From 84f5a68870dee86c29b8c2b3b8f6839691ff4e08 Mon Sep 17 00:00:00 2001
From: Orta Therox <orta.therox@gmail.com>
Date: Tue, 5 Apr 2016 20:54:55 +0100
Subject: [PATCH 1/4] Add the Git Credential Helper to the destroot - might
 handle #259

---
 Rakefile                                  | 37 ++++++++++++++++++++++-
 app/CPReflectionService/Info.plist        |  2 +-
 app/CocoaPods/Supporting Files/Info.plist |  2 +-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/Rakefile b/Rakefile
index 2b3e0a41..a656d098 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,4 +1,4 @@
-BUNDLED_ENV_VERSION = 2
+BUNDLED_ENV_VERSION = 3
 # ^ This has to be at line 0
 # This is so that a build on CP.app can be fast,
 # it can make assumptions that removing `BUNDLED_ENV_VERSION = `
@@ -146,6 +146,9 @@ BZR_URL = "https://launchpad.net/bzr/2.6/2.6.0/+download/bzr-#{BZR_VERSION}.tar.
 MERCURIAL_VERSION = '3.3.3'
 MERCURIAL_URL = "http://mercurial.selenic.com/release/mercurial-#{MERCURIAL_VERSION}.tar.gz"
 
+# see https://help.github.com/articles/caching-your-github-password-in-git/
+GIT_CREDENTIALS_URL = "https://github-media-downloads.s3.amazonaws.com/osx/git-credential-osxkeychain"
+
 # ------------------------------------------------------------------------------
 # Bundle Build Tools
 # ------------------------------------------------------------------------------
@@ -823,6 +826,37 @@ end
 
 installed_bzr = bzr_tasks.installed_path
 
+# ------------------------------------------------------------------------------
+# Git Credentials Helper
+# ------------------------------------------------------------------------------
+
+class DownloadOnlyTasks < BundleDependencyTasks
+
+  # Make the installed file executable?
+  attr_accessor :is_executable
+
+  def define_tasks
+    define_download_task
+    install_task
+  end
+
+  def install_task
+    execute 'cp', File.join(DOWNLOAD_DIR, artefact_file), File.join(BUNDLE_PREFIX, installed_file)
+    execute 'chmod', 'u+x', File.join(BUNDLE_PREFIX, installed_file) if is_executable
+  end
+end
+
+git_creds_tasks = DownloadOnlyTasks.define do |t|
+  t.url             = GIT_CREDENTIALS_URL
+  t.artefact_file   = 'git-credential-osxkeychain'
+  t.installed_file  = 'bin/git-credential-osxkeychain'
+  t.prefix          = BUNDLE_PREFIX
+  t.dependencies    = [installed_libcurl]
+  t.is_executable   = true
+end
+
+installed_git_creds = git_creds_tasks.installed_path
+
 # ------------------------------------------------------------------------------
 # Root Certificates
 # ------------------------------------------------------------------------------
@@ -844,6 +878,7 @@ namespace :bundle do
     installed_pod_bin,
     installed_cocoapods_plugins_install,
     installed_git,
+    installed_git_creds,
     installed_svn,
     installed_bzr,
     installed_mercurial,
diff --git a/app/CPReflectionService/Info.plist b/app/CPReflectionService/Info.plist
index 22c6054c..3f241587 100644
--- a/app/CPReflectionService/Info.plist
+++ b/app/CPReflectionService/Info.plist
@@ -21,7 +21,7 @@
 	<key>CFBundleSignature</key>
 	<string>????</string>
 	<key>CFBundleVersion</key>
-	<string>2016.03.30</string>
+	<string>2016.04.06</string>
 	<key>NSHumanReadableCopyright</key>
 	<string>Copyright © 2015 CocoaPods. All rights reserved.</string>
 	<key>XPCService</key>
diff --git a/app/CocoaPods/Supporting Files/Info.plist b/app/CocoaPods/Supporting Files/Info.plist
index e8a83031..9810737f 100644
--- a/app/CocoaPods/Supporting Files/Info.plist	
+++ b/app/CocoaPods/Supporting Files/Info.plist	
@@ -73,7 +73,7 @@
 		</dict>
 	</array>
 	<key>CFBundleVersion</key>
-	<string>2016.03.30</string>
+	<string>2016.04.06</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
 	<key>NSHumanReadableCopyright</key>

From 4506319d7c06568d95e4181dfba042aa9fa31b55 Mon Sep 17 00:00:00 2001
From: Orta Therox <orta.therox@gmail.com>
Date: Fri, 8 Apr 2016 19:05:57 +0100
Subject: [PATCH 2/4] Add the download task, to the DownloadOnlyTask - irony

---
 Rakefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Rakefile b/Rakefile
index a656d098..d637f375 100644
--- a/Rakefile
+++ b/Rakefile
@@ -837,6 +837,7 @@ class DownloadOnlyTasks < BundleDependencyTasks
 
   def define_tasks
     define_download_task
+    download_task
     install_task
   end
 

From a9bb04fdda4187709b89c220f8f737080855206f Mon Sep 17 00:00:00 2001
From: Nate West <nwestr@gmail.com>
Date: Fri, 15 Apr 2016 13:21:32 -0400
Subject: [PATCH 3/4] [Rakefile] Use Google's CA list

---
 Rakefile   | 15 ++++++++++-----
 bundle-env |  4 ++--
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/Rakefile b/Rakefile
index 04f885a8..7cec6510 100644
--- a/Rakefile
+++ b/Rakefile
@@ -113,6 +113,8 @@ OPENSSL_VERSION = '1.0.2'
 OPENSSL_PATCH = 'd'
 OPENSSL_URL = "https://www.openssl.org/source/old/#{OPENSSL_VERSION}/openssl-#{OPENSSL_VERSION}#{OPENSSL_PATCH}.tar.gz"
 
+ROOT_CA_URL = "https://pki.google.com/roots.pem"
+
 NCURSES_VERSION = '5.9'
 NCURSES_URL = "http://ftpmirror.gnu.org/ncurses/ncurses-#{NCURSES_VERSION}.tar.gz"
 
@@ -864,13 +866,16 @@ installed_git_creds = git_creds_tasks.installed_path
 # Root Certificates
 # ------------------------------------------------------------------------------
 
-installed_cacert = File.join(BUNDLE_DESTROOT, 'share/cacert.pem')
-file installed_cacert do
-  %w{ /Library/Keychains/System.keychain /System/Library/Keychains/SystemRootCertificates.keychain }.each do |keychain|
-    execute 'Certificates', ['/usr/bin/security', 'find-certificate', '-a', '-p', keychain], installed_cacert
-  end
+root_ca_tasks = DownloadOnlyTasks.define do |t|
+  t.url             = ROOT_CA_URL
+  t.artefact_file   = 'roots.pem'
+  t.installed_file  = 'share/roots.pem'
+  t.prefix          = BUNDLE_PREFIX
+  t.dependencies    = [installed_libcurl]
 end
 
+installed_cacert = root_ca_tasks.installed_path
+
 # ------------------------------------------------------------------------------
 # Bundle tasks
 # ------------------------------------------------------------------------------
diff --git a/bundle-env b/bundle-env
index f309d823..b66bfc80 100755
--- a/bundle-env
+++ b/bundle-env
@@ -13,12 +13,12 @@ BIN=$(cd "$(dirname "$0")"; pwd)
 PREFIX=$(dirname $BIN)
 export PATH=$BIN:/usr/bin:/bin:/usr/sbin:/sbin
 export PYTHONPATH=$PREFIX/lib/python2.7/site-packages
-export GIT_SSL_CAINFO=$PREFIX/share/cacert.pem
+export GIT_SSL_CAINFO=$PREFIX/share/roots.pem
 export GIT_TEMPLATE_DIR=$PREFIX/share/git-core/templates
 export GIT_EXEC_PATH=$PREFIX/libexec/git-core
 export LANG=en_GB.UTF-8
 export LC_CTYPE=UTF-8
-export SSL_CERT_FILE=$PREFIX/share/cacert.pem
+export SSL_CERT_FILE=$PREFIX/share/roots.pem
 
 # Ensure these env variables we need are set.
 if [ -z "$HOME" ]; then

From f34be7404f9b7c4355989161ab131792b3caec9d Mon Sep 17 00:00:00 2001
From: Nate West <nwestr@gmail.com>
Date: Fri, 15 Apr 2016 13:52:37 -0400
Subject: [PATCH 4/4] [Rakefile] Swap cp for execute

---
 Rakefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Rakefile b/Rakefile
index 7cec6510..67e7811e 100644
--- a/Rakefile
+++ b/Rakefile
@@ -846,7 +846,7 @@ class DownloadOnlyTasks < BundleDependencyTasks
   end
 
   def install_task
-    execute 'cp', File.join(DOWNLOAD_DIR, artefact_file), File.join(BUNDLE_PREFIX, installed_file)
+    cp File.join(DOWNLOAD_DIR, artefact_file), File.join(BUNDLE_PREFIX, installed_file)
     execute 'chmod', 'u+x', File.join(BUNDLE_PREFIX, installed_file) if is_executable
   end
 end