Remove unused folder: .../extracted/openssl

The default full path: /etc/pki/ca-trust/extracted/openssl After the transition to directory-hash, this folder is no longer in use. doc: remove leftover mention of /etc/pki/tls/certs/ca-bundle.trust.crt in update-ca-trust.8.txt Resolves: RHEL-67930
2025-03-20 09:08:54 +01:00 · 2025-03-20 09:08:54 +01:00 · 447b9bcd78
commit 447b9bcd78
parent f718d0f7ca
4 changed files with 4 additions and 35 deletions
--- a/README.openssl
+++ b/README.openssl
@ -1,18 +0,0 @@
-This directory /etc/pki/ca-trust/extracted/openssl/ contains 
-CA certificate bundle files which are automatically created
-based on the information found in the
-/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
-directories.
-
-All files are in the BEGIN/END TRUSTED CERTIFICATE file format, 
-as described in the x509(1) manual page.
-
-If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
-then you can use these files in your application to load a list of global
-root CA certificates.
-
-Please never manually edit the files stored in this directory,
-because your changes will be lost and the files automatically overwritten,
-each time the update-ca-trust command gets executed.
-
-Please refer to the update-ca-trust(8) manual page for additional information.
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@ -37,7 +37,7 @@ Name: ca-certificates
 Version: 2024.2.69_v8.0.303
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release: 102.3%{?dist}
+Release: 102.4%{?dist}
 License: MIT AND GPL-2.0-or-later

 URL: https://fedoraproject.org/wiki/CA-Certificates
@ -56,7 +56,6 @@ Source11: README.usr
 Source12: README.etc
 Source13: README.extr
 Source14: README.java
-Source15: README.openssl
 Source16: README.pem
 Source17: README.edk2
 Source18: README.src
@ -187,7 +186,6 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
 mkdir -p -m 555 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/directory-hash
-mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2
 mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
@ -203,7 +201,6 @@ install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/REA
 install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{catrustdir}/README
 install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{catrustdir}/extracted/README
 install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{catrustdir}/extracted/java/README
-install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/README
 install -p -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/README
 install -p -m 644 %{SOURCE17} $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/README
 install -p -m 644 %{SOURCE18} $RPM_BUILD_ROOT%{catrustdir}/source/README
@ -384,7 +381,6 @@ fi
 %dir %{catrustdir}/source/blocklist
 %dir %{catrustdir}/extracted
 %dir %{catrustdir}/extracted/pem
-%dir %{catrustdir}/extracted/openssl
 %dir %{catrustdir}/extracted/java
 %dir %{_datadir}/pki
 %dir %{_datadir}/pki/ca-trust-source
@ -401,7 +397,6 @@ fi
 %{catrustdir}/README
 %{catrustdir}/extracted/README
 %{catrustdir}/extracted/java/README
-%{catrustdir}/extracted/openssl/README
 %{catrustdir}/extracted/pem/README
 %{catrustdir}/extracted/edk2/README
 %{catrustdir}/source/README
@ -434,6 +429,9 @@ fi
 %ghost %{catrustdir}/extracted/edk2/cacerts.bin

 %changelog
+* Thu Mar 20 2025 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-102.4
+- Remove unused folder /etc/pki/ca-trust/extracted/openssl
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2024.2.69_v8.0.303-102.3
 - Bump release for October 2024 mass rebuild:
  Resolves: RHEL-64018
--- a/1
+++ b/1
@ -69,7 +69,6 @@ extract() {
 	        # Attempt to create the directories if they do not exist
                # yet (rhbz#2241240)
 	        /usr/bin/mkdir -p \
-		    "$DEST"/openssl \
 		    "$DEST"/pem \
 		    "$DEST"/java \
 		    "$DEST"/edk2
--- a/update-ca-trust.8.txt
+++ b/update-ca-trust.8.txt
@ -184,12 +184,6 @@ Distrust information cannot be represented in this file format,
 and distrusted certificates are missing from these files.
 File cacerts contains CA certificates trusted for TLS server authentication.

-The directory /etc/pki/ca-trust/extracted/openssl/ contains 
-CA certificate bundle files in the extended BEGIN/END TRUSTED CERTIFICATE file format, 
-as described in the x509(1) manual page.
-File ca-bundle.trust.crt contains the full set of all trusted
-or distrusted certificates, including the associated trust flags.
-
 The directory /etc/pki/ca-trust/extracted/pem/ contains 
 CA certificate bundle files in the simple BEGIN/END CERTIFICATE file format, 
 as described in the x509(1) manual page.
@ -239,10 +233,6 @@ FILES
 	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.

-/etc/pki/tls/certs/ca-bundle.trust.crt::
-	Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
-	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
-
 /etc/pki/java/cacerts::
 	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.