Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2020-02-25 16:00:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new.26092 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates"
Tue Feb 25 16:00:31 2020 rev:44 rq:777924 version:2+git20200129.d1a437d
Changes:
--------
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2018-10-01 09:02:47.516029090 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates.new.26092/ca-certificates.changes
2020-02-25 16:00:37.259969148 +0100
@@ -1,0 +2,8 @@
+Wed Jan 29 16:58:22 UTC 2020 - lnus...@suse.de
+
+- Update to version 2+git20200129.d1a437d:
+ * rewrite in bash
+ * java.run: don't set LANG=en_US
+- no longer require openssl, it's all done by p11-kit
+
+-------------------------------------------------------------------
Old:
----
ca-certificates-2+git20170807.10b2785.tar.xz
New:
----
ca-certificates-2+git20200129.d1a437d.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates.spec ++++++
--- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.803973767 +0100
+++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.803973767 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,14 +22,13 @@
# on top of gnutls that we have to live with the bundle for now
%bcond_without cabundle
-BuildRequires: openssl
BuildRequires: p11-kit-devel
Name: ca-certificates
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version: 2+git20170807.10b2785
+Version: 2+git20200129.d1a437d
Release: 0
Summary: Utilities for system wide CA certificate installation
License: GPL-2.0-or-later
@@ -38,11 +37,13 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: https://github.com/openSUSE/ca-certificates
#
+Requires: coreutils
+Requires: findutils
Requires: p11-kit
Requires: p11-kit-tools >= 0.23.1
Requires: openssl(cli)
# needed for post
-Requires(post): coreutils openssl p11-kit-tools
+Requires(post): coreutils findutils p11-kit-tools
Recommends: ca-certificates-mozilla
# we need to obsolete openssl-certs to make sure it's files are
# gone when a package providing actual certificates gets
@@ -165,6 +166,7 @@
%dir %{trustdir_static}
%dir %{trustdir_static}/anchors
%dir %{trustdir_static}/blacklist
+%dir %ssletcdir
%sslcerts
%ghost /var/lib/ca-certificates/java-cacerts
%dir /etc/ca-certificates
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.883974006 +0100
+++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.887974018 +0100
@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param
name="url">http://github.com/openSUSE/ca-certificates.git</param>
- <param
name="changesrevision">10b278586d2378e25d5cc9463be84c29725aa918</param></service></servicedata>
\ No newline at end of file
+ <param
name="changesrevision">f43b65956825ea1332e2145bcca2972541730f69</param></service></servicedata>
\ No newline at end of file
++++++ ca-certificates-2+git20170807.10b2785.tar.xz ->
ca-certificates-2+git20200129.d1a437d.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/etc_ssl.run
new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run
--- old/ca-certificates-2+git20170807.10b2785/etc_ssl.run 2017-08-07
15:57:31.000000000 +0200
+++ new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29
17:58:00.000000000 +0100
@@ -1,7 +1,8 @@
-#!/usr/bin/perl -w
-# vim:syntax=perl
+#!/bin/bash -e
+# vim:syntax=sh
#
# Copyright (c) 2010,2013 SUSE Linux Products GmbH
+# Copyright (c) 2020 SUSE LLC
# Author: Ludwig Nussel
#
# update /etc/ssl/certs for compatibility with legacy applications
@@ -22,114 +23,35 @@
# USA.
#
-use strict;
+etccertsdir="/etc/ssl/certs"
+pemdir="/var/lib/ca-certificates/pem"
-use File::Basename;
-use Getopt::Long;
-
-my $etccertsdir = "/etc/ssl/certs";
-my $pemdir = "/var/lib/ca-certificates/pem";
-my $foundignored;
-
-my (%added, %removed);
-
-my %options;
-
-sub startswith($$)
-{
- return $_[1] eq substr($_[0], 0, length($_[1]));
-}
-
-sub targetfilename($)
-{
- my $t = $etccertsdir.'/'.basename($_[0]);
- return $t;
-}
-
-sub addcert($)
-{
- my $f = $_[0];
- my $t = targetfilename($f);
- if (-l $t) {
- my $d = readlink($t);
- return if ($d && $d eq $f);
- print STDERR "wrong symlink $d removed *)\n";
- $foundignored = 1;
- unlink($t);
- } elsif (-e $t) {
- print STDERR "$t in the way *)\n";
- $foundignored = 1;
- return;
- }
- if (symlink($f, $t)) {
- $added{$t} = 1;
- } else {
- print STDERR "symlink of $t failed: $!\n";
- }
-}
-
-sub removecert($)
+help_and_exit()
{
- my $t = targetfilename($_[0]);
- if (-l $t) {
- $removed{$t} = 1;
- unlink $t;
- }
-}
-
-GetOptions(
- \%options,
- "verbose|v",
- "fresh|f",
- "help|h",
- ) or die "$!\n";
-
-system("trust", "extract", "--purpose=server-auth", "--filter=ca-anchors",
"--format=pem-directory-hash", "-f", $pemdir) == 0 or die;
-
-# we are done if /etc/ssl/certs is a link pointing to
/var/lib/ca-certificates/pem
-exit 0 if (-l $etccertsdir && readlink($etccertsdir) eq $pemdir);
-warn "Warning: $etccertsdir should be a link to $pemdir!\n";
-
-for my $f (<"$pemdir/*.pem">) {
- addcert($f);
-}
-
-# clean dangling symlinks
-for my $f (<"$etccertsdir/*.pem">) {
- unless (-l $f) {
- print STDERR "$f is in the wrong location *)\n";
- $foundignored = 1;
- next;
- }
- if (-e $f) {
- my $d = readlink($f);
- unless ($d && startswith($d, $pemdir)) {
- # don't warn about the symlinks we had in the distro
before
- if (startswith($d, "/usr/share/ca-certificates/")) {
- unlink $f;
- } else {
- print STDERR "$f is in the wrong location *)\n";
- $foundignored = 1;
- }
- }
- } else {
- $removed{$f} = 1;
- unlink $f
- }
-}
-
-chdir $etccertsdir || die "$!";
-if (%added || %removed || $options{fresh}) {
- print "Updating certificates in $etccertsdir...\n" if $options{verbose};
- my $redir = ($options{verbose}?'':'> /dev/null');
- system("c_rehash . $redir");
- printf("%d added, %d removed.\n",
- (%added?(scalar keys %added):0),
- (%removed?(scalar keys %removed):0));
-}
-
-if ($foundignored)
-{
- print STDERR "\n* = CA Certificates in /etc/ssl/certs are only seen by
some legacy applications.
-To install CA-Certificates globally move them to /etc/pki/trust/anchors
instead!\n";
-}
+ cat <<-EOF
+ USAGE: $0 [OPTIONS]
+ OPTIIONS:
+ --verbose, -v verbose output
+ --fresh, -f start from scratch
+ --help, -h this screen
+EOF
+ exit 0
+}
+
+case "$1" in
+ -v|--verbose) verbose='-v'; shift ;;
+ -f|--fresh) fresh='-f'; shift ;;
+ -h|--help) help_and_exit ;;
+ -*) echo "invalid option: $1" >&2; exit 1 ;;
+esac
+
+trust extract --purpose=server-auth --filter=ca-anchors
--format=pem-directory-hash -f "$pemdir"
+
+# fix up /etc/ssl/certs if it's not a link pointing to
/var/lib/ca-certificates/pem
+if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "$pemdir" ]; then
+ echo "Warning: $etccertsdir needs to be a link to $pemdir, fixing" >&2
+ if [ -d "$etccertsdir" ]; then
+ mv -Tv --backup=numbered "$etccertsdir" "$etccertsdir.old"
+ fi
+ ln -Tsv --backup=numbered "$pemdir" "$etccertsdir"
+fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/java.run
new/ca-certificates-2+git20200129.d1a437d/java.run
--- old/ca-certificates-2+git20170807.10b2785/java.run 2017-08-07
15:57:31.000000000 +0200
+++ new/ca-certificates-2+git20200129.d1a437d/java.run 2020-01-29
17:58:00.000000000 +0100
@@ -1,8 +1,5 @@
#!/bin/bash
-unset ${!LC_*} ${!RC_LC_*} LANGUAGE RC_LANG
-export LANG=en_US
-
set -e
cafile="/var/lib/ca-certificates/java-cacerts"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ca-certificates-2+git20170807.10b2785/update-ca-certificates
new/ca-certificates-2+git20200129.d1a437d/update-ca-certificates
--- old/ca-certificates-2+git20170807.10b2785/update-ca-certificates
2017-08-07 15:57:31.000000000 +0200
+++ new/ca-certificates-2+git20200129.d1a437d/update-ca-certificates
2020-01-29 17:58:00.000000000 +0100
@@ -1,8 +1,9 @@
-#!/usr/bin/perl -w
+#!/bin/bash
#
# update-ca-certificates
#
# Copyright (c) 2010,2013 SUSE Linux Products GmbH
+# Copyright (c) 2020 SUSE LLC
# Author: Ludwig Nussel
#
# Inspired by Debian's update-ca-certificates
@@ -23,46 +24,46 @@
# USA.
#
-use strict;
+hooksdir1='/etc/ca-certificates/update.d'
+hooksdir2='/usr/lib/ca-certificates/update.d'
+verbose=
+fresh=
-use File::Basename;
-use Getopt::Long;
-
-my $hooksdir1 = '/etc/ca-certificates/update.d';
-my $hooksdir2 = '/usr/lib/ca-certificates/update.d';
-
-my %options;
-
-Getopt::Long::Configure("no_ignore_case");
-GetOptions(
- \%options,
- "verbose|v",
- "fresh|f",
- "help|h",
- ) or die "$!\n";
-
-if ($options{help})
+help_and_exit()
{
- print "USAGE: $0 [OPTIONS]\n";
- print "OPTIIONS:\n";
- print " --verbose, -v verbose output\n";
- print " --fresh, -f start from scratch\n";
- print " --help, -h this screen\n";
- exit 0;
+ cat <<-EOF
+ USAGE: $0 [OPTIONS]
+ OPTIIONS:
+ --verbose, -v verbose output
+ --fresh, -f start from scratch
+ --help, -h this screen
+EOF
+ exit 0
}
+case "$1" in
+ -v|--verbose) verbose='-v'; shift ;;
+ -f|--fresh) fresh='-f'; shift ;;
+ -h|--help) help_and_exit ;;
+ -*) echo "invalid option: $1" >&2; exit 1 ;;
+esac
+
# set sane umask
umask 0222;
-if (($ENV{TRANSACTIONAL_UPDATE}//'') =~ /^(?:true|yes|1)/i) {
- warn "transactional update in progress, not running any scripts" if
$options{verbose};
- exit 0;
-}
-
-my @args;
-push @args, '-f' if $options{fresh};
-push @args, '-v' if $options{verbose};
-for my $f (sort(glob("$hooksdir2/*.run"), glob("$hooksdir1/*.run"))) {
- print "running $f ...\n" if $options{verbose};
- system($f, @args);
-}
+case "${TRANSACTIONAL_UPDATE,,*}" in
+ true|yes|1)
+ [ -z "$verbose" ] || echo "transactional update in progress, not
running any scripts" >&2
+ exit 0
+ ;;
+esac
+
+while read s f; do
+ if [ -L "$f" -a "`readlink "$f"`" = "/dev/null" ]; then
+ [ -z "$verbose" ] || echo "skipping $f"
+ continue
+ else
+ [ -z "$verbose" ] || echo "running $f .."
+ fi
+ "$f" $fresh $verbose
+done < <(find "$hooksdir1" "$hooksdir2" -maxdepth 1 \( -type f -o -type l \)
-name '*.run' -printf '%f\t%p\n'|sort -k 1,1 -u)
