commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2020-10-08 13:07:33
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new.4249 (New)
Package is "ca-certificates"
Thu Oct 8 13:07:33 2020 rev:46 rq:839158 version:2+git20201002.34daf7f
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2020-04-23 18:29:29.259978692 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates.new.4249/ca-certificates.changes
2020-10-08 13:08:47.774988394 +0200
@@ -1,0 +2,6 @@
+Fri Oct 02 12:53:48 UTC 2020 - lnus...@suse.de
+
+- Update to version 2+git20201002.34daf7f:
+ * Use relative symlink for /etc/ssl/certs (boo#1175340)
+
+---
Old:
ca-certificates-2+git20200129.d1a437d.tar.xz
New:
ca-certificates-2+git20201002.34daf7f.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.m9VDgK/_old 2020-10-08 13:08:48.478989032 +0200
+++ /var/tmp/diff_new_pack.m9VDgK/_new 2020-10-08 13:08:48.482989035 +0200
@@ -28,7 +28,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:2+git20200129.d1a437d
+Version:2+git20201002.34daf7f
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0-or-later
@@ -75,7 +75,7 @@
install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem
install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl
install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system
-ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
+ln -s ../../var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
++ _servicedata ++
--- /var/tmp/diff_new_pack.m9VDgK/_old 2020-10-08 13:08:48.566989112 +0200
+++ /var/tmp/diff_new_pack.m9VDgK/_new 2020-10-08 13:08:48.566989112 +0200
@@ -1,4 +1,4 @@
http://github.com/openSUSE/ca-certificates.git
- f43b65956825ea1332e2145bcca2972541730f69
\ No newline at end of file
+ 34daf7f649d3f21dff3ecaabcc8315534eacd7d2
\ No newline at end of file
++ ca-certificates-2+git20200129.d1a437d.tar.xz ->
ca-certificates-2+git20201002.34daf7f.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-2+git20200129.d1a437d/etc_ssl.run
new/ca-certificates-2+git20201002.34daf7f/etc_ssl.run
--- old/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29
17:58:00.0 +0100
+++ new/ca-certificates-2+git20201002.34daf7f/etc_ssl.run 2020-10-02
14:52:37.0 +0200
@@ -48,10 +48,10 @@
trust extract --purpose=server-auth --filter=ca-anchors
--format=pem-directory-hash -f "$pemdir"
# fix up /etc/ssl/certs if it's not a link pointing to
/var/lib/ca-certificates/pem
-if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "$pemdir" ]; then
-echo "Warning: $etccertsdir needs to be a link to $pemdir, fixing" >&2
+if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "../..$pemdir" ]; then
+echo "Warning: $etccertsdir needs to be a link to ../..$pemdir, fixing" >&2
if [ -d "$etccertsdir" ]; then
mv -Tv --backup=numbered "$etccertsdir" "$etccertsdir.old"
fi
-ln -Tsv --backup=numbered "$pemdir" "$etccertsdir"
+ln -Tsv --backup=numbered "../..$pemdir" "$etccertsdir"
fi
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2020-04-23 18:29:20
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new.2738 (New)
Package is "ca-certificates"
Thu Apr 23 18:29:20 2020 rev:45 rq:796051 version:2+git20200129.d1a437d
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2020-02-25 16:00:37.259969148 +0100
+++
/work/SRC/openSUSE:Factory/.ca-certificates.new.2738/ca-certificates.changes
2020-04-23 18:29:29.259978692 +0200
@@ -1,0 +2,7 @@
+Wed Apr 15 09:35:06 UTC 2020 - Thorsten Kukuk
+
+- Remove old migration code, we don't support migration from such
+ old products anymore.
+- Use file requires to support busybox container if possible
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.hRYIwI/_old 2020-04-23 18:29:29.811979748 +0200
+++ /var/tmp/diff_new_pack.hRYIwI/_new 2020-04-23 18:29:29.815979756 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -35,20 +35,16 @@
Group: Productivity/Networking/Security
Source0:ca-certificates-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Url:https://github.com/openSUSE/ca-certificates
+URL:https://github.com/openSUSE/ca-certificates
#
-Requires: coreutils
+Requires: /usr/bin/readlink
Requires: findutils
Requires: p11-kit
Requires: p11-kit-tools >= 0.23.1
Requires: openssl(cli)
# needed for post
-Requires(post): coreutils findutils p11-kit-tools
+Requires(post): p11-kit-tools findutils /usr/bin/readlink
Recommends: ca-certificates-mozilla
-# we need to obsolete openssl-certs to make sure it's files are
-# gone when a package providing actual certificates gets
-# installed (bnc#594434).
-Obsoletes: openssl-certs
# no need for a separate Java package anymore. The bundle is
# created by C code.
Obsoletes: java-ca-certificates = 1
@@ -94,51 +90,10 @@
mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run
%pre
-# migrate /etc/ssl/certs to a symlink
-if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
- # copy custom pem files to new location (bnc#875647)
- mkdir -p /etc/pki/trust/anchors
- for cert in %{sslcerts}/*.pem; do
- test -f "$cert" -a ! -L "$cert" || continue
- read firstline < "$cert"
- # skip package provided certificates (bnc#875647)
- if test "${firstline#\# generated by }" != "${firstline}" ||
rpm -qf "$cert" > /dev/null; then
- continue
- fi
- # create a p11-kit header that set the label of
- # the certificate to the file name. That ensures
- # that the certificate gets the same name in
- # /etc/ssl/certs as before
- bn="${cert##*/}"
- (
- cat <<-EOF
- # created by update-ca-certificates from
- # $cert
- [p11-kit-object-v1]
- class: certificate
- label: "${bn%.pem}"
- trusted: true
- EOF
- cat $cert
- ) > "/etc/pki/trust/$bn"
- done
- mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s
/var/lib/ca-certificates/pem %{sslcerts}
-fi
%service_add_pre ca-certificates.path ca-certificates.service
%post
-if [ -s /etc/ca-certificates.conf ]; then
- while read line; do
- [ ${line#\!} != "$line" ] || continue
- cert="${line#\!*/}"
- ln -s /usr/share/ca-certificates/anchors/"$cert"
%{trustdir_cfg}/blacklist
- done < /etc/ca-certificates.conf
- echo "/etc/ca-certificates.conf converted and saved as
/etc/ca-certificates.conf.rpmsave"
- mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave
-fi
# force rebuilding all certificate stores.
-# This also makes sure we update the hash links in /etc/ssl/certs
-# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
%service_add_post ca-certificates.path ca-certificates.service
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2020-02-25 16:00:31
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new.26092 (New)
Package is "ca-certificates"
Tue Feb 25 16:00:31 2020 rev:44 rq:777924 version:2+git20200129.d1a437d
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2018-10-01 09:02:47.516029090 +0200
+++
/work/SRC/openSUSE:Factory/.ca-certificates.new.26092/ca-certificates.changes
2020-02-25 16:00:37.259969148 +0100
@@ -1,0 +2,8 @@
+Wed Jan 29 16:58:22 UTC 2020 - lnus...@suse.de
+
+- Update to version 2+git20200129.d1a437d:
+ * rewrite in bash
+ * java.run: don't set LANG=en_US
+- no longer require openssl, it's all done by p11-kit
+
+---
Old:
ca-certificates-2+git20170807.10b2785.tar.xz
New:
ca-certificates-2+git20200129.d1a437d.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.803973767 +0100
+++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.803973767 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,14 +22,13 @@
# on top of gnutls that we have to live with the bundle for now
%bcond_without cabundle
-BuildRequires: openssl
BuildRequires: p11-kit-devel
Name: ca-certificates
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:2+git20170807.10b2785
+Version:2+git20200129.d1a437d
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0-or-later
@@ -38,11 +37,13 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:https://github.com/openSUSE/ca-certificates
#
+Requires: coreutils
+Requires: findutils
Requires: p11-kit
Requires: p11-kit-tools >= 0.23.1
Requires: openssl(cli)
# needed for post
-Requires(post): coreutils openssl p11-kit-tools
+Requires(post): coreutils findutils p11-kit-tools
Recommends: ca-certificates-mozilla
# we need to obsolete openssl-certs to make sure it's files are
# gone when a package providing actual certificates gets
@@ -165,6 +166,7 @@
%dir %{trustdir_static}
%dir %{trustdir_static}/anchors
%dir %{trustdir_static}/blacklist
+%dir %ssletcdir
%sslcerts
%ghost /var/lib/ca-certificates/java-cacerts
%dir /etc/ca-certificates
++ _servicedata ++
--- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.883974006 +0100
+++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.887974018 +0100
@@ -1,4 +1,4 @@
http://github.com/openSUSE/ca-certificates.git
- 10b278586d2378e25d5cc9463be84c29725aa918
\ No newline at end of file
+ f43b65956825ea1332e2145bcca2972541730f69
\ No newline at end of file
++ ca-certificates-2+git20170807.10b2785.tar.xz ->
ca-certificates-2+git20200129.d1a437d.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/etc_ssl.run
new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run
--- old/ca-certificates-2+git20170807.10b2785/etc_ssl.run 2017-08-07
15:57:31.0 +0200
+++ new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29
17:58:00.0 +0100
@@ -1,7 +1,8 @@
-#!/usr/bin/perl -w
-# vim:syntax=perl
+#!/bin/bash -e
+# vim:syntax=sh
#
# Copyright (c) 2010,2013 SUSE Linux Products GmbH
+# Copyright (c) 2020 SUSE LLC
# Author: Ludwig Nussel
#
# update /etc/ssl/certs for compatibility with legacy applications
@@ -22,114 +23,35 @@
# USA.
#
-use strict;
+etccertsdir="/etc/ssl/certs"
+pemdir="/var/lib/ca-certificates/pem"
-use File::Basename;
-use Getopt::Long;
-
-my $etccertsdir = "/etc/ssl/certs";
-my $pemdir = "/var/lib/ca-certificates/pem";
-my $foundignored;
-
-my (%added, %removed);
-
-my %options;
-
-sub startswith($$)
-{
- return $_[1] eq substr($_[0], 0, length($_[1]));
-}
-
-sub targetfilename($)
-{
- my $t = $etccertsdir.'/'.basename($_[0]);
- return $t;
-}
-
-sub addcert($)
-{
- my $f = $_[0];
- my $t = targetfilename($f);
- if (-l $t) {
- my $d = readlink($t);
- return if ($d && $d eq
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2018-10-01 09:02:45
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Mon Oct 1 09:02:45 2018 rev:43 rq:637028 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2018-03-24 16:11:53.767033003 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2018-10-01 09:02:47.516029090 +0200
@@ -1,0 +2,6 @@
+Thu Sep 20 18:23:03 UTC 2018 - Jason Sikes
+
+- Changed "openssl" requirement to "openssl(cli)"
+ * (bsc#1101470)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.sOed4H/_old 2018-10-01 09:02:48.064028614 +0200
+++ /var/tmp/diff_new_pack.sOed4H/_new 2018-10-01 09:02:48.068028610 +0200
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -38,9 +38,9 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url:https://github.com/openSUSE/ca-certificates
#
-Requires: openssl
Requires: p11-kit
Requires: p11-kit-tools >= 0.23.1
+Requires: openssl(cli)
# needed for post
Requires(post): coreutils openssl p11-kit-tools
Recommends: ca-certificates-mozilla
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2018-03-24 16:11:52
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Sat Mar 24 16:11:52 2018 rev:42 rq:589226 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2017-12-23 12:17:13.754186727 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2018-03-24 16:11:53.767033003 +0100
@@ -1,0 +2,5 @@
+Tue Mar 20 13:39:33 CET 2018 - ku...@suse.de
+
+- Use %license instead of %doc [bsc#1082318]
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.rRghkK/_old 2018-03-24 16:11:54.547004886 +0100
+++ /var/tmp/diff_new_pack.rRghkK/_new 2018-03-24 16:11:54.551004743 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,7 +32,7 @@
Version:2+git20170807.10b2785
Release:0
Summary:Utilities for system wide CA certificate installation
-License:GPL-2.0+
+License:GPL-2.0-or-later
Group: Productivity/Networking/Security
Source0:ca-certificates-%{version}.tar.xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -155,7 +155,8 @@
%files
%defattr(-, root, root)
-%doc COPYING README
+%license COPYING
+%doc README
%dir %{pkidir_cfg}
%dir %{trustdir_cfg}
%dir %{trustdir_cfg}/anchors
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2017-12-23 12:17:12
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Sat Dec 23 12:17:12 2017 rev:41 rq:557981 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2017-12-09 20:25:27.979326713 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2017-12-23 12:17:13.754186727 +0100
@@ -1,0 +2,6 @@
+Thu Dec 14 17:22:55 CET 2017 - ku...@suse.de
+
+- Revert last change since we fixed systemd-preset-branding and
+ this requires is no longer needed.
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.FUZK0r/_old 2017-12-23 12:17:14.454152597 +0100
+++ /var/tmp/diff_new_pack.FUZK0r/_new 2017-12-23 12:17:14.458152402 +0100
@@ -53,7 +53,6 @@
Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release
BuildArch: noarch
-%{?systemd_requires}
%description
Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2017-12-09 20:25:24
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Sat Dec 9 20:25:24 2017 rev:40 rq:555175 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2017-11-30 12:41:25.238580384 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2017-12-09 20:25:27.979326713 +0100
@@ -1,0 +2,6 @@
+Fri Dec 8 07:20:49 UTC 2017 - ku...@suse.com
+
+- Re-add systemd requires, else package will be installed to early
+ and services never enabled [bsc#1071776].
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.2jdxIa/_old 2017-12-09 20:25:28.571298518 +0100
+++ /var/tmp/diff_new_pack.2jdxIa/_new 2017-12-09 20:25:28.575298327 +0100
@@ -53,6 +53,7 @@
Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release
BuildArch: noarch
+%{?systemd_requires}
%description
Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2017-11-30 12:41:22
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Thu Nov 30 12:41:22 2017 rev:39 rq:545252 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2017-08-12 20:01:24.132922080 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2017-11-30 12:41:25.238580384 +0100
@@ -1,0 +2,8 @@
+Thu Nov 23 16:03:55 CET 2017 - ku...@suse.de
+
+- Don't require systemd, since we could be used in environments
+ like container images, where we don't have systemd. If systemd
+ is installed the systemd units will be used, else they are not
+ needed.
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.ZlvEpi/_old 2017-11-30 12:41:26.462535883 +0100
+++ /var/tmp/diff_new_pack.ZlvEpi/_new 2017-11-30 12:41:26.470535592 +0100
@@ -53,7 +53,6 @@
Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release
BuildArch: noarch
-%{?systemd_requires}
%description
Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2017-08-12 20:01:20
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Sat Aug 12 20:01:20 2017 rev:38 rq:515015 version:2+git20170807.10b2785
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2015-11-17 14:20:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2017-08-12 20:01:24.132922080 +0200
@@ -1,0 +2,14 @@
+Mon Aug 07 13:58:01 UTC 2017 - lnus...@suse.de
+
+- Update to version 2+git20170807.10b2785:
+ * Check TRANSACTIONAL_UPDATE is set (boo#1045942)
+ * Add systemd units
+
+---
+Mon Jun 19 13:31:02 CEST 2017 - ku...@suse.de
+
+- Run update-ca-certificate by systemd unit when the content of
+ one of the paths changes. Needed for read-only root and/or
+ transactional updates.
+
+---
Old:
ca-certificates-2+git20151110.c15593c.tar.xz
New:
ca-certificates-2+git20170807.10b2785.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.188774181 +0200
+++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.208771380 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:2+git20151110.c15593c
+Version:2+git20170807.10b2785
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
@@ -53,9 +53,12 @@
Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release
BuildArch: noarch
+%{?systemd_requires}
%description
-Utilities for system wide CA certificate installation
+Update-ca-certificates is intended to keep the certificate stores of
+SSL libraries like OpenSSL or GnuTLS in sync with the system's CA
+certificate store that is managed by p11-kit.
%prep
%setup -q
@@ -67,6 +70,7 @@
rm -f certbundle.run
%endif
%make_install
+ln -s service %{buildroot}%{_sbindir}/rcca-certificates
install -d -m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
install -d -m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
install -d -m 755 %{buildroot}%{ssletcdir}
@@ -74,6 +78,7 @@
install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem
install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl
+install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system
ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
@@ -119,6 +124,7 @@
done
mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s
/var/lib/ca-certificates/pem %{sslcerts}
fi
+%service_add_pre ca-certificates.path ca-certificates.service
%post
if [ -s /etc/ca-certificates.conf ]; then
@@ -134,11 +140,16 @@
# This also makes sure we update the hash links in /etc/ssl/certs
# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
+%service_add_post ca-certificates.path ca-certificates.service
+
+%preun
+%service_del_preun ca-certificates.path ca-certificates.service
%postun
if [ "$1" -eq 0 ]; then
rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl
fi
+%service_del_postun ca-certificates.path ca-certificates.service
%clean
rm -rf %{buildroot}
@@ -160,9 +171,11 @@
%dir /etc/ca-certificates/update.d
%dir %{_prefix}/lib/ca-certificates
%dir %{_prefix}/lib/ca-certificates/update.d
+ %{_prefix}/lib/systemd/system/*
%dir /var/lib/ca-certificates
%dir /var/lib/ca-certificates/pem
%dir /var/lib/ca-certificates/openssl
+%{_sbindir}/rcca-certificates
%{_sbindir}/update-ca-certificates
%{_mandir}/man8/update-ca-certificates.8*
%{_prefix}/lib/ca-certificates/update.d/*java.run
++ _servicedata ++
--- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.392745609 +0200
+++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.392745609 +0200
@@ -1,4 +1,4 @@
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2015-11-17 14:20:22
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is "ca-certificates"
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2015-03-25 21:04:40.0 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2015-11-17 14:20:24.0 +0100
@@ -1,0 +2,6 @@
+Wed Nov 11 08:18:47 UTC 2015 - lnus...@suse.de
+
+- Update to version 2+git20151110.c15593c:
+ + set proper umask (boo#948724)
+
+---
Old:
ca-certificates-2+git20150324.e3ee392.tar.xz
New:
ca-certificates-2+git20151110.c15593c.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.KyGmYY/_old 2015-11-17 14:20:25.0 +0100
+++ /var/tmp/diff_new_pack.KyGmYY/_new 2015-11-17 14:20:25.0 +0100
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:2+git20150324.e3ee392
+Version:2+git20151110.c15593c
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
++ _servicedata ++
--- /var/tmp/diff_new_pack.KyGmYY/_old 2015-11-17 14:20:25.0 +0100
+++ /var/tmp/diff_new_pack.KyGmYY/_new 2015-11-17 14:20:25.0 +0100
@@ -1,4 +1,4 @@
http://github.com/openSUSE/ca-certificates.git
- e3ee3929d97e90f81a0b8aea77513def30817f2f
\ No newline at end of file
+ c15593c0a7022a63dcc723f29327d87d14c6b99e
\ No newline at end of file
++ ca-certificates-2+git20150324.e3ee392.tar.xz ->
ca-certificates-2+git20151110.c15593c.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ca-certificates-2+git20150324.e3ee392/update-ca-certificates
new/ca-certificates-2+git20151110.c15593c/update-ca-certificates
--- old/ca-certificates-2+git20150324.e3ee392/update-ca-certificates
2015-03-24 11:30:20.0 +0100
+++ new/ca-certificates-2+git20151110.c15593c/update-ca-certificates
2015-11-11 09:18:47.0 +0100
@@ -51,6 +51,9 @@
exit 0;
}
+# set sane umask
+umask 0222;
+
my @args;
push @args, '-f' if $options{fresh};
push @args, '-v' if $options{verbose};
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2015-03-25 21:04:39
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-11-15 12:13:25.0 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2015-03-25 21:04:40.0 +0100
@@ -1,0 +2,12 @@
+Wed Mar 25 08:12:28 UTC 2015 - lnus...@suse.de
+
+- require p11-kit-tools = 0.23.1
+
+---
+Tue Mar 24 10:30:21 UTC 2015 - lnus...@suse.de
+
+- Update to version 2+git20150324.e3ee392:
+ + p11-kit 0.23.1 supports pem-directory-hash now
+- use service file to generate tarball
+
+---
Old:
ca-certificates-1_201403302107.tar.xz
New:
_service
_servicedata
ca-certificates-2+git20150324.e3ee392.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.qYWwyl/_old 2015-03-25 21:04:40.0 +0100
+++ /var/tmp/diff_new_pack.qYWwyl/_new 2015-03-25 21:04:40.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201403302107
+Version:2+git20150324.e3ee392
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
@@ -40,7 +40,7 @@
#
Requires: openssl
Requires: p11-kit
-Requires: p11-kit-tools = 0.19.3
+Requires: p11-kit-tools = 0.23.1
# needed for post
Requires(post): coreutils openssl p11-kit-tools
Recommends: ca-certificates-mozilla
++ _service ++
services
service name=tar_scm mode=disabled
param name=version2/param
param name=versionformat2+git%cd.%h/param
param name=urlhttp://github.com/openSUSE/ca-certificates.git/param
param name=scmgit/param
param name=changesgenerateenable/param
/service
service name=recompress mode=disabled
param name=compressionxz/param
param name=file*.tar/param
/service
service name=set_version mode=disabled
param name=fileca-certificates.spec/param
/service
/services
++ _servicedata ++
servicedata
service name=tar_scm
param
name=urlhttp://github.com/openSUSE/ca-certificates.git/param
param
name=changesrevisione3ee3929d97e90f81a0b8aea77513def30817f2f/param/service/servicedata--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-11-15 11:40:46
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-08-05 21:11:14.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-11-15 12:13:25.0 +0100
@@ -1,0 +2,5 @@
+Sat Nov 08 04:32:00 UTC 2014 - Led led...@gmail.com
+
+- fix bashism in postun script
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.t9U2F6/_old 2014-11-15 12:13:26.0 +0100
+++ /var/tmp/diff_new_pack.t9U2F6/_new 2014-11-15 12:13:26.0 +0100
@@ -137,7 +137,7 @@
%postun
if [ $1 -eq 0 ]; then
- rm -rf /var/lib/ca-certificates/{pem,openssl}
+ rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl
fi
%clean
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-08-05 21:11:04
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-07-31 10:04:22.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-08-05 21:11:14.0 +0200
@@ -1,0 +2,13 @@
+Tue Aug 5 11:09:24 UTC 2014 - lnus...@suse.de
+
+- use rpm -qf to determine if a ssl cert is owned by some other
+ package and therefore doesn't need to be migrated (related to
+ bnc#890205).
+
+---
+Mon Aug 4 15:35:27 UTC 2014 - lnus...@suse.de
+
+- add p11 kit header to set label of migrated certificates to the
+ file name of the previous one (bnc#890205)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.qGb5X2/_old 2014-08-05 21:11:16.0 +0200
+++ /var/tmp/diff_new_pack.qGb5X2/_new 2014-08-05 21:11:16.0 +0200
@@ -91,16 +91,33 @@
%pre
# migrate /etc/ssl/certs to a symlink
if [ $1 -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
- mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave ln -s
/var/lib/ca-certificates/pem %{sslcerts}
# copy custom pem files to new location (bnc#875647)
mkdir -p /etc/pki/trust/anchors
- for cert in %{sslcerts}.rpmsave/*.pem; do
+ for cert in %{sslcerts}/*.pem; do
test -f $cert -a ! -L $cert || continue
read firstline $cert
# skip package provided certificates (bnc#875647)
- test $firstline != # generated by openssl-certs, do not
edit || continue
- cp -v -n $cert /etc/pki/trust/anchors/
+ if test ${firstline#\# generated by } != ${firstline} ||
rpm -qf $cert /dev/null; then
+ continue
+ fi
+ # create a p11-kit header that set the label of
+ # the certificate to the file name. That ensures
+ # that the certificate gets the same name in
+ # /etc/ssl/certs as before
+ bn=${cert##*/}
+ (
+ cat -EOF
+ # created by update-ca-certificates from
+ # $cert
+ [p11-kit-object-v1]
+ class: certificate
+ label: ${bn%.pem}
+ trusted: true
+ EOF
+ cat $cert
+ ) /etc/pki/trust/$bn
done
+ mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave ln -s
/var/lib/ca-certificates/pem %{sslcerts}
fi
%post
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-07-31 10:04:11 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is ca-certificates Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-07-21 10:35:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-07-31 10:04:22.0 +0200 @@ -1,0 +2,6 @@ +Wed Jul 30 11:45:54 UTC 2014 - lnus...@suse.de + +- removed the version in the Obsoletes. The package in SLE11 got + version updated (bnc#887099). + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.7cr5Hq/_old 2014-07-31 10:04:24.0 +0200 +++ /var/tmp/diff_new_pack.7cr5Hq/_new 2014-07-31 10:04:24.0 +0200 @@ -47,7 +47,7 @@ # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets # installed (bnc#594434). -Obsoletes: openssl-certs 0.9.9 +Obsoletes: openssl-certs # no need for a separate Java package anymore. The bundle is # created by C code. Obsoletes: java-ca-certificates = 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-07-21 10:35:27
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-07-08 13:01:49.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-07-21 10:35:28.0 +0200
@@ -1,0 +2,6 @@
+Thu Jul 17 09:51:16 UTC 2014 - meiss...@suse.com
+
+- clarify the start order of the generators, as certbundle.run
+ semi-depends on etc_ssl.run via a timestamp. (bnc#883386)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.v8Cxbk/_old 2014-07-21 10:35:29.0 +0200
+++ /var/tmp/diff_new_pack.v8Cxbk/_new 2014-07-21 10:35:29.0 +0200
@@ -81,6 +81,13 @@
%endif
install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
+# should be done in git.
+mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,50}java.run
+mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,70}openssl.run
+mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,80}etc_ssl.run
+# certbundle.run must be run after etc_ssl.run as it uses a timestamp from it
+mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run
+
%pre
# migrate /etc/ssl/certs to a symlink
if [ $1 -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
@@ -141,14 +148,14 @@
%dir /var/lib/ca-certificates/openssl
%{_sbindir}/update-ca-certificates
%{_mandir}/man8/update-ca-certificates.8*
-%{_prefix}/lib/ca-certificates/update.d/java.run
-%{_prefix}/lib/ca-certificates/update.d/etc_ssl.run
-%{_prefix}/lib/ca-certificates/update.d/openssl.run
+%{_prefix}/lib/ca-certificates/update.d/*java.run
+%{_prefix}/lib/ca-certificates/update.d/*etc_ssl.run
+%{_prefix}/lib/ca-certificates/update.d/*openssl.run
#
%if %{with cabundle}
%{ssletcdir}/ca-bundle.pem
%ghost %{cabundle}
-%{_prefix}/lib/ca-certificates/update.d/certbundle.run
+%{_prefix}/lib/ca-certificates/update.d/*certbundle.run
%endif
%changelog
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-07-08 13:01:48
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-06-18 10:59:22.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-07-08 13:01:49.0 +0200
@@ -1,0 +2,5 @@
+Mon Jun 23 15:24:13 UTC 2014 - lnus...@suse.de
+
+- fix directory permissions for real this time (bnc#871639)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.hRGtF1/_old 2014-07-08 13:01:50.0 +0200
+++ /var/tmp/diff_new_pack.hRGtF1/_new 2014-07-08 13:01:50.0 +0200
@@ -67,13 +67,13 @@
rm -f certbundle.run
%endif
%make_install
-install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
-install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
-install -d m 755 %{buildroot}%{ssletcdir}
-install -d m 755 %{buildroot}/etc/ca-certificates/update.d
-install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
-install -d m 555 %{buildroot}/var/lib/ca-certificates/pem
-install -d m 555 %{buildroot}/var/lib/ca-certificates/openssl
+install -d -m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
+install -d -m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
+install -d -m 755 %{buildroot}%{ssletcdir}
+install -d -m 755 %{buildroot}/etc/ca-certificates/update.d
+install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
+install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem
+install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl
ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-06-18 10:59:15
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-05-10 08:32:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-06-18 10:59:22.0 +0200
@@ -1,0 +2,5 @@
+Wed Jun 4 11:10:24 UTC 2014 - lnus...@suse.de
+
+- don't keep certificates with marker (bnc#875647)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.raIksr/_old 2014-06-18 10:59:23.0 +0200
+++ /var/tmp/diff_new_pack.raIksr/_new 2014-06-18 10:59:23.0 +0200
@@ -87,8 +87,13 @@
mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave ln -s
/var/lib/ca-certificates/pem %{sslcerts}
# copy custom pem files to new location (bnc#875647)
mkdir -p /etc/pki/trust/anchors
- find %{sslcerts}.rpmsave -maxdepth 1 -name '*.pem' -type f -print0 | \
- xargs -0 --no-run-if-empty -n1 -I FILE cp -v -n FILE
/etc/pki/trust/anchors/
+ for cert in %{sslcerts}.rpmsave/*.pem; do
+ test -f $cert -a ! -L $cert || continue
+ read firstline $cert
+ # skip package provided certificates (bnc#875647)
+ test $firstline != # generated by openssl-certs, do not
edit || continue
+ cp -v -n $cert /etc/pki/trust/anchors/
+ done
fi
%post
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-04-09 13:01:11
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2014-04-06 09:56:18.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-04-09 13:01:14.0 +0200
@@ -1,0 +2,5 @@
+Mon Apr 7 15:07:44 UTC 2014 - lnus...@suse.de
+
+- Fix typo in man page
+
+---
Old:
ca-certificates-1_201312061005.tar.xz
New:
ca-certificates-1_201403302107.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.H5zQM7/_old 2014-04-09 13:01:15.0 +0200
+++ /var/tmp/diff_new_pack.H5zQM7/_new 2014-04-09 13:01:15.0 +0200
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201312061005
+Version:1_201403302107
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
++ ca-certificates-1_201312061005.tar.xz -
ca-certificates-1_201403302107.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201312061005/README
new/ca-certificates-1_201403302107/README
--- old/ca-certificates-1_201312061005/README 2013-12-06 10:05:00.0
+0100
+++ new/ca-certificates-1_201403302107/README 2014-03-30 21:07:42.0
+0200
@@ -35,7 +35,7 @@
- Packages are expected to install their CA certificates in
- /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) intead
+ /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir)
instead
of /usr/share/ca-certificates/vendor now. The anchors subdirectory is for
regular pem files, the directory one above for pem files in
openssl's 'trusted' format.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ca-certificates-1_201312061005/update-ca-certificates.8
new/ca-certificates-1_201403302107/update-ca-certificates.8
--- old/ca-certificates-1_201312061005/update-ca-certificates.8 2013-12-06
10:05:00.0 +0100
+++ new/ca-certificates-1_201403302107/update-ca-certificates.8 2014-03-30
21:07:42.0 +0200
@@ -59,7 +59,7 @@
.I /etc/pki/trust/anchors
Directory of CA certificate trust anchors for use by the admin
.TP
-.I /etc/pki/trust/anchors
+.I /etc/pki/trust/blacklist
Directory of blacklisted CA certificates for use by the admin
.SH SEE ALSO
.BR c_rehash (1),
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2014-04-06 09:56:17
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-12-17 10:00:33.0 +0100
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2014-04-06 09:56:18.0 +0200
@@ -1,0 +2,5 @@
+Fri Apr 4 11:38:17 UTC 2014 - lnus...@suse.de
+
+- package correct permissions of generated directories (bnc#871639)
+
+---
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.dNXpMK/_old 2014-04-06 09:56:19.0 +0200
+++ /var/tmp/diff_new_pack.dNXpMK/_new 2014-04-06 09:56:19.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package ca-certificates
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -72,8 +72,8 @@
install -d m 755 %{buildroot}%{ssletcdir}
install -d m 755 %{buildroot}/etc/ca-certificates/update.d
install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
-install -d m 755 %{buildroot}/var/lib/ca-certificates/pem
-install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl
+install -d m 555 %{buildroot}/var/lib/ca-certificates/pem
+install -d m 555 %{buildroot}/var/lib/ca-certificates/openssl
ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2013-12-17 10:00:31
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-10-17 13:59:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2013-12-17 10:00:33.0 +0100
@@ -1,0 +2,6 @@
+Fri Dec 6 09:16:11 UTC 2013 - lnus...@suse.de
+
+- etc_ssl.run: fix typo
+- turn /etc/ssl/certs into a symlink to /var/lib/ca-certificates/pem
+
+---
Old:
ca-certificates-1_201310161709.tar.xz
New:
ca-certificates-1_201312061005.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.6ffsMF/_old 2013-12-17 10:00:34.0 +0100
+++ /var/tmp/diff_new_pack.6ffsMF/_new 2013-12-17 10:00:34.0 +0100
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201310161709
+Version:1_201312061005
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
@@ -69,17 +69,24 @@
%make_install
install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
-install -d m 755 %{buildroot}/etc/ssl/certs
+install -d m 755 %{buildroot}%{ssletcdir}
install -d m 755 %{buildroot}/etc/ca-certificates/update.d
install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
install -d m 755 %{buildroot}/var/lib/ca-certificates/pem
install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl
+ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
%endif
install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
+%pre
+# migrate /etc/ssl/certs to a symlink
+if [ $1 -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
+ mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave ln -s
/var/lib/ca-certificates/pem %{sslcerts}
+fi
+
%post
if [ -s /etc/ca-certificates.conf ]; then
while read line; do
@@ -114,7 +121,7 @@
%dir %{trustdir_static}
%dir %{trustdir_static}/anchors
%dir %{trustdir_static}/blacklist
-%dir /etc/ssl/certs
+%sslcerts
%ghost /var/lib/ca-certificates/java-cacerts
%dir /etc/ca-certificates
%dir /etc/ca-certificates/update.d
++ ca-certificates-1_201310161709.tar.xz -
ca-certificates-1_201312061005.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201310161709/etc_ssl.run
new/ca-certificates-1_201312061005/etc_ssl.run
--- old/ca-certificates-1_201310161709/etc_ssl.run 2013-10-16
17:09:27.0 +0200
+++ new/ca-certificates-1_201312061005/etc_ssl.run 2013-12-06
10:05:00.0 +0100
@@ -84,8 +84,13 @@
help|h,
) or die $!\n;
+$ENV{'P11_KIT_PEMDIR_HASH'} = 1;
system(trust, extract, --purpose=server-auth, --filter=ca-anchors,
--format=pem-directory, -f, $pemdir) == 0 or die;
+# we are done if /etc/ssl/certs is a link pointing to
/var/lib/ca-certificates/pem
+exit 0 if (-l $etccertsdir readlink($etccertsdir) eq $pemdir);
+warn Warning: $etccertsdir should be a link to $pemdir!\n;
+
for my $f ($pemdir/*.pem) {
addcert($f);
}
@@ -127,5 +132,5 @@
if ($foundignored)
{
print STDERR \n* = CA Certificates in /etc/ssl/certs are only seen by
some legacy applications.
-To install CA-Certificates globally move them to /etc/pki/trust/ancors
instead!\n;
+To install CA-Certificates globally move them to /etc/pki/trust/anchors
instead!\n;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2013-10-17 13:59:29
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-08-30 11:32:51.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2013-10-17 13:59:30.0 +0200
@@ -1,0 +2,6 @@
+Wed Oct 16 15:11:26 UTC 2013 - lnus...@suse.de
+
+- fix typo in README (bnc#845500)
+- remove old extractcerts.pl
+
+---
Old:
ca-certificates-1_201308271454.tar.xz
New:
ca-certificates-1_201310161709.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.WmtQER/_old 2013-10-17 13:59:32.0 +0200
+++ /var/tmp/diff_new_pack.WmtQER/_new 2013-10-17 13:59:32.0 +0200
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201308271454
+Version:1_201310161709
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
++ ca-certificates-1_201308271454.tar.xz -
ca-certificates-1_201310161709.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201308271454/README
new/ca-certificates-1_201310161709/README
--- old/ca-certificates-1_201308271454/README 2013-08-27 14:54:33.0
+0200
+++ new/ca-certificates-1_201310161709/README 2013-10-16 17:09:27.0
+0200
@@ -7,9 +7,9 @@
various components in sync with the system CA certificates.
The canonical source of CA certificates is what p11-kit knows about.
-By default p11-kit looks into /usr/share/pki/anchors
-resp /etc/pki/trust/anchors but there could be other plugins that
-serve as source for certificates as well.
+By default p11-kit looks into /usr/share/pki/trust/ resp
+/etc/pki/trust/ but there could be other plugins that serve as
+source for certificates as well.
Supported Certificate Stores
@@ -35,8 +35,10 @@
- Packages are expected to install their CA certificates in
- /usr/share/pki/anchors/ (no extra subdir) intead of
- /usr/share/ca-certificates/vendor now.
+ /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) intead
+ of /usr/share/ca-certificates/vendor now. The anchors subdirectory is for
+ regular pem files, the directory one above for pem files in
+ openssl's 'trusted' format.
- /etc/ca-certificates.conf is no longer supported. Just symlink the
certificates you don't want to /etc/pki/trust/blacklist.
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2013-08-30 11:32:49
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-08-24 10:14:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2013-08-30 11:32:51.0 +0200
@@ -1,0 +2,11 @@
+Tue Aug 27 12:53:44 UTC 2013 - lnus...@suse.de
+
+- re-enable the CA bundle again for glib-networking (bnc#825903)
+
+---
+Tue Aug 27 07:11:04 UTC 2013 - lnus...@suse.de
+
+- make sure we have p11-kit = 0.19.3 which has the 'trust' command
+ (bnc#836560)
+
+---
Old:
ca-certificates-1_201308051322.tar.xz
New:
ca-certificates-1_201308271454.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.nbLuEO/_old 2013-08-30 11:32:52.0 +0200
+++ /var/tmp/diff_new_pack.nbLuEO/_new 2013-08-30 11:32:52.0 +0200
@@ -17,10 +17,10 @@
# the ca bundle file was meant as compat option for e.g.
-# proprietary packages. Now that I see it abused in free software
-# packages that can be trivially patched to do the right thing I'm
-# disabling this for now again.
-%bcond_with cabundle
+# proprietary packages. It's not meant to be used at all.
+# unfortunately glib-networking has such a complicated abstraction
+# on top of gnutls that we have to live with the bundle for now
+%bcond_without cabundle
BuildRequires: openssl
BuildRequires: p11-kit-devel
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201308051322
+Version:1_201308271454
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
@@ -40,7 +40,7 @@
#
Requires: openssl
Requires: p11-kit
-Requires: p11-kit-tools
+Requires: p11-kit-tools = 0.19.3
# needed for %post
Requires(post): coreutils openssl p11-kit-tools
Recommends: ca-certificates-mozilla
++ ca-certificates-1_201308051322.tar.xz -
ca-certificates-1_201308271454.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201308051322/certbundle.run
new/ca-certificates-1_201308271454/certbundle.run
--- old/ca-certificates-1_201308051322/certbundle.run 2013-08-05
13:22:58.0 +0200
+++ new/ca-certificates-1_201308271454/certbundle.run 2013-08-27
14:54:33.0 +0200
@@ -28,7 +28,7 @@
# functions that know the operating system defaults instead:
#
# - openssl: SSL_CTX_set_default_verify_paths()
-# - gnutls: gnutls_x509_trust_list_add_system_trust()
+# - gnutls: gnutls_certificate_set_x509_system_trust(cred)
#
EOF
trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors
$cafile.tmp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201308051322/extractcerts.pl
new/ca-certificates-1_201308271454/extractcerts.pl
--- old/ca-certificates-1_201308051322/extractcerts.pl 2013-08-05
13:22:58.0 +0200
+++ new/ca-certificates-1_201308271454/extractcerts.pl 1970-01-01
01:00:00.0 +0100
@@ -1,217 +0,0 @@
-#!/usr/bin/perl -w
-#
-# * BEGIN LICENSE BLOCK *
-# Version: MPL 1.1/GPL 2.0/LGPL 2.1
-#
-# The contents of this file are subject to the Mozilla Public License Version
-# 1.1 (the License); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-# http://www.mozilla.org/MPL/
-#
-# Software distributed under the License is distributed on an AS IS basis,
-# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
-# for the specific language governing rights and limitations under the
-# License.
-#
-# The Original Code is the Netscape security libraries.
-#
-# The Initial Developer of the Original Code is
-# Netscape Communications Corporation.
-# Portions created by the Initial Developer are Copyright (C) 1994-2000
-# the Initial Developer. All Rights Reserved.
-#
-# Contributor(s):
-#
-# Alternatively, the contents of this file may be used under the terms of
-# either the GNU General Public License Version 2 or later (the GPL), or
-# the GNU Lesser General Public License Version 2.1 or later (the LGPL),
-# in which case the provisions of the GPL or the LGPL are applicable
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2013-08-24 10:14:37
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-07-03 10:11:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2013-08-24 10:14:38.0 +0200
@@ -1,0 +2,6 @@
+Mon Aug 5 11:24:04 UTC 2013 - lnus...@suse.de
+
+- don't remove symlinks to other locations in /etc/ssl/certs
+- use the trust binary instead of p11-kit to extract trust
+
+---
Old:
ca-certificates-1_201307011044.tar.xz
New:
ca-certificates-1_201308051322.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.gFmEYm/_old 2013-08-24 10:14:39.0 +0200
+++ /var/tmp/diff_new_pack.gFmEYm/_new 2013-08-24 10:14:39.0 +0200
@@ -29,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201307011044
+Version:1_201308051322
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
++ ca-certificates-1_201307011044.tar.xz -
ca-certificates-1_201308051322.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201307011044/certbundle.run
new/ca-certificates-1_201308051322/certbundle.run
--- old/ca-certificates-1_201307011044/certbundle.run 2013-07-01
10:44:11.0 +0200
+++ new/ca-certificates-1_201308051322/certbundle.run 2013-08-05
13:22:58.0 +0200
@@ -31,7 +31,7 @@
# - gnutls: gnutls_x509_trust_list_add_system_trust()
#
EOF
-p11-kit extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors
$cafile.tmp
+trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors
$cafile.tmp
cat $cafile.tmp $cafile.new
rm -f $cafile.tmp
mv $cafile.new $cafile
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201307011044/etc_ssl.run
new/ca-certificates-1_201308051322/etc_ssl.run
--- old/ca-certificates-1_201307011044/etc_ssl.run 2013-07-01
10:44:11.0 +0200
+++ new/ca-certificates-1_201308051322/etc_ssl.run 2013-08-05
13:22:58.0 +0200
@@ -84,7 +84,7 @@
help|h,
) or die $!\n;
-system(p11-kit, extract, --purpose=server-auth, --filter=ca-anchors,
--format=pem-directory, -f, $pemdir) == 0 or die;
+system(trust, extract, --purpose=server-auth, --filter=ca-anchors,
--format=pem-directory, -f, $pemdir) == 0 or die;
for my $f ($pemdir/*.pem) {
addcert($f);
@@ -93,7 +93,7 @@
# clean dangling symlinks
for my $f ($etccertsdir/*.pem) {
unless (-l $f) {
- print STDERR $f is wrong here *)\n;
+ print STDERR $f is in the wrong location *)\n;
$foundignored = 1;
next;
}
@@ -101,11 +101,12 @@
my $d = readlink($f);
unless ($d startswith($d, $pemdir)) {
# don't warn about the symlinks we had in the distro
before
- unless (startswith($d, /usr/share/ca-certificates/)) {
- print STDERR wrong symlink $f removed *)\n;
+ if (startswith($d, /usr/share/ca-certificates/)) {
+ unlink $f;
+ } else {
+ print STDERR $f is in the wrong location *)\n;
$foundignored = 1;
}
- unlink $f
}
} else {
$removed{$f} = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ca-certificates-1_201307011044/java.run
new/ca-certificates-1_201308051322/java.run
--- old/ca-certificates-1_201307011044/java.run 2013-07-01 10:44:11.0
+0200
+++ new/ca-certificates-1_201308051322/java.run 2013-08-05 13:22:58.0
+0200
@@ -19,6 +19,6 @@
done
[ -z $verbose ] || echo creating $cafile ...
-p11-kit extract --format=java-cacerts --purpose=server-auth
--filter=ca-anchors --overwrite $cafile
+trust extract --format=java-cacerts --purpose=server-auth --filter=ca-anchors
--overwrite $cafile
# vim: syntax=sh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2013-07-03 10:11:35
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates
Changes:
--- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes
2013-06-25 17:20:12.0 +0200
+++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes
2013-07-03 10:11:38.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun 27 16:17:51 UTC 2013 - lnus...@suse.de
+
+- disable generating ca-bundle for now again so people don't submit
+ new packages that use this file.
+
+---
@@ -5,0 +12,5 @@
+
+---
+Mon Jun 24 12:46:30 UTC 2013 - lnus...@suse.de
+
+- update manpage
Old:
ca-certificates-1_201306200949.tar.xz
New:
ca-certificates-1_201307011044.tar.xz
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.BydYCo/_old 2013-07-03 10:11:38.0 +0200
+++ /var/tmp/diff_new_pack.BydYCo/_new 2013-07-03 10:11:38.0 +0200
@@ -16,6 +16,12 @@
#
+# the ca bundle file was meant as compat option for e.g.
+# proprietary packages. Now that I see it abused in free software
+# packages that can be trivially patched to do the right thing I'm
+# disabling this for now again.
+%bcond_with cabundle
+
BuildRequires: openssl
BuildRequires: p11-kit-devel
@@ -23,7 +29,7 @@
%define ssletcdir %{_sysconfdir}/ssl
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define sslcerts %{ssletcdir}/certs
-Version:1_201306200949
+Version:1_201307011044
Release:0
Summary:Utilities for system wide CA certificate installation
License:GPL-2.0+
@@ -57,6 +63,9 @@
%build
%install
+%if %{without cabundle}
+rm -f certbundle.run
+%endif
%make_install
install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist}
install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist}
@@ -65,9 +74,11 @@
install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
install -d m 755 %{buildroot}/var/lib/ca-certificates/pem
install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl
+%if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
-install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
+%endif
+install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
%post
if [ -s /etc/ca-certificates.conf ]; then
@@ -104,8 +115,6 @@
%dir %{trustdir_static}/anchors
%dir %{trustdir_static}/blacklist
%dir /etc/ssl/certs
-%{ssletcdir}/ca-bundle.pem
-%ghost %{cabundle}
%ghost /var/lib/ca-certificates/java-cacerts
%dir /etc/ca-certificates
%dir /etc/ca-certificates/update.d
@@ -117,8 +126,13 @@
%{_sbindir}/update-ca-certificates
%{_mandir}/man8/update-ca-certificates.8*
%{_prefix}/lib/ca-certificates/update.d/java.run
-%{_prefix}/lib/ca-certificates/update.d/certbundle.run
%{_prefix}/lib/ca-certificates/update.d/etc_ssl.run
%{_prefix}/lib/ca-certificates/update.d/openssl.run
+#
+%if %{with cabundle}
+%{ssletcdir}/ca-bundle.pem
+%ghost %{cabundle}
+%{_prefix}/lib/ca-certificates/update.d/certbundle.run
+%endif
%changelog
++ ca-certificates-1_201306200949.tar.xz -
ca-certificates-1_201307011044.tar.xz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ca-certificates-1_201306200949/update-ca-certificates.8
new/ca-certificates-1_201307011044/update-ca-certificates.8
--- old/ca-certificates-1_201306200949/update-ca-certificates.8 2013-06-20
09:49:53.0 +0200
+++ new/ca-certificates-1_201307011044/update-ca-certificates.8 2013-07-01
10:44:11.0 +0200
@@ -21,24 +21,22 @@
.B update-ca-certificates
.RI [ options ]
.SH DESCRIPTION
-\fBupdate-ca-certificates\fP updates the directory
-/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem,
-a concatenated single-file list of certificates.
+\fBupdate-ca-certificates\fP is intended to keep the certificate stores of
+various components in sync with the system CA certificates.
.PP
-It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
-a CA certificate under /usr/share/ca-certificates that should be trusted.
-Lines that begin with # are comment lines and thus ignored.
-Lines that begin with ! are deselected, causing the deactivation
-of the CA certificate in question. All certificates are implicitly
-trusted if no trusted certificates are listed.
+The canonical
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2012-05-08 12:25:42 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is ca-certificates, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2011-10-25 15:48:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2012-05-08 12:25:45.0 +0200 @@ -1,0 +2,5 @@ +Fri May 4 11:55:14 UTC 2012 - lnus...@suse.de + +- give hint about SSL_CTX_set_default_verify_paths in cert bundle + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.38LMPa/_old 2012-05-08 12:25:46.0 +0200 +++ /var/tmp/diff_new_pack.38LMPa/_new 2012-05-08 12:25:46.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ certbundle.run ++ --- /var/tmp/diff_new_pack.38LMPa/_old 2012-05-08 12:25:46.0 +0200 +++ /var/tmp/diff_new_pack.38LMPa/_new 2012-05-08 12:25:46.0 +0200 @@ -21,8 +21,12 @@ cat $cafile.new EOF # # automatically created by $0. Do not edit! +# # Use of this file is deprecated and should only be used as last # resort by applications that cannot parse the $cadir directory. +# You should avoid hardcoding any paths in applications anyways though. +# Use e.g. +# SSL_CTX_set_default_verify_paths() instead. # EOF for i in $cadir/*.pem; do -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at 2011-12-06 18:02:19
Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old)
and /work/SRC/openSUSE:Factory/.ca-certificates.new (New)
Package is ca-certificates, Maintainer is
Changes:
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.mfTMTF/_old 2011-12-06 18:04:16.0 +0100
+++ /var/tmp/diff_new_pack.mfTMTF/_new 2011-12-06 18:04:16.0 +0100
@@ -30,7 +30,7 @@
%define etccadir %{ssletcdir}/certs
%define cabundle /var/lib/ca-certificates/ca-bundle.pem
%define usrcadir %{_datadir}/ca-certificates
-License:GPLv2+
+License:GPL-2.0+
Group: Productivity/Networking/Security
Version:1
Release:12
@@ -57,7 +57,7 @@
%if %{with java}
%package -n java-ca-certificates
-License:GPLv2+
+License:GPL-2.0+
Group: Productivity/Networking/Security
Summary:Utilities CA certificate import to gcj
Requires(post): ca-certificates
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2011-10-25 15:48:09 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is ca-certificates, Maintainer is Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2011-09-23 01:53:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2011-10-25 15:48:14.0 +0200 @@ -1,0 +2,5 @@ +Mon Oct 24 11:57:53 UTC 2011 - co...@suse.com + +- require coreutils for %post script + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.mMCIcU/_old 2011-10-25 15:48:16.0 +0200 +++ /var/tmp/diff_new_pack.mMCIcU/_new 2011-10-25 15:48:16.0 +0200 @@ -45,6 +45,8 @@ Url:http://gitorious.org/opensuse/ca-certificates # Requires: openssl +# needed for %post +Requires: coreutils Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community,
here is the log from the commit of package ca-certificates for openSUSE:Factory
checked in at Tue Jun 21 09:21:37 CEST 2011.
--- ca-certificates/ca-certificates.changes 2010-09-27 16:58:22.0
+0200
+++ /mounts/work_src_done/STABLE/ca-certificates/ca-certificates.changes
2011-06-20 15:24:04.0 +0200
@@ -1,0 +2,6 @@
+Mon Jun 20 12:49:52 UTC 2011 - lnus...@suse.de
+
+- fix spurious rpm warning if no java exists (bnc#634793)
+- move java.run to java-ca-certificates
+
+---
calling whatdependson for head-i586
Other differences:
--
++ ca-certificates.spec ++
--- /var/tmp/diff_new_pack.7fTCoG/_old 2011-06-21 09:14:13.0 +0200
+++ /var/tmp/diff_new_pack.7fTCoG/_new 2011-06-21 09:14:13.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package ca-certificates (Version 1)
+# spec file for package ca-certificates
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,7 +33,7 @@
License:GPLv2+
Group: Productivity/Networking/Security
Version:1
-Release:8
+Release:12
Summary:Utilities for system wide CA certificate installation
Source0:update-ca-certificates
Source1:update-ca-certificates.8
@@ -147,7 +147,7 @@
%dir %{_prefix}/lib/ca-certificates
%dir %{_prefix}/lib/ca-certificates/update.d
%dir /var/lib/ca-certificates
-%{_prefix}/lib/ca-certificates/update.d/*
+%{_prefix}/lib/ca-certificates/update.d/certbundle.run
%{_sbindir}/update-ca-certificates
%{_mandir}/man8/update-ca-certificates.8*
%ghost /var/lib/ca-certificates/ca-bundle.pem
@@ -157,6 +157,7 @@
%files -n java-ca-certificates
%defattr(-, root, root)
%dir %{_prefix}/lib/ca-certificates/java
+%{_prefix}/lib/ca-certificates/update.d/java.run
%{_prefix}/lib/ca-certificates/java/keystore.jar
%ghost /var/lib/ca-certificates/java-cacerts
%ghost /var/lib/ca-certificates/gcj-cacerts
++ java.run ++
--- /var/tmp/diff_new_pack.7fTCoG/_old 2011-06-21 09:14:13.0 +0200
+++ /var/tmp/diff_new_pack.7fTCoG/_new 2011-06-21 09:14:13.0 +0200
@@ -35,11 +35,13 @@
if [ -n $JAVA_HOME ]; then
java=$JAVA_HOME/bin/java
else
- java=`which java`
-fi
-
-if [[ $(readlink -f ${java}) =~ gij ]]; then
-java=
+ java=`type -P java`
+ if [ -n $java -a -L $java ]; then
+ java=`readlink -f $java`
+ if [ ${java//gij} != $java ]; then
+ java=
+ fi
+ fi
fi
if [ ! -e $libexecdir/keystore.jar ]; then
@@ -73,7 +75,7 @@
fi
done
-if [ -x $java ]; then
+if [ -n $java -a -x $java ]; then
echo creating $cafile ...
$java -jar $libexecdir/keystore.jar -keystore $cafile -cadir $cadir
$@
fi
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
