- use rpm -qf to determine if a ssl cert is owned by some other

package and therefore doesn't need to be migrated (related to bnc#890205). OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates?expand=0&rev=59
2014-08-05 11:29:58 +00:00 · 2014-08-05 11:29:58 +00:00 · 011a67030e
commit 011a67030e
parent e236524a63
2 changed files with 13 additions and 4 deletions
--- a/ca-certificates.changes
+++ b/ca-certificates.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Aug  5 11:09:24 UTC 2014 - lnussel@suse.de
+
+- use rpm -qf to determine if a ssl cert is owned by some other
+  package and therefore doesn't need to be migrated (related to
+  bnc#890205).
+
 -------------------------------------------------------------------
 Mon Aug  4 15:35:27 UTC 2014 - lnussel@suse.de

--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -91,14 +91,15 @@ mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run
 %pre
 # migrate /etc/ssl/certs to a symlink
 if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
-	mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts}
 	# copy custom pem files to new location (bnc#875647)
 	mkdir -p /etc/pki/trust/anchors
-	for cert in %{sslcerts}.rpmsave/*.pem; do
+	for cert in %{sslcerts}/*.pem; do
 		test -f "$cert" -a ! -L "$cert" || continue
 		read firstline < "$cert"
 		# skip package provided certificates (bnc#875647)
-		test "$firstline" != "# generated by openssl-certs, do not edit" || continue
+		if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then
+			continue
+		fi
 		# create a p11-kit header that set the label of
 		# the certificate to the file name. That ensures
 		# that the certificate gets the same name in
@ -107,7 +108,7 @@ if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
 		(
 		cat <<-EOF
 			# created by update-ca-certificates from
-			# /etc/ssl/certs/$bn
+			# $cert
 			[p11-kit-object-v1]
 			class: certificate
 			label: "${bn%.pem}"
@ -116,6 +117,7 @@ if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
 		cat $cert
 		) > "/etc/pki/trust/$bn"
 	done
+	mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts}
 fi

 %post