rpm/ca-certificates-mozilla
SHA256
1
0
Fork 0
forked from pool/ca-certificates-mozilla
Code Pull Requests Activity

- add nssckbi.h that matches certdata.txt; make sure package has the

Browse Source 
correct version number which is currently 1.93. No actual content
  change in certdata.txt compared to 1.85, it's just that the
  versioning scheme changed.

OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates-mozilla?expand=0&rev=40
This commit is contained in:
Ludwig Nussel
2013-07-24 14:45:48 +00:00
committed by Git OBS Bridge
parent abed6a95f8
commit c7e4526057
3 changed files with 77 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ca-certificates-mozilla.changes
View File

@@ -3,6 +3,10 @@ Wed Jul 24 14:21:18 UTC 2013 - lnussel@suse.de
- add fake basic contraints to Entrust root so p11-kit export the cert - add fake basic contraints to Entrust root so p11-kit export the cert
(bnc#829471) (bnc#829471)
- add nssckbi.h that matches certdata.txt; make sure package has the
correct version number which is currently 1.93. No actual content
change in certdata.txt compared to 1.85, it's just that the
versioning scheme changed.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 27 16:03:05 UTC 2013 - lnussel@suse.de Thu Jun 27 16:03:05 UTC 2013 - lnussel@suse.de

20
ca-certificates-mozilla.spec
View File

@@ -26,7 +26,7 @@ BuildRequires: python
Name: ca-certificates-mozilla Name: ca-certificates-mozilla
# Version number is NSS_BUILTINS_LIBRARY_VERSION in this file: # Version number is NSS_BUILTINS_LIBRARY_VERSION in this file:
# https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h # https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
Version: 1.85 Version: 1.93
Release: 0 Release: 0
Summary: CA certificates for OpenSSL Summary: CA certificates for OpenSSL
License: MPL-2.0 License: MPL-2.0
@@ -42,10 +42,11 @@ Url: http://www.mozilla.org
# to output of compareoldnew # to output of compareoldnew
# - Watch out that blacklisted or untrusted certificates are not # - Watch out that blacklisted or untrusted certificates are not
# accidentally included! # accidentally included!
Source: certdata.txt Source: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt
Source1: certdata2pem.py Source1: https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/nssckbi.h
Source2: %{name}.COPYING Source10: certdata2pem.py
Source3: compareoldnew Source11: %{name}.COPYING
Source12: compareoldnew
# make p11-kit think there are basic constraints in the Entrust # make p11-kit think there are basic constraints in the Entrust
# cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064) # cert (https://bugs.freedesktop.org/show_bug.cgi?id=62064)
# Remove after the updated cert is accepted into NSS # Remove after the updated cert is accepted into NSS
@@ -69,10 +70,15 @@ from MozillaFirefox
%prep %prep
%setup -qcT %setup -qcT
/bin/cp %{SOURCE0} . /bin/cp %{SOURCE0} .
install -m 644 %{SOURCE2} COPYING install -m 644 %{SOURCE11} COPYING
ver=`sed -ne '/NSS_BUILTINS_LIBRARY_VERSION /s/.*"\(.*\)"/\1/p' < "%{SOURCE1}"`
if [ "%{version}" != "$ver" ]; then
echo "*** Version number mismatch: spec file should be version $ver"
false
fi
%build %build
python %{SOURCE1} python %{SOURCE10}
%install %install
mkdir -p %{buildroot}/%{trustdir_static}/anchors mkdir -p %{buildroot}/%{trustdir_static}/anchors

60
nssckbi.h Normal file
View File

@@ -0,0 +1,60 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef NSSCKBI_H
#define NSSCKBI_H
/*
* NSS BUILTINS Version numbers.
*
* These are the version numbers for the builtins module packaged with
* this release on NSS. To determine the version numbers of the builtin
* module you are using, use the appropriate PKCS #11 calls.
*
* These version numbers detail changes to the PKCS #11 interface. They map
* to the PKCS #11 spec versions.
*/
#define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
#define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 20
/* These version numbers detail the changes
* to the list of trusted certificates.
*
* The NSS_BUILTINS_LIBRARY_VERSION_MINOR macro needs to be bumped
* for each NSS minor release AND whenever we change the list of
* trusted certificates. 10 minor versions are allocated for each
* NSS 3.x branch as follows, allowing us to change the list of
* trusted certificates up to 9 times on each branch.
* - NSS 3.5 branch: 3-9
* - NSS 3.6 branch: 10-19
* - NSS 3.7 branch: 20-29
* - NSS 3.8 branch: 30-39
* - NSS 3.9 branch: 40-49
* - NSS 3.10 branch: 50-59
* - NSS 3.11 branch: 60-69
* ...
* - NSS 3.12 branch: 70-89
* - NSS 3.13 branch: 90-99
* - NSS 3.14 branch: 100-109
* ...
* - NSS 3.29 branch: 250-255
*
* NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE. It's not clear
* whether we may use its full range (0-255) or only 0-99 because
* of the comment in the CK_VERSION type definition.
*/
#define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 93
#define NSS_BUILTINS_LIBRARY_VERSION "1.93"
/* These version numbers detail the semantic changes to the ckfw engine. */
#define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
/* These version numbers detail the semantic changes to ckbi itself
* (new PKCS #11 objects), etc. */
#define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
#define NSS_BUILTINS_FIRMWARE_VERSION_MINOR 0
#endif /* NSSCKBI_H */