Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2020-04-23 18:29:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new.2738 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates"
Thu Apr 23 18:29:20 2020 rev:45 rq:796051 version:2+git20200129.d1a437d
Changes:
--------
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2020-02-25 16:00:37.259969148 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates.new.2738/ca-certificates.changes
2020-04-23 18:29:29.259978692 +0200
@@ -1,0 +2,7 @@
+Wed Apr 15 09:35:06 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Remove old migration code, we don't support migration from such
+ old products anymore.
+- Use file requires to support busybox container if possible
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates.spec ++++++
--- /var/tmp/diff_new_pack.hRYIwI/_old 2020-04-23 18:29:29.811979748 +0200
+++ /var/tmp/diff_new_pack.hRYIwI/_new 2020-04-23 18:29:29.815979756 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -35,20 +35,16 @@
Group: Productivity/Networking/Security
Source0: ca-certificates-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Url: https://github.com/openSUSE/ca-certificates
+URL: https://github.com/openSUSE/ca-certificates
#
-Requires: coreutils
+Requires: /usr/bin/readlink
Requires: findutils
Requires: p11-kit
Requires: p11-kit-tools >= 0.23.1
Requires: openssl(cli)
# needed for post
-Requires(post): coreutils findutils p11-kit-tools
+Requires(post): p11-kit-tools findutils /usr/bin/readlink
Recommends: ca-certificates-mozilla
-# we need to obsolete openssl-certs to make sure it's files are
-# gone when a package providing actual certificates gets
-# installed (bnc#594434).
-Obsoletes: openssl-certs
# no need for a separate Java package anymore. The bundle is
# created by C code.
Obsoletes: java-ca-certificates = 1
@@ -94,51 +90,10 @@
mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run
%pre
-# migrate /etc/ssl/certs to a symlink
-if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
- # copy custom pem files to new location (bnc#875647)
- mkdir -p /etc/pki/trust/anchors
- for cert in %{sslcerts}/*.pem; do
- test -f "$cert" -a ! -L "$cert" || continue
- read firstline < "$cert"
- # skip package provided certificates (bnc#875647)
- if test "${firstline#\# generated by }" != "${firstline}" ||
rpm -qf "$cert" > /dev/null; then
- continue
- fi
- # create a p11-kit header that set the label of
- # the certificate to the file name. That ensures
- # that the certificate gets the same name in
- # /etc/ssl/certs as before
- bn="${cert##*/}"
- (
- cat <<-EOF
- # created by update-ca-certificates from
- # $cert
- [p11-kit-object-v1]
- class: certificate
- label: "${bn%.pem}"
- trusted: true
- EOF
- cat $cert
- ) > "/etc/pki/trust/$bn"
- done
- mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s
/var/lib/ca-certificates/pem %{sslcerts}
-fi
%service_add_pre ca-certificates.path ca-certificates.service
%post
-if [ -s /etc/ca-certificates.conf ]; then
- while read line; do
- [ ${line#\!} != "$line" ] || continue
- cert="${line#\!*/}"
- ln -s /usr/share/ca-certificates/anchors/"$cert"
%{trustdir_cfg}/blacklist
- done < /etc/ca-certificates.conf
- echo "/etc/ca-certificates.conf converted and saved as
/etc/ca-certificates.conf.rpmsave"
- mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave
-fi
# force rebuilding all certificate stores.
-# This also makes sure we update the hash links in /etc/ssl/certs
-# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
%service_add_post ca-certificates.path ca-certificates.service
