From e360c102c07514b6506f96f127ec035ad80b6a2b Mon Sep 17 00:00:00 2001 From: Frantisek Krenzelok Date: Thu, 1 Aug 2024 12:19:46 +0200 Subject: [PATCH] Track the directory-hash files Related: RHEL-21094 - Temporarily generate the directory-hash files in %%install ...(next item) - Add list of ghost files from directory-hash to %%files - Fix typos in the previous changelog --- ca-certificates.spec | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/ca-certificates.spec b/ca-certificates.spec index f6ade4a..1c3cd95 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -38,7 +38,7 @@ Name: ca-certificates Version: 2024.2.69_v8.0.303 # for y-stream, please always use 91 <= release < 100 (91,92,93) # for z-stream release branches, please use 90 <= release < 91 (90.0, 90.1, ...) -Release: 91.2%{?dist} +Release: 91.3%{?dist} License: MIT AND GPL-2.0-or-later URL: https://fedoraproject.org/wiki/CA-Certificates @@ -185,7 +185,7 @@ mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/anchors mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/source/blocklist mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem -mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/directory-hash +mkdir -p -m 555 $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/directory-hash mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/openssl mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/java mkdir -p -m 755 $RPM_BUILD_ROOT%{catrustdir}/extracted/edk2 @@ -273,6 +273,14 @@ else fi mkdir -p "$trust_module_dir" + +# It is unlikely that the directory would contain any files on a build system, +# but let's make sure just in case. +if [ -n "$(ls -A "$trust_module_dir")" ]; then + echo "Directory $trust_module_dir is not empty. Aborting build!" + exit 1 +fi + trust_module_config=$trust_module_dir/%{name}-p11-kit-trust.module cat >"$trust_module_config" < .files.txt +sed -i "s|^$RPM_BUILD_ROOT|%ghost /|" .files.txt +cp .files.txt /tmp/.files.txt # Clean up the temporary module config. rm -f "$trust_module_config" + +%clean +/usr/bin/chmod u+w $RPM_BUILD_ROOT%{catrustdir}/extracted/pem/directory-hash +rm -rf $RPM_BUILD_ROOT + %pre if [ $1 -gt 1 ] ; then # Upgrade or Downgrade. @@ -359,7 +376,8 @@ fi %{_bindir}/ca-legacy install %{_bindir}/update-ca-trust -%files +# The file .files.txt contains the list of (%ghost )files in the directory-hash +%files -f .files.txt %dir %{_sysconfdir}/ssl %dir %{pkidir}/tls %dir %{pkidir}/tls/certs @@ -377,6 +395,7 @@ fi %dir %{_datadir}/pki/ca-trust-source/anchors %dir %{_datadir}/pki/ca-trust-source/blocklist %dir %{_datadir}/pki/ca-trust-legacy +%dir %{catrustdir}/extracted/pem/directory-hash %config(noreplace) %{catrustdir}/ca-legacy.conf @@ -388,7 +407,6 @@ fi %{catrustdir}/extracted/java/README %{catrustdir}/extracted/openssl/README %{catrustdir}/extracted/pem/README -%{catrustdir}/extracted/pem/directory-hash %{catrustdir}/extracted/edk2/README %{catrustdir}/source/README @@ -419,11 +437,17 @@ fi %ghost %{catrustdir}/extracted/openssl/%{openssl_format_trust_bundle} %ghost %{catrustdir}/extracted/%{java_bundle} %ghost %{catrustdir}/extracted/edk2/cacerts.bin - +%ghost %{catrustdir}/extracted/pem/directory-hash/ca-bundle.crt +%ghost %{catrustdir}/extracted/pem/directory-hash/ca-certificates.crt %changelog +*Wed Aug 7 2024 Frantisek Krenzelok - 2024.2.69_v8.0.303-91.3 +- Temporarily generate the directory-hash files in %%install ...(next item) +- Add list of ghost files from directory-hash to %%files + *Mon Jul 29 2024 Frantisek Krenzelok - 2024.2.69_v8.0.303-91.2 -- Remowe write permition from directory-hash +- Remove write permissions from directory-hash + *Mon Jul 29 2024 Frantisek Krenzelok - 2024.2.69_v8.0.303-91.1 - Reduce dependency on p11-kit to only the trust subpackage - Own the Directory-hash directory