commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2020-10-08 13:07:33 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new.4249 (New) Package is "ca-certificates" Thu Oct 8 13:07:33 2020 rev:46 rq:839158 version:2+git20201002.34daf7f Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2020-04-23 18:29:29.259978692 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new.4249/ca-certificates.changes 2020-10-08 13:08:47.774988394 +0200 @@ -1,0 +2,6 @@ +Fri Oct 02 12:53:48 UTC 2020 - lnus...@suse.de + +- Update to version 2+git20201002.34daf7f: + * Use relative symlink for /etc/ssl/certs (boo#1175340) + +--- Old: ca-certificates-2+git20200129.d1a437d.tar.xz New: ca-certificates-2+git20201002.34daf7f.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.m9VDgK/_old 2020-10-08 13:08:48.478989032 +0200 +++ /var/tmp/diff_new_pack.m9VDgK/_new 2020-10-08 13:08:48.482989035 +0200 @@ -28,7 +28,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:2+git20200129.d1a437d +Version:2+git20201002.34daf7f Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0-or-later @@ -75,7 +75,7 @@ install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system -ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} +ln -s ../../var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem ++ _servicedata ++ --- /var/tmp/diff_new_pack.m9VDgK/_old 2020-10-08 13:08:48.566989112 +0200 +++ /var/tmp/diff_new_pack.m9VDgK/_new 2020-10-08 13:08:48.566989112 +0200 @@ -1,4 +1,4 @@ http://github.com/openSUSE/ca-certificates.git - f43b65956825ea1332e2145bcca2972541730f69 \ No newline at end of file + 34daf7f649d3f21dff3ecaabcc8315534eacd7d2 \ No newline at end of file ++ ca-certificates-2+git20200129.d1a437d.tar.xz -> ca-certificates-2+git20201002.34daf7f.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20200129.d1a437d/etc_ssl.run new/ca-certificates-2+git20201002.34daf7f/etc_ssl.run --- old/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29 17:58:00.0 +0100 +++ new/ca-certificates-2+git20201002.34daf7f/etc_ssl.run 2020-10-02 14:52:37.0 +0200 @@ -48,10 +48,10 @@ trust extract --purpose=server-auth --filter=ca-anchors --format=pem-directory-hash -f "$pemdir" # fix up /etc/ssl/certs if it's not a link pointing to /var/lib/ca-certificates/pem -if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "$pemdir" ]; then -echo "Warning: $etccertsdir needs to be a link to $pemdir, fixing" >&2 +if ! [ -L "$etccertsdir" -a "`readlink $etccertsdir`" = "../..$pemdir" ]; then +echo "Warning: $etccertsdir needs to be a link to ../..$pemdir, fixing" >&2 if [ -d "$etccertsdir" ]; then mv -Tv --backup=numbered "$etccertsdir" "$etccertsdir.old" fi -ln -Tsv --backup=numbered "$pemdir" "$etccertsdir" +ln -Tsv --backup=numbered "../..$pemdir" "$etccertsdir" fi
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2020-04-23 18:29:20 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new.2738 (New) Package is "ca-certificates" Thu Apr 23 18:29:20 2020 rev:45 rq:796051 version:2+git20200129.d1a437d Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2020-02-25 16:00:37.259969148 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new.2738/ca-certificates.changes 2020-04-23 18:29:29.259978692 +0200 @@ -1,0 +2,7 @@ +Wed Apr 15 09:35:06 UTC 2020 - Thorsten Kukuk + +- Remove old migration code, we don't support migration from such + old products anymore. +- Use file requires to support busybox container if possible + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.hRYIwI/_old 2020-04-23 18:29:29.811979748 +0200 +++ /var/tmp/diff_new_pack.hRYIwI/_new 2020-04-23 18:29:29.815979756 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,20 +35,16 @@ Group: Productivity/Networking/Security Source0:ca-certificates-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url:https://github.com/openSUSE/ca-certificates +URL:https://github.com/openSUSE/ca-certificates # -Requires: coreutils +Requires: /usr/bin/readlink Requires: findutils Requires: p11-kit Requires: p11-kit-tools >= 0.23.1 Requires: openssl(cli) # needed for post -Requires(post): coreutils findutils p11-kit-tools +Requires(post): p11-kit-tools findutils /usr/bin/readlink Recommends: ca-certificates-mozilla -# we need to obsolete openssl-certs to make sure it's files are -# gone when a package providing actual certificates gets -# installed (bnc#594434). -Obsoletes: openssl-certs # no need for a separate Java package anymore. The bundle is # created by C code. Obsoletes: java-ca-certificates = 1 @@ -94,51 +90,10 @@ mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run %pre -# migrate /etc/ssl/certs to a symlink -if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then - # copy custom pem files to new location (bnc#875647) - mkdir -p /etc/pki/trust/anchors - for cert in %{sslcerts}/*.pem; do - test -f "$cert" -a ! -L "$cert" || continue - read firstline < "$cert" - # skip package provided certificates (bnc#875647) - if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then - continue - fi - # create a p11-kit header that set the label of - # the certificate to the file name. That ensures - # that the certificate gets the same name in - # /etc/ssl/certs as before - bn="${cert##*/}" - ( - cat <<-EOF - # created by update-ca-certificates from - # $cert - [p11-kit-object-v1] - class: certificate - label: "${bn%.pem}" - trusted: true - EOF - cat $cert - ) > "/etc/pki/trust/$bn" - done - mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} -fi %service_add_pre ca-certificates.path ca-certificates.service %post -if [ -s /etc/ca-certificates.conf ]; then - while read line; do - [ ${line#\!} != "$line" ] || continue - cert="${line#\!*/}" - ln -s /usr/share/ca-certificates/anchors/"$cert" %{trustdir_cfg}/blacklist - done < /etc/ca-certificates.conf - echo "/etc/ca-certificates.conf converted and saved as /etc/ca-certificates.conf.rpmsave" - mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave -fi # force rebuilding all certificate stores. -# This also makes sure we update the hash links in /etc/ssl/certs -# as openssl changed the hash format between 0.9.8 and 1.0 update-ca-certificates -f || true %service_add_post ca-certificates.path ca-certificates.service
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2020-02-25 16:00:31 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new.26092 (New) Package is "ca-certificates" Tue Feb 25 16:00:31 2020 rev:44 rq:777924 version:2+git20200129.d1a437d Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2018-10-01 09:02:47.516029090 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new.26092/ca-certificates.changes 2020-02-25 16:00:37.259969148 +0100 @@ -1,0 +2,8 @@ +Wed Jan 29 16:58:22 UTC 2020 - lnus...@suse.de + +- Update to version 2+git20200129.d1a437d: + * rewrite in bash + * java.run: don't set LANG=en_US +- no longer require openssl, it's all done by p11-kit + +--- Old: ca-certificates-2+git20170807.10b2785.tar.xz New: ca-certificates-2+git20200129.d1a437d.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.803973767 +0100 +++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.803973767 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,14 +22,13 @@ # on top of gnutls that we have to live with the bundle for now %bcond_without cabundle -BuildRequires: openssl BuildRequires: p11-kit-devel Name: ca-certificates %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:2+git20170807.10b2785 +Version:2+git20200129.d1a437d Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0-or-later @@ -38,11 +37,13 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:https://github.com/openSUSE/ca-certificates # +Requires: coreutils +Requires: findutils Requires: p11-kit Requires: p11-kit-tools >= 0.23.1 Requires: openssl(cli) # needed for post -Requires(post): coreutils openssl p11-kit-tools +Requires(post): coreutils findutils p11-kit-tools Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets @@ -165,6 +166,7 @@ %dir %{trustdir_static} %dir %{trustdir_static}/anchors %dir %{trustdir_static}/blacklist +%dir %ssletcdir %sslcerts %ghost /var/lib/ca-certificates/java-cacerts %dir /etc/ca-certificates ++ _servicedata ++ --- /var/tmp/diff_new_pack.rQSYgJ/_old 2020-02-25 16:00:38.883974006 +0100 +++ /var/tmp/diff_new_pack.rQSYgJ/_new 2020-02-25 16:00:38.887974018 +0100 @@ -1,4 +1,4 @@ http://github.com/openSUSE/ca-certificates.git - 10b278586d2378e25d5cc9463be84c29725aa918 \ No newline at end of file + f43b65956825ea1332e2145bcca2972541730f69 \ No newline at end of file ++ ca-certificates-2+git20170807.10b2785.tar.xz -> ca-certificates-2+git20200129.d1a437d.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20170807.10b2785/etc_ssl.run new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run --- old/ca-certificates-2+git20170807.10b2785/etc_ssl.run 2017-08-07 15:57:31.0 +0200 +++ new/ca-certificates-2+git20200129.d1a437d/etc_ssl.run 2020-01-29 17:58:00.0 +0100 @@ -1,7 +1,8 @@ -#!/usr/bin/perl -w -# vim:syntax=perl +#!/bin/bash -e +# vim:syntax=sh # # Copyright (c) 2010,2013 SUSE Linux Products GmbH +# Copyright (c) 2020 SUSE LLC # Author: Ludwig Nussel # # update /etc/ssl/certs for compatibility with legacy applications @@ -22,114 +23,35 @@ # USA. # -use strict; +etccertsdir="/etc/ssl/certs" +pemdir="/var/lib/ca-certificates/pem" -use File::Basename; -use Getopt::Long; - -my $etccertsdir = "/etc/ssl/certs"; -my $pemdir = "/var/lib/ca-certificates/pem"; -my $foundignored; - -my (%added, %removed); - -my %options; - -sub startswith($$) -{ - return $_[1] eq substr($_[0], 0, length($_[1])); -} - -sub targetfilename($) -{ - my $t = $etccertsdir.'/'.basename($_[0]); - return $t; -} - -sub addcert($) -{ - my $f = $_[0]; - my $t = targetfilename($f); - if (-l $t) { - my $d = readlink($t); - return if ($d && $d eq
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2018-10-01 09:02:45 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Mon Oct 1 09:02:45 2018 rev:43 rq:637028 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2018-03-24 16:11:53.767033003 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2018-10-01 09:02:47.516029090 +0200 @@ -1,0 +2,6 @@ +Thu Sep 20 18:23:03 UTC 2018 - Jason Sikes + +- Changed "openssl" requirement to "openssl(cli)" + * (bsc#1101470) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.sOed4H/_old 2018-10-01 09:02:48.064028614 +0200 +++ /var/tmp/diff_new_pack.sOed4H/_new 2018-10-01 09:02:48.068028610 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -38,9 +38,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Url:https://github.com/openSUSE/ca-certificates # -Requires: openssl Requires: p11-kit Requires: p11-kit-tools >= 0.23.1 +Requires: openssl(cli) # needed for post Requires(post): coreutils openssl p11-kit-tools Recommends: ca-certificates-mozilla
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2018-03-24 16:11:52 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Sat Mar 24 16:11:52 2018 rev:42 rq:589226 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2017-12-23 12:17:13.754186727 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2018-03-24 16:11:53.767033003 +0100 @@ -1,0 +2,5 @@ +Tue Mar 20 13:39:33 CET 2018 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.rRghkK/_old 2018-03-24 16:11:54.547004886 +0100 +++ /var/tmp/diff_new_pack.rRghkK/_new 2018-03-24 16:11:54.551004743 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ Version:2+git20170807.10b2785 Release:0 Summary:Utilities for system wide CA certificate installation -License:GPL-2.0+ +License:GPL-2.0-or-later Group: Productivity/Networking/Security Source0:ca-certificates-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -155,7 +155,8 @@ %files %defattr(-, root, root) -%doc COPYING README +%license COPYING +%doc README %dir %{pkidir_cfg} %dir %{trustdir_cfg} %dir %{trustdir_cfg}/anchors
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2017-12-23 12:17:12 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Sat Dec 23 12:17:12 2017 rev:41 rq:557981 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2017-12-09 20:25:27.979326713 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2017-12-23 12:17:13.754186727 +0100 @@ -1,0 +2,6 @@ +Thu Dec 14 17:22:55 CET 2017 - ku...@suse.de + +- Revert last change since we fixed systemd-preset-branding and + this requires is no longer needed. + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.FUZK0r/_old 2017-12-23 12:17:14.454152597 +0100 +++ /var/tmp/diff_new_pack.FUZK0r/_new 2017-12-23 12:17:14.458152402 +0100 @@ -53,7 +53,6 @@ Obsoletes: java-ca-certificates = 1 Provides: java-ca-certificates = %version-%release BuildArch: noarch -%{?systemd_requires} %description Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2017-12-09 20:25:24 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Sat Dec 9 20:25:24 2017 rev:40 rq:555175 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2017-11-30 12:41:25.238580384 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2017-12-09 20:25:27.979326713 +0100 @@ -1,0 +2,6 @@ +Fri Dec 8 07:20:49 UTC 2017 - ku...@suse.com + +- Re-add systemd requires, else package will be installed to early + and services never enabled [bsc#1071776]. + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.2jdxIa/_old 2017-12-09 20:25:28.571298518 +0100 +++ /var/tmp/diff_new_pack.2jdxIa/_new 2017-12-09 20:25:28.575298327 +0100 @@ -53,6 +53,7 @@ Obsoletes: java-ca-certificates = 1 Provides: java-ca-certificates = %version-%release BuildArch: noarch +%{?systemd_requires} %description Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2017-11-30 12:41:22 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Thu Nov 30 12:41:22 2017 rev:39 rq:545252 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2017-08-12 20:01:24.132922080 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2017-11-30 12:41:25.238580384 +0100 @@ -1,0 +2,8 @@ +Thu Nov 23 16:03:55 CET 2017 - ku...@suse.de + +- Don't require systemd, since we could be used in environments + like container images, where we don't have systemd. If systemd + is installed the systemd units will be used, else they are not + needed. + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.ZlvEpi/_old 2017-11-30 12:41:26.462535883 +0100 +++ /var/tmp/diff_new_pack.ZlvEpi/_new 2017-11-30 12:41:26.470535592 +0100 @@ -53,7 +53,6 @@ Obsoletes: java-ca-certificates = 1 Provides: java-ca-certificates = %version-%release BuildArch: noarch -%{?systemd_requires} %description Update-ca-certificates is intended to keep the certificate stores of
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2017-08-12 20:01:20 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Sat Aug 12 20:01:20 2017 rev:38 rq:515015 version:2+git20170807.10b2785 Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2015-11-17 14:20:24.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2017-08-12 20:01:24.132922080 +0200 @@ -1,0 +2,14 @@ +Mon Aug 07 13:58:01 UTC 2017 - lnus...@suse.de + +- Update to version 2+git20170807.10b2785: + * Check TRANSACTIONAL_UPDATE is set (boo#1045942) + * Add systemd units + +--- +Mon Jun 19 13:31:02 CEST 2017 - ku...@suse.de + +- Run update-ca-certificate by systemd unit when the content of + one of the paths changes. Needed for read-only root and/or + transactional updates. + +--- Old: ca-certificates-2+git20151110.c15593c.tar.xz New: ca-certificates-2+git20170807.10b2785.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.188774181 +0200 +++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.208771380 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:2+git20151110.c15593c +Version:2+git20170807.10b2785 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ @@ -53,9 +53,12 @@ Obsoletes: java-ca-certificates = 1 Provides: java-ca-certificates = %version-%release BuildArch: noarch +%{?systemd_requires} %description -Utilities for system wide CA certificate installation +Update-ca-certificates is intended to keep the certificate stores of +SSL libraries like OpenSSL or GnuTLS in sync with the system's CA +certificate store that is managed by p11-kit. %prep %setup -q @@ -67,6 +70,7 @@ rm -f certbundle.run %endif %make_install +ln -s service %{buildroot}%{_sbindir}/rcca-certificates install -d -m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} install -d -m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} install -d -m 755 %{buildroot}%{ssletcdir} @@ -74,6 +78,7 @@ install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl +install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} @@ -119,6 +124,7 @@ done mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} fi +%service_add_pre ca-certificates.path ca-certificates.service %post if [ -s /etc/ca-certificates.conf ]; then @@ -134,11 +140,16 @@ # This also makes sure we update the hash links in /etc/ssl/certs # as openssl changed the hash format between 0.9.8 and 1.0 update-ca-certificates -f || true +%service_add_post ca-certificates.path ca-certificates.service + +%preun +%service_del_preun ca-certificates.path ca-certificates.service %postun if [ "$1" -eq 0 ]; then rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl fi +%service_del_postun ca-certificates.path ca-certificates.service %clean rm -rf %{buildroot} @@ -160,9 +171,11 @@ %dir /etc/ca-certificates/update.d %dir %{_prefix}/lib/ca-certificates %dir %{_prefix}/lib/ca-certificates/update.d + %{_prefix}/lib/systemd/system/* %dir /var/lib/ca-certificates %dir /var/lib/ca-certificates/pem %dir /var/lib/ca-certificates/openssl +%{_sbindir}/rcca-certificates %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* %{_prefix}/lib/ca-certificates/update.d/*java.run ++ _servicedata ++ --- /var/tmp/diff_new_pack.oJhPne/_old 2017-08-12 20:01:25.392745609 +0200 +++ /var/tmp/diff_new_pack.oJhPne/_new 2017-08-12 20:01:25.392745609 +0200 @@ -1,4 +1,4 @@ http://github
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2015-11-17 14:20:22 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2015-03-25 21:04:40.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2015-11-17 14:20:24.0 +0100 @@ -1,0 +2,6 @@ +Wed Nov 11 08:18:47 UTC 2015 - lnus...@suse.de + +- Update to version 2+git20151110.c15593c: + + set proper umask (boo#948724) + +--- Old: ca-certificates-2+git20150324.e3ee392.tar.xz New: ca-certificates-2+git20151110.c15593c.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.KyGmYY/_old 2015-11-17 14:20:25.0 +0100 +++ /var/tmp/diff_new_pack.KyGmYY/_new 2015-11-17 14:20:25.0 +0100 @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:2+git20150324.e3ee392 +Version:2+git20151110.c15593c Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ ++ _servicedata ++ --- /var/tmp/diff_new_pack.KyGmYY/_old 2015-11-17 14:20:25.0 +0100 +++ /var/tmp/diff_new_pack.KyGmYY/_new 2015-11-17 14:20:25.0 +0100 @@ -1,4 +1,4 @@ http://github.com/openSUSE/ca-certificates.git - e3ee3929d97e90f81a0b8aea77513def30817f2f \ No newline at end of file + c15593c0a7022a63dcc723f29327d87d14c6b99e \ No newline at end of file ++ ca-certificates-2+git20150324.e3ee392.tar.xz -> ca-certificates-2+git20151110.c15593c.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-2+git20150324.e3ee392/update-ca-certificates new/ca-certificates-2+git20151110.c15593c/update-ca-certificates --- old/ca-certificates-2+git20150324.e3ee392/update-ca-certificates 2015-03-24 11:30:20.0 +0100 +++ new/ca-certificates-2+git20151110.c15593c/update-ca-certificates 2015-11-11 09:18:47.0 +0100 @@ -51,6 +51,9 @@ exit 0; } +# set sane umask +umask 0222; + my @args; push @args, '-f' if $options{fresh}; push @args, '-v' if $options{verbose};
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2015-03-25 21:04:39 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-11-15 12:13:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2015-03-25 21:04:40.0 +0100 @@ -1,0 +2,12 @@ +Wed Mar 25 08:12:28 UTC 2015 - lnus...@suse.de + +- require p11-kit-tools >= 0.23.1 + +--- +Tue Mar 24 10:30:21 UTC 2015 - lnus...@suse.de + +- Update to version 2+git20150324.e3ee392: + + p11-kit 0.23.1 supports pem-directory-hash now +- use service file to generate tarball + +--- Old: ca-certificates-1_201403302107.tar.xz New: _service _servicedata ca-certificates-2+git20150324.e3ee392.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.qYWwyl/_old 2015-03-25 21:04:40.0 +0100 +++ /var/tmp/diff_new_pack.qYWwyl/_new 2015-03-25 21:04:40.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201403302107 +Version:2+git20150324.e3ee392 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ @@ -40,7 +40,7 @@ # Requires: openssl Requires: p11-kit -Requires: p11-kit-tools >= 0.19.3 +Requires: p11-kit-tools >= 0.23.1 # needed for post Requires(post): coreutils openssl p11-kit-tools Recommends: ca-certificates-mozilla ++ _service ++ 2 2+git%cd.%h http://github.com/openSUSE/ca-certificates.git git enable xz *.tar ca-certificates.spec ++ _servicedata ++ http://github.com/openSUSE/ca-certificates.git e3ee3929d97e90f81a0b8aea77513def30817f2f-- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-11-15 11:40:46 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-08-05 21:11:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-11-15 12:13:25.0 +0100 @@ -1,0 +2,5 @@ +Sat Nov 08 04:32:00 UTC 2014 - Led + +- fix bashism in postun script + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.t9U2F6/_old 2014-11-15 12:13:26.0 +0100 +++ /var/tmp/diff_new_pack.t9U2F6/_new 2014-11-15 12:13:26.0 +0100 @@ -137,7 +137,7 @@ %postun if [ "$1" -eq 0 ]; then - rm -rf /var/lib/ca-certificates/{pem,openssl} + rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl fi %clean -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-08-05 21:11:04 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-07-31 10:04:22.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-08-05 21:11:14.0 +0200 @@ -1,0 +2,13 @@ +Tue Aug 5 11:09:24 UTC 2014 - lnus...@suse.de + +- use rpm -qf to determine if a ssl cert is owned by some other + package and therefore doesn't need to be migrated (related to + bnc#890205). + +--- +Mon Aug 4 15:35:27 UTC 2014 - lnus...@suse.de + +- add p11 kit header to set label of migrated certificates to the + file name of the previous one (bnc#890205) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.qGb5X2/_old 2014-08-05 21:11:16.0 +0200 +++ /var/tmp/diff_new_pack.qGb5X2/_new 2014-08-05 21:11:16.0 +0200 @@ -91,16 +91,33 @@ %pre # migrate /etc/ssl/certs to a symlink if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then - mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} # copy custom pem files to new location (bnc#875647) mkdir -p /etc/pki/trust/anchors - for cert in %{sslcerts}.rpmsave/*.pem; do + for cert in %{sslcerts}/*.pem; do test -f "$cert" -a ! -L "$cert" || continue read firstline < "$cert" # skip package provided certificates (bnc#875647) - test "$firstline" != "# generated by openssl-certs, do not edit" || continue - cp -v -n "$cert" /etc/pki/trust/anchors/ + if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then + continue + fi + # create a p11-kit header that set the label of + # the certificate to the file name. That ensures + # that the certificate gets the same name in + # /etc/ssl/certs as before + bn="${cert##*/}" + ( + cat <<-EOF + # created by update-ca-certificates from + # $cert + [p11-kit-object-v1] + class: certificate + label: "${bn%.pem}" + trusted: true + EOF + cat $cert + ) > "/etc/pki/trust/$bn" done + mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} fi %post -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-07-31 10:04:11 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-07-21 10:35:28.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-07-31 10:04:22.0 +0200 @@ -1,0 +2,6 @@ +Wed Jul 30 11:45:54 UTC 2014 - lnus...@suse.de + +- removed the version in the Obsoletes. The package in SLE11 got + version updated (bnc#887099). + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.7cr5Hq/_old 2014-07-31 10:04:24.0 +0200 +++ /var/tmp/diff_new_pack.7cr5Hq/_new 2014-07-31 10:04:24.0 +0200 @@ -47,7 +47,7 @@ # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets # installed (bnc#594434). -Obsoletes: openssl-certs < 0.9.9 +Obsoletes: openssl-certs # no need for a separate Java package anymore. The bundle is # created by C code. Obsoletes: java-ca-certificates = 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-07-21 10:35:27 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-07-08 13:01:49.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-07-21 10:35:28.0 +0200 @@ -1,0 +2,6 @@ +Thu Jul 17 09:51:16 UTC 2014 - meiss...@suse.com + +- clarify the start order of the generators, as certbundle.run + semi-depends on etc_ssl.run via a timestamp. (bnc#883386) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.v8Cxbk/_old 2014-07-21 10:35:29.0 +0200 +++ /var/tmp/diff_new_pack.v8Cxbk/_new 2014-07-21 10:35:29.0 +0200 @@ -81,6 +81,13 @@ %endif install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts +# should be done in git. +mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,50}java.run +mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,70}openssl.run +mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,80}etc_ssl.run +# certbundle.run must be run after etc_ssl.run as it uses a timestamp from it +mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run + %pre # migrate /etc/ssl/certs to a symlink if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then @@ -141,14 +148,14 @@ %dir /var/lib/ca-certificates/openssl %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* -%{_prefix}/lib/ca-certificates/update.d/java.run -%{_prefix}/lib/ca-certificates/update.d/etc_ssl.run -%{_prefix}/lib/ca-certificates/update.d/openssl.run +%{_prefix}/lib/ca-certificates/update.d/*java.run +%{_prefix}/lib/ca-certificates/update.d/*etc_ssl.run +%{_prefix}/lib/ca-certificates/update.d/*openssl.run # %if %{with cabundle} %{ssletcdir}/ca-bundle.pem %ghost %{cabundle} -%{_prefix}/lib/ca-certificates/update.d/certbundle.run +%{_prefix}/lib/ca-certificates/update.d/*certbundle.run %endif %changelog -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-07-08 13:01:48 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-06-18 10:59:22.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-07-08 13:01:49.0 +0200 @@ -1,0 +2,5 @@ +Mon Jun 23 15:24:13 UTC 2014 - lnus...@suse.de + +- fix directory permissions for real this time (bnc#871639) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.hRGtF1/_old 2014-07-08 13:01:50.0 +0200 +++ /var/tmp/diff_new_pack.hRGtF1/_new 2014-07-08 13:01:50.0 +0200 @@ -67,13 +67,13 @@ rm -f certbundle.run %endif %make_install -install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} -install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} -install -d m 755 %{buildroot}%{ssletcdir} -install -d m 755 %{buildroot}/etc/ca-certificates/update.d -install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d -install -d m 555 %{buildroot}/var/lib/ca-certificates/pem -install -d m 555 %{buildroot}/var/lib/ca-certificates/openssl +install -d -m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} +install -d -m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} +install -d -m 755 %{buildroot}%{ssletcdir} +install -d -m 755 %{buildroot}/etc/ca-certificates/update.d +install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d +install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem +install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-06-18 10:59:15 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-05-10 08:32:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-06-18 10:59:22.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 4 11:10:24 UTC 2014 - lnus...@suse.de + +- don't keep certificates with marker (bnc#875647) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.raIksr/_old 2014-06-18 10:59:23.0 +0200 +++ /var/tmp/diff_new_pack.raIksr/_new 2014-06-18 10:59:23.0 +0200 @@ -87,8 +87,13 @@ mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} # copy custom pem files to new location (bnc#875647) mkdir -p /etc/pki/trust/anchors - find %{sslcerts}.rpmsave -maxdepth 1 -name '*.pem' -type f -print0 | \ - xargs -0 --no-run-if-empty -n1 -I FILE cp -v -n FILE /etc/pki/trust/anchors/ + for cert in %{sslcerts}.rpmsave/*.pem; do + test -f "$cert" -a ! -L "$cert" || continue + read firstline < "$cert" + # skip package provided certificates (bnc#875647) + test "$firstline" != "# generated by openssl-certs, do not edit" || continue + cp -v -n "$cert" /etc/pki/trust/anchors/ + done fi %post -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-05-10 08:32:28 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-04-09 13:01:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-05-10 08:32:46.0 +0200 @@ -1,0 +2,6 @@ +Thu May 8 15:41:43 UTC 2014 - lnus...@suse.de + +- copy custom pem files in /etc/ssl/certs to /etc/pki/anchors on + update (bnc#875647) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.ztxoQU/_old 2014-05-10 08:32:47.0 +0200 +++ /var/tmp/diff_new_pack.ztxoQU/_new 2014-05-10 08:32:47.0 +0200 @@ -41,7 +41,7 @@ Requires: openssl Requires: p11-kit Requires: p11-kit-tools >= 0.19.3 -# needed for %post +# needed for post Requires(post): coreutils openssl p11-kit-tools Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are @@ -85,6 +85,10 @@ # migrate /etc/ssl/certs to a symlink if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} + # copy custom pem files to new location (bnc#875647) + mkdir -p /etc/pki/trust/anchors + find %{sslcerts}.rpmsave -maxdepth 1 -name '*.pem' -type f -print0 | \ + xargs -0 --no-run-if-empty -n1 -I FILE cp -v -n FILE /etc/pki/trust/anchors/ fi %post -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-04-09 13:01:11 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2014-04-06 09:56:18.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-04-09 13:01:14.0 +0200 @@ -1,0 +2,5 @@ +Mon Apr 7 15:07:44 UTC 2014 - lnus...@suse.de + +- Fix typo in man page + +--- Old: ca-certificates-1_201312061005.tar.xz New: ca-certificates-1_201403302107.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.H5zQM7/_old 2014-04-09 13:01:15.0 +0200 +++ /var/tmp/diff_new_pack.H5zQM7/_new 2014-04-09 13:01:15.0 +0200 @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201312061005 +Version:1_201403302107 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ ++ ca-certificates-1_201312061005.tar.xz -> ca-certificates-1_201403302107.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201312061005/README new/ca-certificates-1_201403302107/README --- old/ca-certificates-1_201312061005/README 2013-12-06 10:05:00.0 +0100 +++ new/ca-certificates-1_201403302107/README 2014-03-30 21:07:42.0 +0200 @@ -35,7 +35,7 @@ - Packages are expected to install their CA certificates in - /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) intead + /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) instead of /usr/share/ca-certificates/ now. The anchors subdirectory is for regular pem files, the directory one above for pem files in openssl's 'trusted' format. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201312061005/update-ca-certificates.8 new/ca-certificates-1_201403302107/update-ca-certificates.8 --- old/ca-certificates-1_201312061005/update-ca-certificates.8 2013-12-06 10:05:00.0 +0100 +++ new/ca-certificates-1_201403302107/update-ca-certificates.8 2014-03-30 21:07:42.0 +0200 @@ -59,7 +59,7 @@ .I /etc/pki/trust/anchors Directory of CA certificate trust anchors for use by the admin .TP -.I /etc/pki/trust/anchors +.I /etc/pki/trust/blacklist Directory of blacklisted CA certificates for use by the admin .SH SEE ALSO .BR c_rehash (1), -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2014-04-06 09:56:17 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-12-17 10:00:33.0 +0100 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2014-04-06 09:56:18.0 +0200 @@ -1,0 +2,5 @@ +Fri Apr 4 11:38:17 UTC 2014 - lnus...@suse.de + +- package correct permissions of generated directories (bnc#871639) + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.dNXpMK/_old 2014-04-06 09:56:19.0 +0200 +++ /var/tmp/diff_new_pack.dNXpMK/_new 2014-04-06 09:56:19.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -72,8 +72,8 @@ install -d m 755 %{buildroot}%{ssletcdir} install -d m 755 %{buildroot}/etc/ca-certificates/update.d install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d -install -d m 755 %{buildroot}/var/lib/ca-certificates/pem -install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl +install -d m 555 %{buildroot}/var/lib/ca-certificates/pem +install -d m 555 %{buildroot}/var/lib/ca-certificates/openssl ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-12-17 10:00:31 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-10-17 13:59:30.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-12-17 10:00:33.0 +0100 @@ -1,0 +2,6 @@ +Fri Dec 6 09:16:11 UTC 2013 - lnus...@suse.de + +- etc_ssl.run: fix typo +- turn /etc/ssl/certs into a symlink to /var/lib/ca-certificates/pem + +--- Old: ca-certificates-1_201310161709.tar.xz New: ca-certificates-1_201312061005.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.6ffsMF/_old 2013-12-17 10:00:34.0 +0100 +++ /var/tmp/diff_new_pack.6ffsMF/_new 2013-12-17 10:00:34.0 +0100 @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201310161709 +Version:1_201312061005 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ @@ -69,17 +69,24 @@ %make_install install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} -install -d m 755 %{buildroot}/etc/ssl/certs +install -d m 755 %{buildroot}%{ssletcdir} install -d m 755 %{buildroot}/etc/ca-certificates/update.d install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d install -d m 755 %{buildroot}/var/lib/ca-certificates/pem install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl +ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} %if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem %endif install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts +%pre +# migrate /etc/ssl/certs to a symlink +if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then + mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} +fi + %post if [ -s /etc/ca-certificates.conf ]; then while read line; do @@ -114,7 +121,7 @@ %dir %{trustdir_static} %dir %{trustdir_static}/anchors %dir %{trustdir_static}/blacklist -%dir /etc/ssl/certs +%sslcerts %ghost /var/lib/ca-certificates/java-cacerts %dir /etc/ca-certificates %dir /etc/ca-certificates/update.d ++ ca-certificates-1_201310161709.tar.xz -> ca-certificates-1_201312061005.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201310161709/etc_ssl.run new/ca-certificates-1_201312061005/etc_ssl.run --- old/ca-certificates-1_201310161709/etc_ssl.run 2013-10-16 17:09:27.0 +0200 +++ new/ca-certificates-1_201312061005/etc_ssl.run 2013-12-06 10:05:00.0 +0100 @@ -84,8 +84,13 @@ "help|h", ) or die "$!\n"; +$ENV{'P11_KIT_PEMDIR_HASH'} = 1; system("trust", "extract", "--purpose=server-auth", "--filter=ca-anchors", "--format=pem-directory", "-f", $pemdir) == 0 or die; +# we are done if /etc/ssl/certs is a link pointing to /var/lib/ca-certificates/pem +exit 0 if (-l $etccertsdir && readlink($etccertsdir) eq $pemdir); +warn "Warning: $etccertsdir should be a link to $pemdir!\n"; + for my $f (<"$pemdir/*.pem">) { addcert($f); } @@ -127,5 +132,5 @@ if ($foundignored) { print STDERR "\n* = CA Certificates in /etc/ssl/certs are only seen by some legacy applications. -To install CA-Certificates globally move them to /etc/pki/trust/ancors instead!\n"; +To install CA-Certificates globally move them to /etc/pki/trust/anchors instead!\n"; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-10-17 13:59:29 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-08-30 11:32:51.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-10-17 13:59:30.0 +0200 @@ -1,0 +2,6 @@ +Wed Oct 16 15:11:26 UTC 2013 - lnus...@suse.de + +- fix typo in README (bnc#845500) +- remove old extractcerts.pl + +--- Old: ca-certificates-1_201308271454.tar.xz New: ca-certificates-1_201310161709.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.WmtQER/_old 2013-10-17 13:59:32.0 +0200 +++ /var/tmp/diff_new_pack.WmtQER/_new 2013-10-17 13:59:32.0 +0200 @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201308271454 +Version:1_201310161709 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ ++ ca-certificates-1_201308271454.tar.xz -> ca-certificates-1_201310161709.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201308271454/README new/ca-certificates-1_201310161709/README --- old/ca-certificates-1_201308271454/README 2013-08-27 14:54:33.0 +0200 +++ new/ca-certificates-1_201310161709/README 2013-10-16 17:09:27.0 +0200 @@ -7,9 +7,9 @@ various components in sync with the system CA certificates. The canonical source of CA certificates is what p11-kit knows about. -By default p11-kit looks into /usr/share/pki/anchors -resp /etc/pki/trust/anchors but there could be other plugins that -serve as source for certificates as well. +By default p11-kit looks into /usr/share/pki/trust/ resp +/etc/pki/trust/ but there could be other plugins that serve as +source for certificates as well. Supported Certificate Stores @@ -35,8 +35,10 @@ - Packages are expected to install their CA certificates in - /usr/share/pki/anchors/ (no extra subdir) intead of - /usr/share/ca-certificates/ now. + /usr/share/pki/trust/anchors or /usr/share/pki/trust (no extra subdir) intead + of /usr/share/ca-certificates/ now. The anchors subdirectory is for + regular pem files, the directory one above for pem files in + openssl's 'trusted' format. - /etc/ca-certificates.conf is no longer supported. Just symlink the certificates you don't want to /etc/pki/trust/blacklist. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-08-30 11:32:49 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-08-24 10:14:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-08-30 11:32:51.0 +0200 @@ -1,0 +2,11 @@ +Tue Aug 27 12:53:44 UTC 2013 - lnus...@suse.de + +- re-enable the CA bundle again for glib-networking (bnc#825903) + +--- +Tue Aug 27 07:11:04 UTC 2013 - lnus...@suse.de + +- make sure we have p11-kit >= 0.19.3 which has the 'trust' command + (bnc#836560) + +--- Old: ca-certificates-1_201308051322.tar.xz New: ca-certificates-1_201308271454.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.nbLuEO/_old 2013-08-30 11:32:52.0 +0200 +++ /var/tmp/diff_new_pack.nbLuEO/_new 2013-08-30 11:32:52.0 +0200 @@ -17,10 +17,10 @@ # the ca bundle file was meant as compat option for e.g. -# proprietary packages. Now that I see it abused in free software -# packages that can be trivially patched to do the right thing I'm -# disabling this for now again. -%bcond_with cabundle +# proprietary packages. It's not meant to be used at all. +# unfortunately glib-networking has such a complicated abstraction +# on top of gnutls that we have to live with the bundle for now +%bcond_without cabundle BuildRequires: openssl BuildRequires: p11-kit-devel @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201308051322 +Version:1_201308271454 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ @@ -40,7 +40,7 @@ # Requires: openssl Requires: p11-kit -Requires: p11-kit-tools +Requires: p11-kit-tools >= 0.19.3 # needed for %post Requires(post): coreutils openssl p11-kit-tools Recommends: ca-certificates-mozilla ++ ca-certificates-1_201308051322.tar.xz -> ca-certificates-1_201308271454.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201308051322/certbundle.run new/ca-certificates-1_201308271454/certbundle.run --- old/ca-certificates-1_201308051322/certbundle.run 2013-08-05 13:22:58.0 +0200 +++ new/ca-certificates-1_201308271454/certbundle.run 2013-08-27 14:54:33.0 +0200 @@ -28,7 +28,7 @@ # functions that know the operating system defaults instead: # # - openssl: SSL_CTX_set_default_verify_paths() -# - gnutls: gnutls_x509_trust_list_add_system_trust() +# - gnutls: gnutls_certificate_set_x509_system_trust(cred) # EOF trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors $cafile.tmp diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201308051322/extractcerts.pl new/ca-certificates-1_201308271454/extractcerts.pl --- old/ca-certificates-1_201308051322/extractcerts.pl 2013-08-05 13:22:58.0 +0200 +++ new/ca-certificates-1_201308271454/extractcerts.pl 1970-01-01 01:00:00.0 +0100 @@ -1,217 +0,0 @@ -#!/usr/bin/perl -w -# -# * BEGIN LICENSE BLOCK * -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-08-24 10:14:37 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-07-03 10:11:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-08-24 10:14:38.0 +0200 @@ -1,0 +2,6 @@ +Mon Aug 5 11:24:04 UTC 2013 - lnus...@suse.de + +- don't remove symlinks to other locations in /etc/ssl/certs +- use the trust binary instead of p11-kit to extract trust + +--- Old: ca-certificates-1_201307011044.tar.xz New: ca-certificates-1_201308051322.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.gFmEYm/_old 2013-08-24 10:14:39.0 +0200 +++ /var/tmp/diff_new_pack.gFmEYm/_new 2013-08-24 10:14:39.0 +0200 @@ -29,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201307011044 +Version:1_201308051322 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ ++ ca-certificates-1_201307011044.tar.xz -> ca-certificates-1_201308051322.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201307011044/certbundle.run new/ca-certificates-1_201308051322/certbundle.run --- old/ca-certificates-1_201307011044/certbundle.run 2013-07-01 10:44:11.0 +0200 +++ new/ca-certificates-1_201308051322/certbundle.run 2013-08-05 13:22:58.0 +0200 @@ -31,7 +31,7 @@ # - gnutls: gnutls_x509_trust_list_add_system_trust() # EOF -p11-kit extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors $cafile.tmp +trust extract --format=pem-bundle --purpose=server-auth --filter=ca-anchors $cafile.tmp cat $cafile.tmp >> $cafile.new rm -f $cafile.tmp mv "$cafile.new" "$cafile" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201307011044/etc_ssl.run new/ca-certificates-1_201308051322/etc_ssl.run --- old/ca-certificates-1_201307011044/etc_ssl.run 2013-07-01 10:44:11.0 +0200 +++ new/ca-certificates-1_201308051322/etc_ssl.run 2013-08-05 13:22:58.0 +0200 @@ -84,7 +84,7 @@ "help|h", ) or die "$!\n"; -system("p11-kit", "extract", "--purpose=server-auth", "--filter=ca-anchors", "--format=pem-directory", "-f", $pemdir) == 0 or die; +system("trust", "extract", "--purpose=server-auth", "--filter=ca-anchors", "--format=pem-directory", "-f", $pemdir) == 0 or die; for my $f (<"$pemdir/*.pem">) { addcert($f); @@ -93,7 +93,7 @@ # clean dangling symlinks for my $f (<"$etccertsdir/*.pem">) { unless (-l $f) { - print STDERR "$f is wrong here *)\n"; + print STDERR "$f is in the wrong location *)\n"; $foundignored = 1; next; } @@ -101,11 +101,12 @@ my $d = readlink($f); unless ($d && startswith($d, $pemdir)) { # don't warn about the symlinks we had in the distro before - unless (startswith($d, "/usr/share/ca-certificates/")) { - print STDERR "wrong symlink $f removed *)\n"; + if (startswith($d, "/usr/share/ca-certificates/")) { + unlink $f; + } else { + print STDERR "$f is in the wrong location *)\n"; $foundignored = 1; } - unlink $f } } else { $removed{$f} = 1; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201307011044/java.run new/ca-certificates-1_201308051322/java.run --- old/ca-certificates-1_201307011044/java.run 2013-07-01 10:44:11.0 +0200 +++ new/ca-certificates-1_201308051322/java.run 2013-08-05 13:22:58.0 +0200 @@ -19,6 +19,6 @@ done [ -z "$verbose" ] || echo "creating $cafile ..." -p11-kit extract --format=java-cacerts --purpose=server-auth --filter=ca-anchors --overwrite $cafile +trust extract --format=java-cacerts --purpose=server-auth --filter=ca-anchors --overwrite $cafile # vim: syntax=sh diff -urN '--exclude=CVS' '--exclude=.cvsignore'
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-07-03 10:11:35 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-06-25 17:20:12.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-07-03 10:11:38.0 +0200 @@ -1,0 +2,6 @@ +Thu Jun 27 16:17:51 UTC 2013 - lnus...@suse.de + +- disable generating ca-bundle for now again so people don't submit + new packages that use this file. + +--- @@ -5,0 +12,5 @@ + +--- +Mon Jun 24 12:46:30 UTC 2013 - lnus...@suse.de + +- update manpage Old: ca-certificates-1_201306200949.tar.xz New: ca-certificates-1_201307011044.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.BydYCo/_old 2013-07-03 10:11:38.0 +0200 +++ /var/tmp/diff_new_pack.BydYCo/_new 2013-07-03 10:11:38.0 +0200 @@ -16,6 +16,12 @@ # +# the ca bundle file was meant as compat option for e.g. +# proprietary packages. Now that I see it abused in free software +# packages that can be trivially patched to do the right thing I'm +# disabling this for now again. +%bcond_with cabundle + BuildRequires: openssl BuildRequires: p11-kit-devel @@ -23,7 +29,7 @@ %define ssletcdir %{_sysconfdir}/ssl %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define sslcerts %{ssletcdir}/certs -Version:1_201306200949 +Version:1_201307011044 Release:0 Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ @@ -57,6 +63,9 @@ %build %install +%if %{without cabundle} +rm -f certbundle.run +%endif %make_install install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} @@ -65,9 +74,11 @@ install -d m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d install -d m 755 %{buildroot}/var/lib/ca-certificates/pem install -d m 755 %{buildroot}/var/lib/ca-certificates/openssl +%if %{with cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle} -install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem +%endif +install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts %post if [ -s /etc/ca-certificates.conf ]; then @@ -104,8 +115,6 @@ %dir %{trustdir_static}/anchors %dir %{trustdir_static}/blacklist %dir /etc/ssl/certs -%{ssletcdir}/ca-bundle.pem -%ghost %{cabundle} %ghost /var/lib/ca-certificates/java-cacerts %dir /etc/ca-certificates %dir /etc/ca-certificates/update.d @@ -117,8 +126,13 @@ %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* %{_prefix}/lib/ca-certificates/update.d/java.run -%{_prefix}/lib/ca-certificates/update.d/certbundle.run %{_prefix}/lib/ca-certificates/update.d/etc_ssl.run %{_prefix}/lib/ca-certificates/update.d/openssl.run +# +%if %{with cabundle} +%{ssletcdir}/ca-bundle.pem +%ghost %{cabundle} +%{_prefix}/lib/ca-certificates/update.d/certbundle.run +%endif %changelog ++ ca-certificates-1_201306200949.tar.xz -> ca-certificates-1_201307011044.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ca-certificates-1_201306200949/update-ca-certificates.8 new/ca-certificates-1_201307011044/update-ca-certificates.8 --- old/ca-certificates-1_201306200949/update-ca-certificates.8 2013-06-20 09:49:53.0 +0200 +++ new/ca-certificates-1_201307011044/update-ca-certificates.8 2013-07-01 10:44:11.0 +0200 @@ -21,24 +21,22 @@ .B update-ca-certificates .RI [ options ] .SH DESCRIPTION -\fBupdate-ca-certificates\fP updates the directory -/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem, -a concatenated single-file list of certificates. +\fBupdate-ca-certificates\fP is intended to keep the certificate stores of +various components in sync with the system CA certificates. .PP -It reads the file /etc/ca-certificates.conf. Each line gives a pathname of -a CA certificate under /usr/share/ca-certificates that should be trusted. -Lines that begin with "#" are comment lines and thus ignored. -Lines that begin with "!" are deselected, causing the deactivation -of the CA certificate in question. All certificates are implicitly -trusted if no trusted certificates are listed. +The canon
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-06-25 17:13:48 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2013-06-25 14:38:53.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-06-25 17:20:12.0 +0200 @@ -1,0 +2,6 @@ +Mon Jun 24 21:09:16 UTC 2013 - hrvoje.sen...@gmail.com + +- Explicitly require p11-kit, otherwise trusted certificates won't + be generated + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.mX2Yew/_old 2013-06-25 17:20:13.0 +0200 +++ /var/tmp/diff_new_pack.mX2Yew/_new 2013-06-25 17:20:13.0 +0200 @@ -33,6 +33,7 @@ Url:https://github.com/openSUSE/ca-certificates # Requires: openssl +Requires: p11-kit Requires: p11-kit-tools # needed for %post Requires(post): coreutils openssl p11-kit-tools -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2013-06-25 09:36:53 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2012-05-08 12:25:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2013-06-25 14:38:53.0 +0200 @@ -1,0 +2,5 @@ +Thu Jun 20 09:15:52 UTC 2013 - lnus...@suse.de + +- use p11-kit to generate the files + +--- Old: GPL-2.0.txt certbundle.run java.run keystore.java update-ca-certificates update-ca-certificates.8 New: ca-certificates-1_201306200949.tar.xz Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.p3QIV1/_old 2013-06-25 14:38:54.0 +0200 +++ /var/tmp/diff_new_pack.p3QIV1/_new 2013-06-25 14:38:54.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,154 +15,109 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - -%bcond_without java BuildRequires: openssl -%if %{with java} -BuildRequires: gcc-java -BuildRequires: fastjar -%endif +BuildRequires: p11-kit-devel Name: ca-certificates %define ssletcdir %{_sysconfdir}/ssl -%define etccadir %{ssletcdir}/certs %define cabundle /var/lib/ca-certificates/ca-bundle.pem -%define usrcadir %{_datadir}/ca-certificates +%define sslcerts %{ssletcdir}/certs +Version:1_201306200949 +Release:0 +Summary:Utilities for system wide CA certificate installation License:GPL-2.0+ Group: Productivity/Networking/Security -Version:1 -Release:12 -Summary:Utilities for system wide CA certificate installation -Source0:update-ca-certificates -Source1:update-ca-certificates.8 -Source2:GPL-2.0.txt -Source3:certbundle.run -Source4:keystore.java -Source5:java.run +Source0:ca-certificates-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url:http://gitorious.org/opensuse/ca-certificates +Url:https://github.com/openSUSE/ca-certificates # Requires: openssl +Requires: p11-kit-tools # needed for %post -Requires: coreutils +Requires(post): coreutils openssl p11-kit-tools Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets # installed (bnc#594434). Obsoletes: openssl-certs < 0.9.9 +# no need for a separate Java package anymore. The bundle is +# created by C code. +Obsoletes: java-ca-certificates = 1 +Provides: java-ca-certificates = %version-%release BuildArch: noarch -%if %{with java} - -%package -n java-ca-certificates -License:GPL-2.0+ -Group: Productivity/Networking/Security -Summary:Utilities CA certificate import to gcj -Requires(post): ca-certificates -Supplements:packageand(gcj-compat:ca-certificates) -Supplements:packageand(java-1_6_0-openjdk:ca-certificates) -Supplements:packageand(java-1_6_0-sun:ca-certificates) -%endif - %description Utilities for system wide CA certificate installation -%if %{with java} - -%description -n java-ca-certificates -Utilities for CA certificate installation for gcj and openjdk Java -%endif - %prep -%setup -qcT -install -m 755 %{SOURCE0} . -install -m 644 %{SOURCE1} . -install -m 644 %{SOURCE2} COPYING +%setup -q %build -%if %{with java} -gcj -C %SOURCE4 -d . -# emulate -e option of jar for fastjar -cat < MANIFEST.MF -Manifest-Version: 1.0 -Created-By: 0.98 -Main-Class: keystore -EOF -fastjar cfm keystore.jar MANIFEST.MF keystore*.class -%endif %install -mkdir -p %{buildroot}/%{etccadir} -mkdir -p %{buildroot}/%{usrcadir} -mkdir -p %{buildroot}/%{_sbindir} -mkdir -p %{buildroot}/%{_mandir}/man8 -mkdir -p %{buildroot}/etc/ca-certificates/update.d -mkdir -p %{buildroot}%{_prefix}/lib/ca-certificates/update.d +%make_install +install -d m 755 %{buildroot}%{trustdir_cfg}/{anchors,blacklist} +install -d m 755 %{buildroot}%{trustdir_static}/{anchors,blacklist} +install -d m 755 %{buildroot}/etc/ssl/certs +install -d m 755 %{bui
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2012-05-08 12:25:42 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2011-10-25 15:48:14.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2012-05-08 12:25:45.0 +0200 @@ -1,0 +2,5 @@ +Fri May 4 11:55:14 UTC 2012 - lnus...@suse.de + +- give hint about SSL_CTX_set_default_verify_paths in cert bundle + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.38LMPa/_old 2012-05-08 12:25:46.0 +0200 +++ /var/tmp/diff_new_pack.38LMPa/_new 2012-05-08 12:25:46.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ certbundle.run ++ --- /var/tmp/diff_new_pack.38LMPa/_old 2012-05-08 12:25:46.0 +0200 +++ /var/tmp/diff_new_pack.38LMPa/_new 2012-05-08 12:25:46.0 +0200 @@ -21,8 +21,12 @@ cat > "$cafile.new" <
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2011-12-06 18:02:19 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates", Maintainer is "" Changes: Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.mfTMTF/_old 2011-12-06 18:04:16.0 +0100 +++ /var/tmp/diff_new_pack.mfTMTF/_new 2011-12-06 18:04:16.0 +0100 @@ -30,7 +30,7 @@ %define etccadir %{ssletcdir}/certs %define cabundle /var/lib/ca-certificates/ca-bundle.pem %define usrcadir %{_datadir}/ca-certificates -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Networking/Security Version:1 Release:12 @@ -57,7 +57,7 @@ %if %{with java} %package -n java-ca-certificates -License:GPLv2+ +License:GPL-2.0+ Group: Productivity/Networking/Security Summary:Utilities CA certificate import to gcj Requires(post): ca-certificates -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at 2011-10-25 15:48:09 Comparing /work/SRC/openSUSE:Factory/ca-certificates (Old) and /work/SRC/openSUSE:Factory/.ca-certificates.new (New) Package is "ca-certificates", Maintainer is "" Changes: --- /work/SRC/openSUSE:Factory/ca-certificates/ca-certificates.changes 2011-09-23 01:53:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.ca-certificates.new/ca-certificates.changes 2011-10-25 15:48:14.0 +0200 @@ -1,0 +2,5 @@ +Mon Oct 24 11:57:53 UTC 2011 - co...@suse.com + +- require coreutils for %post script + +--- Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.mMCIcU/_old 2011-10-25 15:48:16.0 +0200 +++ /var/tmp/diff_new_pack.mMCIcU/_new 2011-10-25 15:48:16.0 +0200 @@ -45,6 +45,8 @@ Url:http://gitorious.org/opensuse/ca-certificates # Requires: openssl +# needed for %post +Requires: coreutils Recommends: ca-certificates-mozilla # we need to obsolete openssl-certs to make sure it's files are # gone when a package providing actual certificates gets -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit ca-certificates for openSUSE:Factory
Hello community, here is the log from the commit of package ca-certificates for openSUSE:Factory checked in at Tue Jun 21 09:21:37 CEST 2011. --- ca-certificates/ca-certificates.changes 2010-09-27 16:58:22.0 +0200 +++ /mounts/work_src_done/STABLE/ca-certificates/ca-certificates.changes 2011-06-20 15:24:04.0 +0200 @@ -1,0 +2,6 @@ +Mon Jun 20 12:49:52 UTC 2011 - lnus...@suse.de + +- fix spurious rpm warning if no java exists (bnc#634793) +- move java.run to java-ca-certificates + +--- calling whatdependson for head-i586 Other differences: -- ++ ca-certificates.spec ++ --- /var/tmp/diff_new_pack.7fTCoG/_old 2011-06-21 09:14:13.0 +0200 +++ /var/tmp/diff_new_pack.7fTCoG/_new 2011-06-21 09:14:13.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package ca-certificates (Version 1) +# spec file for package ca-certificates # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,7 @@ License:GPLv2+ Group: Productivity/Networking/Security Version:1 -Release:8 +Release:12 Summary:Utilities for system wide CA certificate installation Source0:update-ca-certificates Source1:update-ca-certificates.8 @@ -147,7 +147,7 @@ %dir %{_prefix}/lib/ca-certificates %dir %{_prefix}/lib/ca-certificates/update.d %dir /var/lib/ca-certificates -%{_prefix}/lib/ca-certificates/update.d/* +%{_prefix}/lib/ca-certificates/update.d/certbundle.run %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* %ghost /var/lib/ca-certificates/ca-bundle.pem @@ -157,6 +157,7 @@ %files -n java-ca-certificates %defattr(-, root, root) %dir %{_prefix}/lib/ca-certificates/java +%{_prefix}/lib/ca-certificates/update.d/java.run %{_prefix}/lib/ca-certificates/java/keystore.jar %ghost /var/lib/ca-certificates/java-cacerts %ghost /var/lib/ca-certificates/gcj-cacerts ++ java.run ++ --- /var/tmp/diff_new_pack.7fTCoG/_old 2011-06-21 09:14:13.0 +0200 +++ /var/tmp/diff_new_pack.7fTCoG/_new 2011-06-21 09:14:13.0 +0200 @@ -35,11 +35,13 @@ if [ -n "$JAVA_HOME" ]; then java="$JAVA_HOME/bin/java" else - java=`which java` -fi - -if [[ $(readlink -f "${java}") =~ gij ]]; then -java="" + java=`type -P java` + if [ -n "$java" -a -L "$java" ]; then + java=`readlink -f "$java"` + if [ "${java//gij}" != "$java" ]; then + java= + fi + fi fi if [ ! -e "$libexecdir"/keystore.jar ]; then @@ -73,7 +75,7 @@ fi done -if [ -x "$java" ]; then +if [ -n "$java" -a -x "$java" ]; then echo "creating $cafile ..." $java -jar $libexecdir/keystore.jar -keystore "$cafile" -cadir "$cadir" "$@" fi Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org