diff --git a/ca-certificates.changes b/ca-certificates.changes index 63c174f..4034cd0 100644 --- a/ca-certificates.changes +++ b/ca-certificates.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Apr 15 09:35:06 UTC 2020 - Thorsten Kukuk + +- Remove old migration code, we don't support migration from such + old products anymore. +- Use file requires to support busybox container if possible + ------------------------------------------------------------------- Wed Jan 29 16:58:22 UTC 2020 - lnussel@suse.de diff --git a/ca-certificates.spec b/ca-certificates.spec index e966188..67d8507 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -1,7 +1,7 @@ # # spec file for package ca-certificates # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -35,20 +35,16 @@ License: GPL-2.0-or-later Group: Productivity/Networking/Security Source0: ca-certificates-%{version}.tar.xz BuildRoot: %{_tmppath}/%{name}-%{version}-build -Url: https://github.com/openSUSE/ca-certificates +URL: https://github.com/openSUSE/ca-certificates # -Requires: coreutils +Requires: /usr/bin/readlink Requires: findutils Requires: p11-kit Requires: p11-kit-tools >= 0.23.1 Requires: openssl(cli) # needed for post -Requires(post): coreutils findutils p11-kit-tools +Requires(post): p11-kit-tools findutils /usr/bin/readlink Recommends: ca-certificates-mozilla -# we need to obsolete openssl-certs to make sure it's files are -# gone when a package providing actual certificates gets -# installed (bnc#594434). -Obsoletes: openssl-certs # no need for a separate Java package anymore. The bundle is # created by C code. Obsoletes: java-ca-certificates = 1 @@ -94,51 +90,10 @@ mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,80}etc_ssl.run mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run %pre -# migrate /etc/ssl/certs to a symlink -if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then - # copy custom pem files to new location (bnc#875647) - mkdir -p /etc/pki/trust/anchors - for cert in %{sslcerts}/*.pem; do - test -f "$cert" -a ! -L "$cert" || continue - read firstline < "$cert" - # skip package provided certificates (bnc#875647) - if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then - continue - fi - # create a p11-kit header that set the label of - # the certificate to the file name. That ensures - # that the certificate gets the same name in - # /etc/ssl/certs as before - bn="${cert##*/}" - ( - cat <<-EOF - # created by update-ca-certificates from - # $cert - [p11-kit-object-v1] - class: certificate - label: "${bn%.pem}" - trusted: true - EOF - cat $cert - ) > "/etc/pki/trust/$bn" - done - mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts} -fi %service_add_pre ca-certificates.path ca-certificates.service %post -if [ -s /etc/ca-certificates.conf ]; then - while read line; do - [ ${line#\!} != "$line" ] || continue - cert="${line#\!*/}" - ln -s /usr/share/ca-certificates/anchors/"$cert" %{trustdir_cfg}/blacklist - done < /etc/ca-certificates.conf - echo "/etc/ca-certificates.conf converted and saved as /etc/ca-certificates.conf.rpmsave" - mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave -fi # force rebuilding all certificate stores. -# This also makes sure we update the hash links in /etc/ssl/certs -# as openssl changed the hash format between 0.9.8 and 1.0 update-ca-certificates -f || true %service_add_post ca-certificates.path ca-certificates.service