From bcec73a77d639f2bf414c0451afb834f05d9783c3034cc98e70ad2b547eb77dd Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 6 Oct 2021 06:13:23 +0000 Subject: [PATCH] Accepting request 923227 from home:lnussel:branches:Base:System - new package for minimal base containers (jsc#SLE-22162) OBS-URL: https://build.opensuse.org/request/show/923227 OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=117 --- ca-certificates-mozilla-prebuilt.changes | 4 ++ ca-certificates-mozilla-prebuilt.spec | 87 ++++++++++++++++++++++++ 2 files changed, 91 insertions(+) create mode 100644 ca-certificates-mozilla-prebuilt.changes create mode 100644 ca-certificates-mozilla-prebuilt.spec diff --git a/ca-certificates-mozilla-prebuilt.changes b/ca-certificates-mozilla-prebuilt.changes new file mode 100644 index 0000000..84ca3c8 --- /dev/null +++ b/ca-certificates-mozilla-prebuilt.changes @@ -0,0 +1,4 @@ +------------------------------------------------------------------- +Mon Oct 4 14:38:44 UTC 2021 - Ludwig Nussel + +- new package for minimal base containers (jsc#SLE-22162) diff --git a/ca-certificates-mozilla-prebuilt.spec b/ca-certificates-mozilla-prebuilt.spec new file mode 100644 index 0000000..ccb6ca2 --- /dev/null +++ b/ca-certificates-mozilla-prebuilt.spec @@ -0,0 +1,87 @@ +# +# spec file for package ca-certificates-mozilla-prebuilt +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: ca-certificates-mozilla-prebuilt +Version: %(rpm -q --qf %{version} ca-certificates-mozilla) +Release: 0 +Summary: Pre-built CA certificates for OpenSSL +License: MPL-2.0 +Group: Productivity/Networking/Security +URL: https://www.mozilla.org +BuildRequires: ca-certificates-mozilla +BuildArch: noarch +Requires(post): /bin/cp + +%description +This package contains a static set of CA root certificates for +OpenSSL extracted from MozillaFirefox for use in containers. The +package pre-fills /var/lib/ca-certificates with a static set of +certificates if /var/lib/ca-certificates does not exist yet. + +Therefore an upgrade of this package will NOT update the list of +root CA certificates in the system. + +It it not possible to configure additional root CA certificates +using this package. + +The package is only intended for use in containers that want to +avoid installing p11-kit. + +For all other use cases please install the +"ca-certificates-mozilla" package. + +%prep +%setup -qcT + +%build +cp /usr/share/licenses/ca-certificates-mozilla/COPYING . + +%install +mkdir -p %{buildroot}/etc/ssl +ln -s /var/lib/ca-certificates/pem %{buildroot}/etc/ssl/certs +ln -s /var/lib/ca-certificates/ca-bundle.pem %{buildroot}/etc/ssl/ca-bundle.pem +mkdir -p %{buildroot}/usr/share/factory/var/lib +cp -a /var/lib/ca-certificates %{buildroot}/usr/share/factory/var/lib +# need rpm needs to be able to delete the buildroot +chmod u+w %{buildroot}/usr/share/factory/var/lib/ca-certificates/* +mkdir -p %{buildroot}%{_tmpfilesdir} +echo "C /var/lib/ca-certificates" > %{buildroot}%{_tmpfilesdir}/%{name}.conf + +%post +if [ -z "${TRANSACTIONAL_UPDATE}" ]; then + if [ -x /usr/bin/systemd-tmpfiles ]; then + /usr/bin/systemd-tmpfiles --create %{_tmpfilesdir}/ca-certificates-mozilla-prebuilt.conf || : + elif [ -x /bin/cp ] && [ ! -e /var/lib/ca-certificates ]; then + /bin/cp -as /usr/share/factory/var/lib/ca-certificates /var/lib || : + fi +fi + +%files +%license COPYING +/etc/ssl/ca-bundle.pem +/etc/ssl/certs +%{_tmpfilesdir}/%{name}.conf +/usr/share/factory +%ghost %dir /var/lib/ca-certificates +%defattr(0444,root,root,0555) +%ghost %dir /var/lib/ca-certificates/pem +%ghost %dir /var/lib/ca-certificates/openssl +%ghost /var/lib/ca-certificates/java-cacerts +%ghost /var/lib/ca-certificates/ca-bundle.pem + +%changelog