Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-08-05 21:11:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ca-certificates" Changes: -------- --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-07-31 10:04:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-08-05 21:11:14.000000000 +0200 @@ -1,0 +2,13 @@ +Tue Aug 5 11:09:24 UTC 2014 - lnus...@suse.de + +- use rpm -qf to determine if a ssl cert is owned by some other + package and therefore doesn't need to be migrated (related to + bnc#890205). + +------------------------------------------------------------------- +Mon Aug 4 15:35:27 UTC 2014 - lnus...@suse.de + +- add p11 kit header to set label of migrated certificates to the + file name of the previous one (bnc#890205) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ca-certificates.spec ++++++ --- /var/tmp/diff_new_pack.qGb5X2/_old 2014-08-05 21:11:16.000000000 +0200 +++ /var/tmp/diff_new_pack.qGb5X2/_new 2014-08-05 21:11:16.000000000 +0200 @@ -91,16 +91,33 @@ %pre # migrate /etc/ssl/certs to a symlink if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then - mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} # copy custom pem files to new location (bnc#875647) mkdir -p /etc/pki/trust/anchors - for cert in %{sslcerts}.rpmsave/*.pem; do + for cert in %{sslcerts}/*.pem; do test -f "$cert" -a ! -L "$cert" || continue read firstline < "$cert" # skip package provided certificates (bnc#875647) - test "$firstline" != "# generated by openssl-certs, do not edit" || continue - cp -v -n "$cert" /etc/pki/trust/anchors/ + if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then + continue + fi + # create a p11-kit header that set the label of + # the certificate to the file name. That ensures + # that the certificate gets the same name in + # /etc/ssl/certs as before + bn="${cert##*/}" + ( + cat <<-EOF + # created by update-ca-certificates from + # $cert + [p11-kit-object-v1] + class: certificate + label: "${bn%.pem}" + trusted: true + EOF + cat $cert + ) > "/etc/pki/trust/$bn" done + mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} fi %post -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org