diff --git a/ca-certificates.changes b/ca-certificates.changes index 0c9153a..04f1436 100644 --- a/ca-certificates.changes +++ b/ca-certificates.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Apr 8 13:16:43 UTC 2010 - lnussel@suse.de + +- actually install certbundle.run (bnc#594501) + +------------------------------------------------------------------- +Thu Apr 8 09:15:28 UTC 2010 - lnussel@suse.de + +- it's ca-bundle.pem rather than cert.pem + +------------------------------------------------------------------- +Thu Apr 8 07:51:25 UTC 2010 - lnussel@suse.de + +- obsolete openssl-certs (bnc#594434) +- update manpage (bnc#594501) + ------------------------------------------------------------------- Thu Apr 1 13:00:37 UTC 2010 - lnussel@suse.de diff --git a/ca-certificates.spec b/ca-certificates.spec index 46d519b..25589b1 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -22,21 +22,27 @@ BuildRequires: openssl Name: ca-certificates %define ssletcdir %{_sysconfdir}/ssl %define etccadir %{ssletcdir}/certs -%define cabundle %{ssletcdir}/cert.pem +%define cabundle %{ssletcdir}/ca-bundle.pem %define usrcadir %{_datadir}/ca-certificates License: GPLv2+ Group: Productivity/Networking/Security Version: 1 -Release: 1 +Release: 2 Summary: Utilities for system wide CA certificate installation Source0: update-ca-certificates Source1: update-ca-certificates.8 Source2: GPL-2.0.txt +Source3: certbundle.run BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch Url: http://gitorious.org/opensuse/ca-certificates # Requires: openssl +Recommends: ca-certificates-mozilla +# we need to obsolete openssl-certs to make sure it's files are +# gone when a package providing actual certificates gets +# installed (bnc#594434). +Obsoletes: openssl-certs < 0.9.9 %description Utilities for system wide CA certificate installation @@ -57,6 +63,8 @@ mkdir -p %{buildroot}/%{_mandir}/man8 mkdir -p %{buildroot}/etc/ca-certificates/update.d install -m 644 /dev/null %{buildroot}/%{cabundle} install -m 644 /dev/null %{buildroot}/etc/ca-certificates.conf +# TODO: we should put our distros scripts in /usr really +install -m 755 %{SOURCE3} %{buildroot}/etc/ca-certificates/update.d install -m 755 update-ca-certificates %{buildroot}/%{_sbindir} install -m 644 update-ca-certificates.8 %{buildroot}/%{_mandir}/man8 @@ -73,6 +81,7 @@ rm -rf %{buildroot} %ghost %{cabundle} %dir /etc/ca-certificates %dir /etc/ca-certificates/update.d +/etc/ca-certificates/update.d/* %{_sbindir}/update-ca-certificates %{_mandir}/man8/update-ca-certificates.8* diff --git a/certbundle.run b/certbundle.run index e0f9655..df59aae 100644 --- a/certbundle.run +++ b/certbundle.run @@ -1,6 +1,8 @@ #!/bin/bash # vim: syntax=sh +shopt -s nullglob + cafile="/etc/ssl/ca-bundle.pem" cadir="/etc/ssl/certs" diff --git a/update-ca-certificates.8 b/update-ca-certificates.8 index f8937be..78a8d66 100644 --- a/update-ca-certificates.8 +++ b/update-ca-certificates.8 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH UPDATE-CA-CERTIFICATES 8 "20 April 2003" +.TH UPDATE-CA-CERTIFICATES 8 "08 April 2010" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -16,13 +16,13 @@ .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME -update-ca-certificates \- update /etc/ssl/certs and certificates.crt +update-ca-certificates \- update /etc/ssl/certs and ca-bundle.pem .SH SYNOPSIS .B update-ca-certificates .RI [ options ] .SH DESCRIPTION \fBupdate-ca-certificates\fP updates the directory -/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/cert.pem, +/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem, a concatenated single-file list of certificates. .PP It reads the file /etc/ca-certificates.conf. Each line gives a pathname of @@ -35,9 +35,10 @@ trusted if no trusted certificates are listed. Furthermore all certificates found below /usr/local/share/ca-certificates are also included as implicitly trusted. .PP -After populating /etc/ssl/certs and creating /etc/ssl/cert.pem +After populating /etc/ssl/certs and creating /etc/ssl/ca-bundle.pem \fBupdate-ca-certificates\fP invokes custom hooks in -/etc/ca-certificates/update.d/*.run +/etc/ca-certificates/update.d/*.run. The command line options used +for invoking update-ca-certificates are passed to the hooks as well. .SH OPTIONS A summary of options is included below. .TP @@ -48,15 +49,17 @@ Show summary of options. Be verbose. Output \fBc_rehash\fP. .TP .B \-f, \-\-fresh -Fresh updates. Remove symlinks in /etc/ssl/certs directory. +Fresh updates. Removes symlinks in /etc/ssl/certs directory and +re-creates them from scratch. .SH FILES .TP .I /etc/ca-certificates.conf A configuration file. .TP -.I /etc/ssl/cert.pem -A single-file version of all CA certificates. Useful for programs -that cannot handle directory with individual files. +.I /etc/ssl/ca-bundle.pem +A single-file version of all CA certificates. Use of this file is +deprecated and should only be used as last resort by applications +that cannot parse the /etc/ssl/certs directory. .TP .I /usr/share/ca-certificates Directory of CA certificates.