- Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172).
This commit is contained in:
parent
7accaab619
commit
7a69d0d22f
@ -38,7 +38,7 @@ Name: ca-certificates
|
|||||||
Version: 2017.2.16
|
Version: 2017.2.16
|
||||||
# for Rawhide, please always use release >= 2
|
# for Rawhide, please always use release >= 2
|
||||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
License: Public Domain
|
License: Public Domain
|
||||||
|
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -352,6 +352,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 15 2017 Kai Engert <kaie@redhat.com> - 2017.2.16-3
|
||||||
|
- Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user
|
||||||
|
configuration files (rhbz#1478172).
|
||||||
|
|
||||||
* Wed Jul 19 2017 Kai Engert <kaie@redhat.com> - 2017.2.16-2
|
* Wed Jul 19 2017 Kai Engert <kaie@redhat.com> - 2017.2.16-2
|
||||||
- Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32.
|
- Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32.
|
||||||
Mozilla removed all trust bits for code signing.
|
Mozilla removed all trust bits for code signing.
|
||||||
|
@ -9,6 +9,9 @@
|
|||||||
|
|
||||||
DEST=/etc/pki/ca-trust/extracted
|
DEST=/etc/pki/ca-trust/extracted
|
||||||
|
|
||||||
|
# Prevent p11-kit from reading user configuration files.
|
||||||
|
export P11_KIT_NO_USER_CONFIG=1
|
||||||
|
|
||||||
# OpenSSL PEM bundle that includes trust flags
|
# OpenSSL PEM bundle that includes trust flags
|
||||||
# (BEGIN TRUSTED CERTIFICATE)
|
# (BEGIN TRUSTED CERTIFICATE)
|
||||||
/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt
|
/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment $DEST/openssl/ca-bundle.trust.crt
|
||||||
|
Loading…
Reference in New Issue
Block a user