From 447b9bcd7883268f5679fcbc12ca5d25a8310211 Mon Sep 17 00:00:00 2001
From: Krenzelok Frantisek <krenzelok.frantisek@gmail.com>
Date: Thu, 20 Mar 2025 09:08:54 +0100
Subject: [PATCH] Remove unused folder: .../extracted/openssl

The default full path: /etc/pki/ca-trust/extracted/openssl
After the transition to directory-hash, this folder is no longer in use.

doc: remove leftover mention of /etc/pki/tls/certs/ca-bundle.trust.crt
in update-ca-trust.8.txt

Resolves: RHEL-67930
---
 README.openssl        | 18 ------------------
 ca-certificates.spec  | 10 ++++------
 update-ca-trust       |  1 -
 update-ca-trust.8.txt | 10 ----------
 4 files changed, 4 insertions(+), 35 deletions(-)
 delete mode 100644 README.openssl

diff --git a/README.openssl b/README.openssl
deleted file mode 100644
index 7c368a9..0000000
--- a/README.openssl
+++ /dev/null
@@ -1,18 +0,0 @@
-This directory /etc/pki/ca-trust/extracted/openssl/ contains 
-CA certificate bundle files which are automatically created
-based on the information found in the
-/usr/share/pki/ca-trust-source/ and /etc/pki/ca-trust/source/
-directories.
-
-All files are in the BEGIN/END TRUSTED CERTIFICATE file format, 
-as described in the x509(1) manual page.
-
-If your application isn't able to load the PKCS#11 module p11-kit-trust.so,
-then you can use these files in your application to load a list of global
-root CA certificates.
-
-Please never manually edit the files stored in this directory,
-because your changes will be lost and the files automatically overwritten,
-each time the update-ca-trust command gets executed.
-
-Please refer to the update-ca-trust(8) manual page for additional information.
diff --git a/ca-certificates.spec b/ca-certificates.spec
index 0e9bfd8..34dff46 100644
--- a/ca-certificates.spec
+++ b/ca-certificates.spec
@@ -37,7 +37,7 @@ Name: ca-certificates
 Version: 2024.2.69_v8.0.303
 # for Rawhide, please always use release >= 2
 # for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
-Release: 102.3%{?dist}
+Release: 102.4%{?dist}
 License: MIT AND GPL-2.0-or-later
 
 URL: https://fedoraproject.org/wiki/CA-Certificates
@@ -56,7 +56,6 @@ Source11: README.usr
 Source12: README.etc
 Source13: README.extr
 Source14: README.java
-Source15: README.openssl
 Source16: README.pem
 Source17: README.edk2
 Source18: README.src
@@ -187,7 +186,6 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem
 mkdir -p -m 555 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/directory-hash
-mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java
 mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2
 mkdir -p -m 755 $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source
@@ -203,7 +201,6 @@ install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT%{_datadir}/pki/ca-trust-source/REA
 install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT%{catrustdir}/README
 install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT%{catrustdir}/extracted/README
 install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT%{catrustdir}/extracted/java/README
-install -p -m 644 %{SOURCE15} $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl/README
 install -p -m 644 %{SOURCE16} $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/README
 install -p -m 644 %{SOURCE17} $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2/README
 install -p -m 644 %{SOURCE18} $RPM_BUILD_ROOT%{catrustdir}/source/README
@@ -384,7 +381,6 @@ fi
 %dir %{catrustdir}/source/blocklist
 %dir %{catrustdir}/extracted
 %dir %{catrustdir}/extracted/pem
-%dir %{catrustdir}/extracted/openssl
 %dir %{catrustdir}/extracted/java
 %dir %{_datadir}/pki
 %dir %{_datadir}/pki/ca-trust-source
@@ -401,7 +397,6 @@ fi
 %{catrustdir}/README
 %{catrustdir}/extracted/README
 %{catrustdir}/extracted/java/README
-%{catrustdir}/extracted/openssl/README
 %{catrustdir}/extracted/pem/README
 %{catrustdir}/extracted/edk2/README
 %{catrustdir}/source/README
@@ -434,6 +429,9 @@ fi
 %ghost %{catrustdir}/extracted/edk2/cacerts.bin
 
 %changelog
+* Thu Mar 20 2025 Frantisek Krenzelok <fkrenzel@redhat.com> - 2024.2.69_v8.0.303-102.4
+- Remove unused folder /etc/pki/ca-trust/extracted/openssl
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2024.2.69_v8.0.303-102.3
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018
diff --git a/update-ca-trust b/update-ca-trust
index fffd2c9..8179917 100755
--- a/update-ca-trust
+++ b/update-ca-trust
@@ -69,7 +69,6 @@ extract() {
 	        # Attempt to create the directories if they do not exist
                 # yet (rhbz#2241240)
 	        /usr/bin/mkdir -p \
-		    "$DEST"/openssl \
 		    "$DEST"/pem \
 		    "$DEST"/java \
 		    "$DEST"/edk2
diff --git a/update-ca-trust.8.txt b/update-ca-trust.8.txt
index a8c381c..f7db3b7 100644
--- a/update-ca-trust.8.txt
+++ b/update-ca-trust.8.txt
@@ -184,12 +184,6 @@ Distrust information cannot be represented in this file format,
 and distrusted certificates are missing from these files.
 File cacerts contains CA certificates trusted for TLS server authentication.
 
-The directory /etc/pki/ca-trust/extracted/openssl/ contains 
-CA certificate bundle files in the extended BEGIN/END TRUSTED CERTIFICATE file format, 
-as described in the x509(1) manual page.
-File ca-bundle.trust.crt contains the full set of all trusted
-or distrusted certificates, including the associated trust flags.
-
 The directory /etc/pki/ca-trust/extracted/pem/ contains 
 CA certificate bundle files in the simple BEGIN/END CERTIFICATE file format, 
 as described in the x509(1) manual page.
@@ -239,10 +233,6 @@ FILES
 	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
 
-/etc/pki/tls/certs/ca-bundle.trust.crt::
-	Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
-	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
-
 /etc/pki/java/cacerts::
 	Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
 	This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.