Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-08-05 21:11:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates"
Changes:
--------
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-07-31 10:04:22.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-08-05 21:11:14.000000000 +0200
@@ -1,0 +2,13 @@
+Tue Aug 5 11:09:24 UTC 2014 - lnus...@suse.de
+
+- use rpm -qf to determine if a ssl cert is owned by some other
+ package and therefore doesn't need to be migrated (related to
+ bnc#890205).
+
+-------------------------------------------------------------------
+Mon Aug 4 15:35:27 UTC 2014 - lnus...@suse.de
+
+- add p11 kit header to set label of migrated certificates to the
+ file name of the previous one (bnc#890205)
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ca-certificates.spec ++++++
--- /var/tmp/diff_new_pack.qGb5X2/_old 2014-08-05 21:11:16.000000000 +0200
+++ /var/tmp/diff_new_pack.qGb5X2/_new 2014-08-05 21:11:16.000000000 +0200
@@ -91,16 +91,33 @@
%pre
# migrate /etc/ssl/certs to a symlink
if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
- mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s
/var/lib/ca-certificates/pem %{sslcerts}
# copy custom pem files to new location (bnc#875647)
mkdir -p /etc/pki/trust/anchors
- for cert in %{sslcerts}.rpmsave/*.pem; do
+ for cert in %{sslcerts}/*.pem; do
test -f "$cert" -a ! -L "$cert" || continue
read firstline < "$cert"
# skip package provided certificates (bnc#875647)
- test "$firstline" != "# generated by openssl-certs, do not
edit" || continue
- cp -v -n "$cert" /etc/pki/trust/anchors/
+ if test "${firstline#\# generated by }" != "${firstline}" ||
rpm -qf "$cert" > /dev/null; then
+ continue
+ fi
+ # create a p11-kit header that set the label of
+ # the certificate to the file name. That ensures
+ # that the certificate gets the same name in
+ # /etc/ssl/certs as before
+ bn="${cert##*/}"
+ (
+ cat <<-EOF
+ # created by update-ca-certificates from
+ # $cert
+ [p11-kit-object-v1]
+ class: certificate
+ label: "${bn%.pem}"
+ trusted: true
+ EOF
+ cat $cert
+ ) > "/etc/pki/trust/$bn"
done
+ mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s
/var/lib/ca-certificates/pem %{sslcerts}
fi
%post
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
