pool/ca-certificates
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 504646 from home:kukuk:branches:Base:System

Browse Source 
- Run update-ca-certificate by systemd unit when the content of
  one of the paths changes. Needed for read-only root and/or
  transactional updates.

OBS-URL: https://build.opensuse.org/request/show/504646
OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates?expand=0&rev=69
This commit is contained in:
Ludwig Nussel 2017-06-20 08:55:50 +00:00 committed by Git OBS Bridge
parent 1885a0253e
commit bd3751f1c6
4 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ca-certificates.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Jun 19 13:31:02 CEST 2017 - kukuk@suse.de
- Run update-ca-certificate by systemd unit when the content of
one of the paths changes. Needed for read-only root and/or
transactional updates.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 11 08:18:47 UTC 2015 - lnussel@suse.de Wed Nov 11 08:18:47 UTC 2015 - lnussel@suse.de

16
ca-certificates.path Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Watch for changes in CA certificates
After=local-fs.target
[Path]
Unit=ca-certificates.service
PathChanged=/usr/share/pki/trust
PathChanged=/usr/share/pki/trust/anchors
PathChanged=/usr/share/pki/trust/blacklist
PathChanged=/etc/pki/trust
PathChanged=/etc/pki/trust/anchors
PathChanged=/etc/pki/trust/blacklist
[Install]
WantedBy=default.target

11
ca-certificates.service Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Update system wide CA certificates
Wants=local-fs.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/update-ca-certificates
[Install]
WantedBy=default.target

17
ca-certificates.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package ca-certificates # spec file for package ca-certificates
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -35,6 +35,8 @@ Summary: Utilities for system wide CA certificate installation
License: GPL-2.0+ License: GPL-2.0+
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
Source0: ca-certificates-%{version}.tar.xz Source0: ca-certificates-%{version}.tar.xz
Source1: ca-certificates.path
Source2: ca-certificates.service
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: https://github.com/openSUSE/ca-certificates Url: https://github.com/openSUSE/ca-certificates
# #
@ -53,6 +55,7 @@ Obsoletes: openssl-certs
Obsoletes: java-ca-certificates = 1 Obsoletes: java-ca-certificates = 1
Provides: java-ca-certificates = %version-%release Provides: java-ca-certificates = %version-%release
BuildArch: noarch BuildArch: noarch
%{?systemd_requires}
%description %description
Utilities for system wide CA certificate installation Utilities for system wide CA certificate installation
@ -74,12 +77,15 @@ install -d -m 755 %{buildroot}/etc/ca-certificates/update.d
install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d install -d -m 755 %{buildroot}%{_prefix}/lib/ca-certificates/update.d
install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem install -d -m 555 %{buildroot}/var/lib/ca-certificates/pem
install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl install -d -m 555 %{buildroot}/var/lib/ca-certificates/openssl
install -d -m 755 %{buildroot}/%{_prefix}/lib/systemd/system
ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts} ln -s /var/lib/ca-certificates/pem %{buildroot}%{sslcerts}
%if %{with cabundle} %if %{with cabundle}
install -D -m 644 /dev/null %{buildroot}/%{cabundle} install -D -m 644 /dev/null %{buildroot}/%{cabundle}
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
%endif %endif
install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts install -D -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
install -m 644 %{SOURCE1} %{buildroot}/%{_prefix}/lib/systemd/system/
install -m 644 %{SOURCE2} %{buildroot}/%{_prefix}/lib/systemd/system/
# should be done in git. # should be done in git.
mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,50}java.run mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,50}java.run
@ -119,6 +125,7 @@ if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
done done
mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts}
fi fi
%service_add_pre ca-certificates.path ca-certificates.service
%post %post
if [ -s /etc/ca-certificates.conf ]; then if [ -s /etc/ca-certificates.conf ]; then
@ -133,12 +140,17 @@ fi
# force rebuilding all certificate stores. # force rebuilding all certificate stores.
# This also makes sure we update the hash links in /etc/ssl/certs # This also makes sure we update the hash links in /etc/ssl/certs
# as openssl changed the hash format between 0.9.8 and 1.0 # as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true #update-ca-certificates -f || true
%service_add_post ca-certificates.path ca-certificates.service
%preun
%service_del_preun ca-certificates.path ca-certificates.service
%postun %postun
if [ "$1" -eq 0 ]; then if [ "$1" -eq 0 ]; then
rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl rm -rf /var/lib/ca-certificates/pem /var/lib/ca-certificates/openssl
fi fi
%service_del_postun ca-certificates.path ca-certificates.service
%clean %clean
rm -rf %{buildroot} rm -rf %{buildroot}
@ -160,6 +172,7 @@ rm -rf %{buildroot}
%dir /etc/ca-certificates/update.d %dir /etc/ca-certificates/update.d
%dir %{_prefix}/lib/ca-certificates %dir %{_prefix}/lib/ca-certificates
%dir %{_prefix}/lib/ca-certificates/update.d %dir %{_prefix}/lib/ca-certificates/update.d
%{_prefix}/lib/systemd/system/*
%dir /var/lib/ca-certificates %dir /var/lib/ca-certificates
%dir /var/lib/ca-certificates/pem %dir /var/lib/ca-certificates/pem
%dir /var/lib/ca-certificates/openssl %dir /var/lib/ca-certificates/openssl