From b7f76422dab5c7995bb9a0e4697d6231bce5d2b772d86e18cd0b4437e8d0a925 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Thu, 29 Apr 2010 22:45:26 +0000 Subject: [PATCH] Accepting request 39067 from Base:System checked in (request 39067) OBS-URL: https://build.opensuse.org/request/show/39067 OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates?expand=0&rev=13 --- ca-certificates.changes | 7 ------- ca-certificates.spec | 20 +++++--------------- certbundle.run | 2 +- update-ca-certificates | 5 ++--- update-ca-certificates.8 | 8 ++++---- 5 files changed, 12 insertions(+), 30 deletions(-) diff --git a/ca-certificates.changes b/ca-certificates.changes index a1bdbb3..7368000 100644 --- a/ca-certificates.changes +++ b/ca-certificates.changes @@ -1,10 +1,3 @@ -------------------------------------------------------------------- -Tue Apr 27 14:17:24 UTC 2010 - lnussel@suse.de - -- also use hooks from /usr/lib/ca-certificates/update.d -- replace bundle file with symlink to file in /var as it's auto - generated - ------------------------------------------------------------------- Wed Apr 21 13:20:07 UTC 2010 - lnussel@suse.de diff --git a/ca-certificates.spec b/ca-certificates.spec index aa7c329..cc975f0 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -22,7 +22,7 @@ BuildRequires: openssl Name: ca-certificates %define ssletcdir %{_sysconfdir}/ssl %define etccadir %{ssletcdir}/certs -%define cabundle /var/lib/ca-certificates/ca-bundle.pem +%define cabundle %{ssletcdir}/ca-bundle.pem %define usrcadir %{_datadir}/ca-certificates License: GPLv2+ Group: Productivity/Networking/Security @@ -61,21 +61,15 @@ mkdir -p %{buildroot}/%{usrcadir} mkdir -p %{buildroot}/%{_sbindir} mkdir -p %{buildroot}/%{_mandir}/man8 mkdir -p %{buildroot}/etc/ca-certificates/update.d -mkdir -p %{buildroot}%{_prefix}/lib/ca-certificates/update.d -install -D -m 644 /dev/null %{buildroot}/%{cabundle} +install -m 644 /dev/null %{buildroot}/%{cabundle} install -m 644 /dev/null %{buildroot}/etc/ca-certificates.conf -install -m 755 %{SOURCE3} %{buildroot}%{_prefix}/lib/ca-certificates/update.d -ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem +# TODO: we should put our distros scripts in /usr really +install -m 755 %{SOURCE3} %{buildroot}/etc/ca-certificates/update.d install -m 755 update-ca-certificates %{buildroot}/%{_sbindir} install -m 644 update-ca-certificates.8 %{buildroot}/%{_mandir}/man8 %post -# this is just needed for those updating Factory, -# can be removed before 11.3 -if [ "$1" -ge 1 ]; then - rm -f /etc/ca-certificates/update.d/certbundle.run -fi # force rebuilding all certificate stores. # This also makes sure we update the hash links in /etc/ssl/certs # as openssl changed the hash format between 0.9.8 and 1.0 @@ -90,14 +84,10 @@ rm -rf %{buildroot} %dir %{etccadir} %doc COPYING %ghost %config(noreplace) /etc/ca-certificates.conf -%{ssletcdir}/ca-bundle.pem %ghost %{cabundle} %dir /etc/ca-certificates %dir /etc/ca-certificates/update.d -%dir %{_prefix}/lib/ca-certificates -%dir %{_prefix}/lib/ca-certificates/update.d -%dir /var/lib/ca-certificates -%{_prefix}/lib/ca-certificates/update.d/* +/etc/ca-certificates/update.d/* %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* diff --git a/certbundle.run b/certbundle.run index 0dd892d..df59aae 100644 --- a/certbundle.run +++ b/certbundle.run @@ -3,7 +3,7 @@ shopt -s nullglob -cafile="/var/lib/ca-certificates/ca-bundle.pem" +cafile="/etc/ssl/ca-bundle.pem" cadir="/etc/ssl/certs" for i in "$@"; do diff --git a/update-ca-certificates b/update-ca-certificates index 2279c2a..463008e 100644 --- a/update-ca-certificates +++ b/update-ca-certificates @@ -30,8 +30,7 @@ use File::Find; use Getopt::Long; my $certsconf = '/etc/ca-certificates.conf'; -my $hooksdir1 = '/etc/ca-certificates/update.d'; -my $hooksdir2 = '/usr/lib/ca-certificates/update.d'; +my $hooksdir = '/etc/ca-certificates/update.d'; my $certsdir = "/usr/share/ca-certificates"; my $localcertsdir = "/usr/local/share/ca-certificates"; my $etccertsdir = "/etc/ssl/certs"; @@ -168,7 +167,7 @@ if (%added || %removed || $opt_fresh) { my @args; push @args, '-f' if $opt_fresh; push @args, '-v' if $opt_verbose; - for my $f (glob("$hooksdir2/*.run"), glob("$hooksdir1/*.run")) { + for my $f (glob "$hooksdir/*.run") { system($f, @args); } } diff --git a/update-ca-certificates.8 b/update-ca-certificates.8 index 694eb6b..78a8d66 100644 --- a/update-ca-certificates.8 +++ b/update-ca-certificates.8 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH UPDATE-CA-CERTIFICATES 8 "27 April 2010" +.TH UPDATE-CA-CERTIFICATES 8 "08 April 2010" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -16,7 +16,7 @@ .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME -update-ca-certificates \- update system CA certificates +update-ca-certificates \- update /etc/ssl/certs and ca-bundle.pem .SH SYNOPSIS .B update-ca-certificates .RI [ options ] @@ -35,8 +35,8 @@ trusted if no trusted certificates are listed. Furthermore all certificates found below /usr/local/share/ca-certificates are also included as implicitly trusted. .PP -After populating /etc/ssl/certs \fBupdate-ca-certificates\fP invokes -custom hooks in /usr/lib/ca-certificates/update.d/*.run and +After populating /etc/ssl/certs and creating /etc/ssl/ca-bundle.pem +\fBupdate-ca-certificates\fP invokes custom hooks in /etc/ca-certificates/update.d/*.run. The command line options used for invoking update-ca-certificates are passed to the hooks as well. .SH OPTIONS