parsing: SwissSign Silver CA - G2
Parsing: SecureTrust CA
Parsing: Secure Global CA
Parsing: COMODO Certification Authority
Parsing: COMODO ECC Certification Authority
Parsing: Certigna
Parsing: ePKI Root Certification Authority
Parsing: certSIGN ROOT CA
Parsing: NetLock Arany (Class Gold) Főtanúsítvány
Parsing: SecureSign RootCA11
Parsing: Microsec e-Szigno Root CA 2009
Parsing: GlobalSign Root CA - R3
Parsing: Izenpe.com
Parsing: Go Daddy Root Certificate Authority - G2
Parsing: Starfield Root Certificate Authority - G2
Parsing: Starfield Services Root Certificate Authority - G2
Parsing: AffirmTrust Commercial
Parsing: AffirmTrust Networking
Parsing: AffirmTrust Premium
Parsing: AffirmTrust Premium ECC
Parsing: Certum Trusted Network CA
Parsing: TWCA Root Certification Authority
Parsing: Security Communication RootCA2
Parsing: Actalis Authentication Root CA
Parsing: Buypass Class 2 Root CA
Parsing: Buypass Class 3 Root CA
Parsing: T-TeleSec GlobalRoot Class 3
Parsing: D-TRUST Root Class 3 CA 2 2009
Parsing: D-TRUST Root Class 3 CA 2 EV 2009
Parsing: CA Disig Root R2
Parsing: ACCVRAIZ1
Parsing: TWCA Global Root CA
Parsing: TeliaSonera Root CA v1
Parsing: T-TeleSec GlobalRoot Class 2
Parsing: Atos TrustedRoot 2011
Parsing: QuoVadis Root CA 1 G3
Parsing: QuoVadis Root CA 2 G3
Parsing: QuoVadis Root CA 3 G3
Parsing: DigiCert Assured ID Root G2
Parsing: DigiCert Assured ID Root G3
Parsing: DigiCert Global Root G2
Parsing: DigiCert Global Root G3
Parsing: DigiCert Trusted Root G4
Parsing: COMODO RSA Certification Authority
Parsing: USERTrust RSA Certification Authority
Parsing: USERTrust ECC Certification Authority
Parsing: GlobalSign ECC Root CA - R5
Parsing: IdenTrust Commercial Root CA 1
Parsing: IdenTrust Public Sector Root CA 1
Parsing: Entrust Root Certification Authority - G2
Parsing: Entrust Root Certification Authority - EC1
Parsing: CFCA EV ROOT
Parsing: OISTE WISeKey Global Root GB CA
Parsing: SZAFIR ROOT CA2
Parsing: Certum Trusted Network CA 2
Parsing: Hellenic Academic and Research Institutions RootCA 2015
Parsing: Hellenic Academic and Research Institutions ECC RootCA 2015
Parsing: ISRG Root X1
Parsing: AC RAIZ FNMT-RCM
Parsing: Amazon Root CA 1
Parsing: Amazon Root CA 2
Parsing: Amazon Root CA 3
Parsing: Amazon Root CA 4
Parsing: TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
Parsing: GDCA TrustAUTH R5 ROOT
Parsing: SSL.com Root Certification Authority RSA
Parsing: SSL.com Root Certification Authority ECC
Parsing: SSL.com EV Root Certification Authority RSA R2
Parsing: SSL.com EV Root Certification Authority ECC
Parsing: GlobalSign Root CA - R6
Parsing: OISTE WISeKey Global Root GC CA
Parsing: UCA Global G2 Root
Parsing: UCA Extended Validation Root
Parsing: Certigna Root CA
Parsing: emSign Root CA - G1
Parsing: emSign ECC Root CA - G3
Parsing: emSign Root CA - C1
Parsing: emSign ECC Root CA - C3
Parsing: Hongkong Post Root CA 3
Parsing: Entrust Root Certification Authority - G4
Parsing: Microsoft ECC Root Certificate Authority 2017
Parsing: Microsoft RSA Root Certificate Authority 2017
Parsing: e-Szigno Root CA 2017
Parsing: certSIGN Root CA G2
Parsing: Trustwave Global Certification Authority
Parsing: Trustwave Global ECC P256 Certification Authority
Parsing: Trustwave Global ECC P384 Certification Authority
Parsing: NAVER Global Root Certification Authority
Parsing: AC RAIZ FNMT-RCM SERVIDORES SEGUROS
Parsing: GlobalSign Root R46
Parsing: GlobalSign Root E46
Parsing: GLOBALTRUST 2020
Parsing: ANF Secure Server Root CA
Parsing: Certum EC-384 CA
Parsing: Certum Trusted Root CA
Parsing: TunTrust Root CA
Parsing: HARICA TLS RSA Root CA 2021
Parsing: HARICA TLS ECC Root CA 2021
Parsing: Autoridad de Certificacion Firmaprofesional CIF A62634068
Parsing: vTrus ECC Root CA
Parsing: vTrus Root CA
Parsing: ISRG Root X2
Parsing: HiPKI Root CA - G1
Parsing: GlobalSign ECC Root CA - R4
Parsing: GTS Root R1
Parsing: GTS Root R2
Parsing: GTS Root R3
Parsing: GTS Root R4
Parsing: Telia Root CA v2
Parsing: D-TRUST BR Root CA 1 2020
Parsing: D-TRUST EV Root CA 1 2020
Parsing: DigiCert TLS ECC P384 Root G5
Parsing: DigiCert TLS RSA4096 Root G5
Parsing: Certainly Root R1
Parsing: Certainly Root E1
Parsing: Security Communication RootCA3
Parsing: Security Communication ECC RootCA1
Parsing: BJCA Global Root CA1
Parsing: BJCA Global Root CA2
Parsing: Sectigo Public Server Authentication Root E46
Parsing: Sectigo Public Server Authentication Root R46
Parsing: SSL.com TLS RSA Root CA 2022
Parsing: SSL.com TLS ECC Root CA 2022
Parsing: Atos TrustedRoot Root CA ECC TLS 2021
Parsing: Atos TrustedRoot Root CA RSA TLS 2021
Parsing: TrustAsia Global Root CA G3
Parsing: TrustAsia Global Root CA G4
Parsing: CommScope Public Trust ECC Root-01
Parsing: CommScope Public Trust ECC Root-02
Parsing: CommScope Public Trust RSA Root-01
Parsing: CommScope Public Trust RSA Root-02
Parsing: Telekom Security TLS ECC Root 2020
Parsing: Telekom Security TLS RSA Root 2023
Parsing: FIRMAPROFESIONAL CA ROOT-A WEB
Parsing: TWCA CYBER Root CA
Parsing: SecureSign Root CA12
Parsing: SecureSign Root CA14
Parsing: SecureSign Root CA15
Done (152 CA certs processed, 25 skipped).

NEW_VERSION=3.105
COMMIT_MSG<<2af5f189-7c36-4284-84ee-5a48ba02c661
crypto: update root certificates to NSS 3.105

This is the certdata.txt[0] from NSS 3.105, released on 2024-11-12.

This is the version of NSS that will ship in Firefox 132.0.2 on
2024-11-12.

[0] https://hg.mozilla.org/projects/nss/raw-file/NSS_3_105_RTM/lib/ckfw/builtins/certdata.txt
2af5f189-7c36-4284-84ee-5a48ba02c661
robobun commented 2 days ago

:x: @cirospaciari, your commit 7d837a75393ae80fe337e441e999c9038ebe8f64 has 12 failures in #6418:

  • test/cli/install/registry/bun-install-registry.test.ts - timeout on 🐧 3.20 x64
  • test/integration/next-pages/test/dev-server.test.ts - 1 failing on 🐧 3.20 x64-baseline
  • test/integration/next-pages/test/dev-server.test.ts - 1 failing on 🐧 3.20 x64
  • test/v8/v8.test.ts - 22 failing on 🐧 3.20 aarch64
  • test/v8/v8.test.ts - 22 failing on 🐧 3.20 x64-baseline
  • test/v8/v8.test.ts - 22 failing on 🐧 3.20 x64
  • test/js/bun/http/serve.test.ts - segmentation fault on 🐧 3.20 aarch64
  • test/js/bun/http/serve.test.ts - segmentation fault on 🐧 3.20 x64-baseline
  • test/js/bun/http/serve.test.ts - segmentation fault on 🐧 3.20 x64
  • test/js/node/test/parallel/fs-watch-recursive-linux-parallel-remove.test.js - 1 failing on 🐧 3.20 aarch64
  • test/js/node/test/parallel/fs-watch-recursive-linux-parallel-remove.test.js - 1 failing on 🐧 3.20 x64-baseline
  • test/js/node/test/parallel/fs-watch-recursive-linux-parallel-remove.test.js - 1 failing on 🐧 3.20 x64
  • test/js/bun/ffi/cc.test.ts - 1 failing on 🐧 3.20 aarch64
  • test/js/bun/ffi/cc.test.ts - 1 failing on 🐧 3.20 x64-baseline
  • test/js/bun/ffi/cc.test.ts - 1 failing on 🐧 3.20 x64
  • test/js/node/child_process/child_process.test.ts - 1 failing on 🐧 3.20 aarch64
  • test/js/node/child_process/child_process.test.ts - 1 failing on 🐧 3.20 x64-baseline
  • test/js/node/child_process/child_process.test.ts - 1 failing on 🐧 3.20 x64
  • test/cli/install/bun-link.test.ts - 4 failing on 🐧 3.20 aarch64
  • test/cli/install/bun-link.test.ts - 4 failing on 🐧 3.20 x64-baseline
  • test/cli/install/bun-link.test.ts - 4 failing on 🐧 3.20 x64
  • test/js/web/fetch/fetch.tls.test.ts - 1 failing on 🍎 14 aarch64
  • test/js/bun/spawn/spawn-stdin-destroy.test.ts - 1 failing on 🪟 2019 x64-baseline
  • test/cli/install/bun-run.test.ts - 1 failing on 🪟 2019 x64-baseline
  • test/js/bun/spawn/spawn-signal.test.ts - 1 failing on 🪟 2019 x64