Reduce dependency on p11-kit to only the trust subpackage
Related: RHEL-50293 Fedora MR: https://src.fedoraproject.org/rpms/ca-certificates/pull-request/9#
This commit is contained in:
parent
65124caff8
commit
be4d5cdeb0
@ -72,9 +72,7 @@ Requires(post): coreutils
|
|||||||
Requires: bash
|
Requires: bash
|
||||||
Requires: grep
|
Requires: grep
|
||||||
Requires: sed
|
Requires: sed
|
||||||
Requires(post): p11-kit >= 0.24
|
|
||||||
Requires(post): p11-kit-trust >= 0.24
|
Requires(post): p11-kit-trust >= 0.24
|
||||||
Requires: p11-kit >= 0.24
|
|
||||||
Requires: p11-kit-trust >= 0.24
|
Requires: p11-kit-trust >= 0.24
|
||||||
|
|
||||||
BuildRequires: perl-interpreter
|
BuildRequires: perl-interpreter
|
||||||
|
@ -70,15 +70,15 @@ extract() {
|
|||||||
|
|
||||||
# OpenSSL PEM bundle that includes trust flags
|
# OpenSSL PEM bundle that includes trust flags
|
||||||
# (BEGIN TRUSTED CERTIFICATE)
|
# (BEGIN TRUSTED CERTIFICATE)
|
||||||
/usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite --comment "$DEST/openssl/ca-bundle.trust.crt"
|
/usr/bin/trust extract --format=openssl-bundle --filter=certificates --overwrite --comment "$DEST/openssl/ca-bundle.trust.crt"
|
||||||
/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth "$DEST/pem/tls-ca-bundle.pem"
|
/usr/bin/trust extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose server-auth "$DEST/pem/tls-ca-bundle.pem"
|
||||||
/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email "$DEST/pem/email-ca-bundle.pem"
|
/usr/bin/trust extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose email "$DEST/pem/email-ca-bundle.pem"
|
||||||
/usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing "$DEST/pem/objsign-ca-bundle.pem"
|
/usr/bin/trust extract --format=pem-bundle --filter=ca-anchors --overwrite --comment --purpose code-signing "$DEST/pem/objsign-ca-bundle.pem"
|
||||||
/usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth "$DEST/java/cacerts"
|
/usr/bin/trust extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth "$DEST/java/cacerts"
|
||||||
/usr/bin/p11-kit extract --format=edk2-cacerts --filter=ca-anchors --overwrite --purpose=server-auth "$DEST/edk2/cacerts.bin"
|
/usr/bin/trust extract --format=edk2-cacerts --filter=ca-anchors --overwrite --purpose=server-auth "$DEST/edk2/cacerts.bin"
|
||||||
# Hashed directory of BEGIN TRUSTED-style certs (usable as OpenSSL CApath and
|
# Hashed directory of BEGIN TRUSTED-style certs (usable as OpenSSL CApath and
|
||||||
# by GnuTLS)
|
# by GnuTLS)
|
||||||
/usr/bin/p11-kit extract --format=pem-directory-hash --filter=ca-anchors --overwrite --purpose server-auth "$DEST/pem/directory-hash"
|
/usr/bin/trust extract --format=pem-directory-hash --filter=ca-anchors --overwrite --purpose server-auth "$DEST/pem/directory-hash"
|
||||||
|
|
||||||
# p11-kit extract will have made this directory unwritable; when run with
|
# p11-kit extract will have made this directory unwritable; when run with
|
||||||
# CAP_DAC_OVERRIDE this does not matter, but in container use cases that may
|
# CAP_DAC_OVERRIDE this does not matter, but in container use cases that may
|
||||||
|
Loading…
Reference in New Issue
Block a user