Accepting request 794914 from home:kukuk:container

- Remove old migration code, we don't support migration from such
  old products anymore.
- Use file requires to support busybox container if possible

OBS-URL: https://build.opensuse.org/request/show/794914
OBS-URL: https://build.opensuse.org/package/show/Base:System/ca-certificates?expand=0&rev=85

ca-certificates.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Apr 15 09:35:06 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Remove old migration code, we don't support migration from such
+  old products anymore.
+- Use file requires to support busybox container if possible
+
 -------------------------------------------------------------------
 Wed Jan 29 16:58:22 UTC 2020 - lnussel@suse.de
 

ca-certificates.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ca-certificates
 #
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -35,20 +35,16 @@ License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Security
 Source0:        ca-certificates-%{version}.tar.xz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-Url:            https://github.com/openSUSE/ca-certificates
+URL:            https://github.com/openSUSE/ca-certificates
 #
-Requires:       coreutils
+Requires:       /usr/bin/readlink
 Requires:       findutils
 Requires:       p11-kit
 Requires:       p11-kit-tools >= 0.23.1
 Requires:       openssl(cli)
 # needed for post
-Requires(post): coreutils findutils p11-kit-tools
+Requires(post): p11-kit-tools findutils /usr/bin/readlink
 Recommends:     ca-certificates-mozilla
-# we need to obsolete openssl-certs to make sure it's files are
-# gone when a package providing actual certificates gets
-# installed (bnc#594434).
-Obsoletes:      openssl-certs
 # no need for a separate Java package anymore. The bundle is
 # created by C code.
 Obsoletes:      java-ca-certificates = 1
@@ -94,51 +90,10 @@ mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,80}etc_ssl.run
 mv %{buildroot}/%{_prefix}/lib/ca-certificates/update.d/{,99}certbundle.run
 
 %pre
-# migrate /etc/ssl/certs to a symlink
-if [ "$1" -ne 0 -a -d %{sslcerts} -a ! -L %{sslcerts} ]; then
-	# copy custom pem files to new location (bnc#875647)
-	mkdir -p /etc/pki/trust/anchors
-	for cert in %{sslcerts}/*.pem; do
-		test -f "$cert" -a ! -L "$cert" || continue
-		read firstline < "$cert"
-		# skip package provided certificates (bnc#875647)
-		if test "${firstline#\# generated by }" != "${firstline}" || rpm -qf "$cert" > /dev/null; then
-			continue
-		fi
-		# create a p11-kit header that set the label of
-		# the certificate to the file name. That ensures
-		# that the certificate gets the same name in
-		# /etc/ssl/certs as before
-		bn="${cert##*/}"
-		(
-		cat <<-EOF
-			# created by update-ca-certificates from
-			# $cert
-			[p11-kit-object-v1]
-			class: certificate
-			label: "${bn%.pem}"
-			trusted: true
-		EOF
-		cat $cert
-		) > "/etc/pki/trust/$bn"
-	done
-	mv -T --backup=numbered %{sslcerts} %{sslcerts}.rpmsave && ln -s /var/lib/ca-certificates/pem %{sslcerts}
-fi
 %service_add_pre ca-certificates.path ca-certificates.service
 
 %post
-if [ -s /etc/ca-certificates.conf ]; then
-	while read line; do
-		[ ${line#\!} != "$line"  ] || continue
-		cert="${line#\!*/}"
-		ln -s /usr/share/ca-certificates/anchors/"$cert" %{trustdir_cfg}/blacklist
-	done < /etc/ca-certificates.conf
-	echo "/etc/ca-certificates.conf converted and saved as /etc/ca-certificates.conf.rpmsave"
-	mv /etc/ca-certificates.conf /etc/ca-certificates.conf.rpmsave
-fi
 # force rebuilding all certificate stores.
-# This also makes sure we update the hash links in /etc/ssl/certs
-# as openssl changed the hash format between 0.9.8 and 1.0
 update-ca-certificates -f || true
 %service_add_post ca-certificates.path ca-certificates.service