Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2020-02-25 16:00:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates" Tue Feb 25 16:00:31 2020 rev:44 rq:777924 version:2+git20200129.d1a437d Changes: -------- --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2018-10-01 09:02:47.516029090 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new.26092/ca-certificates.changes 2020-02-25 16:00:37.259969148 +0100 @@ -1,0 +2,8 @@ +Wed Jan 29 16:58:22 UTC 2020 - lnus...@suse.de + +- Update to version 2+git20200129.d1a437d: + * rewrite in bash + * java.run: don't set LANG=en_US +- no longer require openssl, it's all done by p11-kit + +------------------------------------------------------------------- Old: ---- ca-certificates-2+git20170807.10b2785.tar.xz New: ---- ca-certificates-2+git20200129.d1a437d.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ca-certificates.spec ++++++ --- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.803973767 +0100 +++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.803973767 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,14 +22,13 @@ # on top of gnutls that we have to live with the bundle for now %bcond_without cabundle -BuildRequires: openssl BuildRequires: p11-kit-devel Name: ca-certificates %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version: 2+git20170807.10b2785 +Version: 2+git20200129.d1a437d Release: 0 Summary: Utilities for system wide CA certificate installation License: GPL-2.0-or-later @@ -38,11 +37,13 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: https://github.com/openSUSE/ca-certificates # +Requires: coreutils +Requires: findutils Requires: p11-kit Requires: p11-kit-tools >= 0.23.1 Requires: openssl(cli) # needed for post -Requires(post): coreutils openssl p11-kit-tools +Requires(post): coreutils findutils p11-kit-tools Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets @@ -165,6 +166,7 @@ %dir %{trustdir_static} %dir %{trustdir_static}/anchors %dir %{trustdir_static}/blacklist +%dir %ssletcdir %sslcerts %ghost /var/lib/ca-certificates/java-cacerts %dir /etc/ca-certificates ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.883974006 +0100 +++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.887974018 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">http://github.com/openSUSE/ca-certificates.git</param> - <param name="changesrevision">10b278586d2378e25d5cc9463be84c29725aa918</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">f43b65956825ea1332e2145bcca2972541730f69</param></service></servicedata> \ No newline at end of file ++++++ ca-certificates-2+git20170807.10b2785.tar.xz -> ca-certificates-2+git20200129.d1a437d.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/etc_ssl.run new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run --- old/ca-certificates-2+git20170807.10b2785/etc_ssl.run 2017-08-07 15:57:31.000000000 +0200 +++ new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29 17:58:00.000000000 +0100 @@ -1,7 +1,8 @@ -#!/usr/bin/perl -w -# vim:syntax=perl +#!/bin/bash -e +# vim:syntax=sh # # Copyright (c) 2010,2013 SUSE Linux Products GmbH +# Copyright (c) 2020 SUSE LLC # Author: Ludwig Nussel # # update /etc/ssl/certs for compatibility with legacy applications @@ -22,114 +23,35 @@ # USA. # -use strict; +etccertsdir="/etc/ssl/certs" +pemdir="/var/lib/ca-certificates/pem" -use File::Basename; -use Getopt::Long; - -my $etccertsdir = "/etc/ssl/certs"; -my $pemdir = "/var/lib/ca-certificates/pem"; -my $foundignored; - -my (%added, %removed); - -my %options; - -sub startswith($$) -{ - return $_[1] eq substr($_[0], 0, length($_[1])); -} - -sub targetfilename($) -{ - my $t = $etccertsdir.'/'.basename($_[0]); - return $t; -} - -sub addcert($) -{ - my $f = $_[0]; - my $t = targetfilename($f); - if (-l $t) { - my $d = readlink($t); - return if ($d && $d eq $f); - print STDERR "wrong symlink $d removed *)\n"; - $foundignored = 1; - unlink($t); - } elsif (-e $t) { - print STDERR "$t in the way *)\n"; - $foundignored = 1; - return; - } - if (symlink($f, $t)) { - $added{$t} = 1; - } else { - print STDERR "symlink of $t failed: $!\n"; - } -} - -sub removecert($) +help_and_exit() { - my $t = targetfilename($_[0]); - if (-l $t) { - $removed{$t} = 1; - unlink $t; - } -} - -GetOptions( - \%options, - "verbose|v", - "fresh|f", - "help|h", - ) or die "$!\n"; - -system("trust", "extract", "--purpose=server-auth", "--filter=ca-anchors", "--format=pem-directory-hash", "-f", $pemdir) == 0 or die; - -# we are done if /etc/ssl/certs is a link pointing to /var/lib/ca-certificates/pem -exit 0 if (-l $etccertsdir && readlink($etccertsdir) eq $pemdir); -warn "Warning: $etccertsdir should be a link to $pemdir!\n"; - -for my $f (<"$pemdir/*.pem">) { - addcert($f); -} - -# clean dangling symlinks -for my $f (<"$etccertsdir/*.pem">) { - unless (-l $f) { - print STDERR "$f is in the wrong location *)\n"; - $foundignored = 1; - next; - } - if (-e $f) { - my $d = readlink($f); - unless ($d && startswith($d, $pemdir)) { - # don't warn about the symlinks we had in the distro before - if (startswith($d, "/usr/share/ca-certificates/")) { - unlink $f; - } else { - print STDERR "$f is in the wrong location *)\n"; - $foundignored = 1; - } - } - } else { - $removed{$f} = 1; - unlink $f - } -} - -chdir $etccertsdir || die "$!"; -if (%added || %removed || $options{fresh}) { - print "Updating certificates in $etccertsdir...\n" if $options{verbose}; - my $redir = ($options{verbose}?'':'> /dev/null'); - system("c_rehash . $redir"); - printf("%d added, %d removed.\n", - (%added?(scalar keys %added):0), - (%removed?(scalar keys %removed):0)); -} - -if ($foundignored) -{ - print STDERR "\n* = CA Certificates in /etc/ssl/certs are only seen by some legacy applications. -To install CA-Certificates globally move them to /etc/pki/trust/anchors instead!\n"; -} + cat <<-EOF + USAGE: $0 [OPTIONS] + OPTIIONS: + --verbose, -v verbose output + --fresh, -f start from scratch + --help, -h this screen +EOF + exit 0 +} + +case "$1" in + -v|--verbose) verbose='-v'; shift ;; + -f|--fresh) fresh='-f'; shift ;; + -h|--help) help_and_exit ;; + -*) echo "invalid option: $1" >&2; exit 1 ;; +esac + +trust extract --purpose=server-auth --filter=ca-anchors --format=pem-directory-hash -f "$pemdir" + +# fix up /etc/ssl/certs if it's not a link pointing to /var/lib/ca-certificates/pem +if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "$pemdir" ]; then + echo "Warning: $etccertsdir needs to be a link to $pemdir, fixing" >&2 + if [ -d "$etccertsdir" ]; then + mv -Tv --backup=numbered "$etccertsdir" "$etccertsdir.old" + fi + ln -Tsv --backup=numbered "$pemdir" "$etccertsdir" +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/java.run new/ca-certificates-2+git20200129.d1a437d/java.run --- old/ca-certificates-2+git20170807.10b2785/java.run 2017-08-07 15:57:31.000000000 +0200 +++ new/ca-certificates-2+git20200129.d1a437d/java.run 2020-01-29 17:58:00.000000000 +0100 @@ -1,8 +1,5 @@ #!/bin/bash -unset ${!LC_*} ${!RC_LC_*} LANGUAGE RC_LANG -export LANG=en_US - set -e cafile="/var/lib/ca-certificates/java-cacerts" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/update-ca-certificates new/ca-certificates-2+git20200129.d1a437d/update-ca-certificates --- old/ca-certificates-2+git20170807.10b2785/update-ca-certificates 2017-08-07 15:57:31.000000000 +0200 +++ new/ca-certificates-2+git20200129.d1a437d/update-ca-certificates 2020-01-29 17:58:00.000000000 +0100 @@ -1,8 +1,9 @@ -#!/usr/bin/perl -w +#!/bin/bash # # update-ca-certificates # # Copyright (c) 2010,2013 SUSE Linux Products GmbH +# Copyright (c) 2020 SUSE LLC # Author: Ludwig Nussel # # Inspired by Debian's update-ca-certificates @@ -23,46 +24,46 @@ # USA. # -use strict; +hooksdir1='/etc/ca-certificates/update.d' +hooksdir2='/usr/lib/ca-certificates/update.d' +verbose= +fresh= -use File::Basename; -use Getopt::Long; - -my $hooksdir1 = '/etc/ca-certificates/update.d'; -my $hooksdir2 = '/usr/lib/ca-certificates/update.d'; - -my %options; - -Getopt::Long::Configure("no_ignore_case"); -GetOptions( - \%options, - "verbose|v", - "fresh|f", - "help|h", - ) or die "$!\n"; - -if ($options{help}) +help_and_exit() { - print "USAGE: $0 [OPTIONS]\n"; - print "OPTIIONS:\n"; - print " --verbose, -v verbose output\n"; - print " --fresh, -f start from scratch\n"; - print " --help, -h this screen\n"; - exit 0; + cat <<-EOF + USAGE: $0 [OPTIONS] + OPTIIONS: + --verbose, -v verbose output + --fresh, -f start from scratch + --help, -h this screen +EOF + exit 0 } +case "$1" in + -v|--verbose) verbose='-v'; shift ;; + -f|--fresh) fresh='-f'; shift ;; + -h|--help) help_and_exit ;; + -*) echo "invalid option: $1" >&2; exit 1 ;; +esac + # set sane umask umask 0222; -if (($ENV{TRANSACTIONAL_UPDATE}//'') =~ /^(?:true|yes|1)/i) { - warn "transactional update in progress, not running any scripts" if $options{verbose}; - exit 0; -} - -my @args; -push @args, '-f' if $options{fresh}; -push @args, '-v' if $options{verbose}; -for my $f (sort(glob("$hooksdir2/*.run"), glob("$hooksdir1/*.run"))) { - print "running $f ...\n" if $options{verbose}; - system($f, @args); -} +case "${TRANSACTIONAL_UPDATE,,*}" in + true|yes|1) + [ -z "$verbose" ] || echo "transactional update in progress, not running any scripts" >&2 + exit 0 + ;; +esac + +while read s f; do + if [ -L "$f" -a "`readlink "$f"`" = "/dev/null" ]; then + [ -z "$verbose" ] || echo "skipping $f" + continue + else + [ -z "$verbose" ] || echo "running $f .." + fi + "$f" $fresh $verbose +done < <(find "$hooksdir1" "$hooksdir2" -maxdepth 1 \( -type f -o -type l \) -name '*.run' -printf '%f\t%p\n'|sort -k 1,1 -u)