Accepting request 923227 from home:lnussel:branches:Base:System

- new package for minimal base containers (jsc#SLE-22162) OBS-URL: https://build.opensuse.org/request/show/923227 OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=117
2021-10-06 06:13:23 +00:00 · 2021-10-06 06:13:23 +00:00 · bcec73a77d
commit bcec73a77d
parent 42732872ba
2 changed files with 91 additions and 0 deletions
--- a/ca-certificates-mozilla-prebuilt.changes
+++ b/ca-certificates-mozilla-prebuilt.changes
@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Mon Oct  4 14:38:44 UTC 2021 - Ludwig Nussel <lnussel@suse.de>
+
+- new package for minimal base containers (jsc#SLE-22162)
--- a/ca-certificates-mozilla-prebuilt.spec
+++ b/ca-certificates-mozilla-prebuilt.spec
@ -0,0 +1,87 @@
+#
+# spec file for package ca-certificates-mozilla-prebuilt
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           ca-certificates-mozilla-prebuilt
+Version:        %(rpm -q --qf %{version} ca-certificates-mozilla)
+Release:        0
+Summary:        Pre-built CA certificates for OpenSSL
+License:        MPL-2.0
+Group:          Productivity/Networking/Security
+URL:            https://www.mozilla.org
+BuildRequires:  ca-certificates-mozilla
+BuildArch:      noarch
+Requires(post): /bin/cp
+
+%description
+This package contains a static set of CA root certificates for
+OpenSSL extracted from MozillaFirefox for use in containers. The
+package pre-fills /var/lib/ca-certificates with a static set of
+certificates if /var/lib/ca-certificates does not exist yet.
+
+Therefore an upgrade of this package will NOT update the list of
+root CA certificates in the system.
+
+It it not possible to configure additional root CA certificates
+using this package.
+
+The package is only intended for use in containers that want to
+avoid installing p11-kit.
+
+For all other use cases please install the
+"ca-certificates-mozilla" package.
+
+%prep
+%setup -qcT
+
+%build
+cp /usr/share/licenses/ca-certificates-mozilla/COPYING .
+
+%install
+mkdir -p %{buildroot}/etc/ssl
+ln -s /var/lib/ca-certificates/pem %{buildroot}/etc/ssl/certs
+ln -s /var/lib/ca-certificates/ca-bundle.pem %{buildroot}/etc/ssl/ca-bundle.pem
+mkdir -p %{buildroot}/usr/share/factory/var/lib
+cp -a /var/lib/ca-certificates %{buildroot}/usr/share/factory/var/lib
+# need rpm needs to be able to delete the buildroot
+chmod u+w %{buildroot}/usr/share/factory/var/lib/ca-certificates/*
+mkdir -p %{buildroot}%{_tmpfilesdir}
+echo "C /var/lib/ca-certificates" > %{buildroot}%{_tmpfilesdir}/%{name}.conf
+
+%post
+if [ -z "${TRANSACTIONAL_UPDATE}" ]; then
+  if [ -x /usr/bin/systemd-tmpfiles ]; then
+    /usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/ca-certificates-mozilla-prebuilt.conf || :
+  elif [ -x /bin/cp ] && [ ! -e /var/lib/ca-certificates ]; then
+    /bin/cp -as /usr/share/factory/var/lib/ca-certificates /var/lib || :
+  fi
+fi
+
+%files
+%license COPYING
+/etc/ssl/ca-bundle.pem
+/etc/ssl/certs
+%{_tmpfilesdir}/%{name}.conf
+/usr/share/factory
+%ghost %dir /var/lib/ca-certificates
+%defattr(0444,root,root,0555)
+%ghost %dir /var/lib/ca-certificates/pem
+%ghost %dir /var/lib/ca-certificates/openssl
+%ghost /var/lib/ca-certificates/java-cacerts
+%ghost /var/lib/ca-certificates/ca-bundle.pem
+
+%changelog