Resolves: rhbz#2021362
Remove blacklist directory from release and documentation. Add requires for the version of p11_kit that uses the blocklist directory.
This commit is contained in:
Bob Relyea
parent
7ce59a8b26
commit
09eff8709a
@ -38,7 +38,7 @@ Name: ca-certificates
|
|||||||
Version: 2020.2.50
|
Version: 2020.2.50
|
||||||
# for y-stream, please always use 91 <= release < 100 (91,92,93)
|
# for y-stream, please always use 91 <= release < 100 (91,92,93)
|
||||||
# for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...)
|
# for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...)
|
||||||
Release: 93%{?dist}
|
Release: 94%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
|
|
||||||
URL: https://fedoraproject.org/wiki/CA-Certificates
|
URL: https://fedoraproject.org/wiki/CA-Certificates
|
||||||
@ -71,10 +71,10 @@ Requires(post): coreutils
|
|||||||
Requires: bash
|
Requires: bash
|
||||||
Requires: grep
|
Requires: grep
|
||||||
Requires: sed
|
Requires: sed
|
||||||
Requires(post): p11-kit >= 0.23.19
|
Requires(post): p11-kit >= 0.24
|
||||||
Requires(post): p11-kit-trust >= 0.23.19
|
Requires(post): p11-kit-trust >= 0.24
|
||||||
Requires: p11-kit >= 0.23.19
|
Requires: p11-kit >= 0.24
|
||||||
Requires: p11-kit-trust >= 0.23.19
|
Requires: p11-kit-trust >= 0.24
|
||||||
|
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
BuildRequires: python3
|
BuildRequires: python3
|
||||||
@ -185,7 +185,6 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{_sysconfdir}/ssl
|
|||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blacklist
|
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
|
||||||
@ -194,7 +193,6 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2
|
|||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/anchors
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/anchors
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blocklist
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blocklist
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/blacklist
|
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-legacy
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir}
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_bindir}
|
||||||
mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8
|
mkdir -p -m 755 $RPM_BUILD_ROOT%{_mandir}/man8
|
||||||
@ -344,7 +342,6 @@ fi
|
|||||||
%dir %{catrustdir}/source
|
%dir %{catrustdir}/source
|
||||||
%dir %{catrustdir}/source/anchors
|
%dir %{catrustdir}/source/anchors
|
||||||
%dir %{catrustdir}/source/blocklist
|
%dir %{catrustdir}/source/blocklist
|
||||||
%dir %{catrustdir}/source/blacklist
|
|
||||||
%dir %{catrustdir}/extracted
|
%dir %{catrustdir}/extracted
|
||||||
%dir %{catrustdir}/extracted/pem
|
%dir %{catrustdir}/extracted/pem
|
||||||
%dir %{catrustdir}/extracted/openssl
|
%dir %{catrustdir}/extracted/openssl
|
||||||
@ -353,7 +350,6 @@ fi
|
|||||||
%dir %{_datadir}/pki/ca-trust-source
|
%dir %{_datadir}/pki/ca-trust-source
|
||||||
%dir %{_datadir}/pki/ca-trust-source/anchors
|
%dir %{_datadir}/pki/ca-trust-source/anchors
|
||||||
%dir %{_datadir}/pki/ca-trust-source/blocklist
|
%dir %{_datadir}/pki/ca-trust-source/blocklist
|
||||||
%dir %{_datadir}/pki/ca-trust-source/blacklist
|
|
||||||
%dir %{_datadir}/pki/ca-trust-legacy
|
%dir %{_datadir}/pki/ca-trust-legacy
|
||||||
|
|
||||||
%config(noreplace) %{catrustdir}/ca-legacy.conf
|
%config(noreplace) %{catrustdir}/ca-legacy.conf
|
||||||
@ -399,6 +395,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 1 2021 Bob Relyea <rrelyea@redhat.com> - 2020.2.50-94
|
||||||
|
- remove blacklist directory and references now that p11-kit has been updated.
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2020.2.50-93
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2020.2.50-93
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
Related: rhbz#1991688
|
Related: rhbz#1991688
|
||||||
|
|||||||
@ -98,13 +98,13 @@ subdirectory in the /etc hierarchy.
|
|||||||
* add it as a new file to directory /etc/pki/ca-trust/source/anchors/
|
* add it as a new file to directory /etc/pki/ca-trust/source/anchors/
|
||||||
* run 'update-ca-trust extract'
|
* run 'update-ca-trust extract'
|
||||||
|
|
||||||
.*QUICK HELP 2*: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blacklist trust flags, or trust flags for usages other than TLS) then:
|
.*QUICK HELP 2*: If your certificate is in the extended BEGIN TRUSTED file format (which may contain distrust/blocklist trust flags, or trust flags for usages other than TLS) then:
|
||||||
* add it as a new file to directory /etc/pki/ca-trust/source/
|
* add it as a new file to directory /etc/pki/ca-trust/source/
|
||||||
* run 'update-ca-trust extract'
|
* run 'update-ca-trust extract'
|
||||||
|
|
||||||
.In order to offer simplicity and flexibility, the way certificate files are treated depends on the subdirectory they are installed to.
|
.In order to offer simplicity and flexibility, the way certificate files are treated depends on the subdirectory they are installed to.
|
||||||
* simple trust anchors subdirectory: /usr/share/pki/ca-trust-source/anchors/ or /etc/pki/ca-trust/source/anchors/
|
* simple trust anchors subdirectory: /usr/share/pki/ca-trust-source/anchors/ or /etc/pki/ca-trust/source/anchors/
|
||||||
* simple blacklist (distrust) subdirectory: /usr/share/pki/ca-trust-source/blacklist/ or /etc/pki/ca-trust/source/blacklist/
|
* simple blocklist (distrust) subdirectory: /usr/share/pki/ca-trust-source/blocklist/ or /etc/pki/ca-trust/source/blocklist/
|
||||||
* extended format directory: /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/
|
* extended format directory: /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/
|
||||||
|
|
||||||
.In the main directories /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/ you may install one or multiple files in the following file formats:
|
.In the main directories /usr/share/pki/ca-trust-source/ or /etc/pki/ca-trust/source/ you may install one or multiple files in the following file formats:
|
||||||
@ -134,7 +134,7 @@ you may install one or multiple certificates in either the DER file
|
|||||||
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
||||||
Each certificate will be treated as *trusted* for all purposes.
|
Each certificate will be treated as *trusted* for all purposes.
|
||||||
|
|
||||||
In the blacklist subdirectories /usr/share/pki/ca-trust-source/blacklist/ or /etc/pki/ca-trust/source/blacklist/
|
In the blocklist subdirectories /usr/share/pki/ca-trust-source/blocklist/ or /etc/pki/ca-trust/source/blocklist/
|
||||||
you may install one or multiple certificates in either the DER file
|
you may install one or multiple certificates in either the DER file
|
||||||
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
format or in the PEM (BEGIN/END CERTIFICATE) file format.
|
||||||
Each certificate will be treated as *distrusted* for all purposes.
|
Each certificate will be treated as *distrusted* for all purposes.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user