Accepting request 37898 from Base:System

Copy from Base:System/ca-certificates based on submit request 37898 from user lnussel OBS-URL: https://build.opensuse.org/request/show/37898 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ca-certificates?expand=0&rev=2
2010-04-14 13:44:12 +00:00 · 2010-04-14 13:44:12 +00:00 · c6c61ecaa0
commit c6c61ecaa0
parent 29765b60d5
4 changed files with 41 additions and 11 deletions
--- a/ca-certificates.changes
+++ b/ca-certificates.changes
@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Thu Apr  8 13:16:43 UTC 2010 - lnussel@suse.de
+
+- actually install certbundle.run (bnc#594501)
+
+-------------------------------------------------------------------
+Thu Apr  8 09:15:28 UTC 2010 - lnussel@suse.de
+
+- it's ca-bundle.pem rather than cert.pem
+
+-------------------------------------------------------------------
+Thu Apr  8 07:51:25 UTC 2010 - lnussel@suse.de
+
+- obsolete openssl-certs (bnc#594434) 
+- update manpage (bnc#594501)
+
 -------------------------------------------------------------------
 Thu Apr  1 13:00:37 UTC 2010 - lnussel@suse.de

--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -22,21 +22,27 @@ BuildRequires:  openssl
 Name:           ca-certificates
 %define ssletcdir %{_sysconfdir}/ssl
 %define etccadir  %{ssletcdir}/certs
-%define cabundle  %{ssletcdir}/cert.pem
+%define cabundle  %{ssletcdir}/ca-bundle.pem
 %define usrcadir  %{_datadir}/ca-certificates
 License:        GPLv2+
 Group:          Productivity/Networking/Security
 Version:        1
-Release:        1
+Release:        2
 Summary:        Utilities for system wide CA certificate installation
 Source0:        update-ca-certificates
 Source1:        update-ca-certificates.8
 Source2:        GPL-2.0.txt
+Source3:        certbundle.run
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch
 Url:            http://gitorious.org/opensuse/ca-certificates
 #
 Requires:       openssl
+Recommends:     ca-certificates-mozilla
+# we need to obsolete openssl-certs to make sure it's files are
+# gone when a package providing actual certificates gets
+# installed (bnc#594434).
+Obsoletes:      openssl-certs < 0.9.9

 %description
 Utilities for system wide CA certificate installation
@ -57,6 +63,8 @@ mkdir -p %{buildroot}/%{_mandir}/man8
 mkdir -p %{buildroot}/etc/ca-certificates/update.d
 install -m 644 /dev/null %{buildroot}/%{cabundle}
 install -m 644 /dev/null %{buildroot}/etc/ca-certificates.conf
+# TODO: we should put our distros scripts in /usr really
+install -m 755 %{SOURCE3} %{buildroot}/etc/ca-certificates/update.d

 install -m 755 update-ca-certificates %{buildroot}/%{_sbindir}
 install -m 644 update-ca-certificates.8 %{buildroot}/%{_mandir}/man8
@ -73,6 +81,7 @@ rm -rf %{buildroot}
 %ghost %{cabundle}
 %dir /etc/ca-certificates
 %dir /etc/ca-certificates/update.d
+/etc/ca-certificates/update.d/*
 %{_sbindir}/update-ca-certificates
 %{_mandir}/man8/update-ca-certificates.8*

--- a/certbundle.run
+++ b/certbundle.run
@ -1,6 +1,8 @@
 #!/bin/bash
 # vim: syntax=sh

+shopt -s nullglob
+
 cafile="/etc/ssl/ca-bundle.pem"
 cadir="/etc/ssl/certs"

--- a/update-ca-certificates.8
+++ b/update-ca-certificates.8
@ -2,7 +2,7 @@
 .\" First parameter, NAME, should be all caps
 .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
 .\" other parameters are allowed: see man(7), man(1)
-.TH UPDATE-CA-CERTIFICATES 8 "20 April 2003"
+.TH UPDATE-CA-CERTIFICATES 8 "08 April 2010"
 .\" Please adjust this date whenever revising the manpage.
 .\"
 .\" Some roff macros, for reference:
@ -16,13 +16,13 @@
 .\" .sp <n>    insert n+1 empty lines
 .\" for manpage-specific macros, see man(7)
 .SH NAME
-update-ca-certificates \- update /etc/ssl/certs and certificates.crt
+update-ca-certificates \- update /etc/ssl/certs and ca-bundle.pem
 .SH SYNOPSIS
 .B update-ca-certificates
 .RI [ options ]
 .SH DESCRIPTION
 \fBupdate-ca-certificates\fP updates the directory
-/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/cert.pem,
+/etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem,
 a concatenated single-file list of certificates.
 .PP
 It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
@ -35,9 +35,10 @@ trusted if no trusted certificates are listed.
 Furthermore all certificates found below /usr/local/share/ca-certificates
 are also included as implicitly trusted.
 .PP
-After populating /etc/ssl/certs and creating /etc/ssl/cert.pem
+After populating /etc/ssl/certs and creating /etc/ssl/ca-bundle.pem
 \fBupdate-ca-certificates\fP invokes custom hooks in
-/etc/ca-certificates/update.d/*.run
+/etc/ca-certificates/update.d/*.run. The command line options used
+for invoking update-ca-certificates are passed to the hooks as well.
 .SH OPTIONS
 A summary of options is included below.
 .TP
@ -48,15 +49,17 @@ Show summary of options.
 Be verbose. Output \fBc_rehash\fP.
 .TP
 .B \-f, \-\-fresh
-Fresh updates.  Remove symlinks in /etc/ssl/certs directory.
+Fresh updates.  Removes symlinks in /etc/ssl/certs directory and
+re-creates them from scratch.
 .SH FILES
 .TP
 .I /etc/ca-certificates.conf
 A configuration file.
 .TP
-.I /etc/ssl/cert.pem
-A single-file version of all CA certificates. Useful for programs
-that cannot handle directory with individual files.
+.I /etc/ssl/ca-bundle.pem
+A single-file version of all CA certificates. Use of this file is
+deprecated and should only be used as last resort by applications
+that cannot parse the /etc/ssl/certs directory.
 .TP
 .I /usr/share/ca-certificates
 Directory of CA certificates.