Fedora Release Engineering
0fa62ae95f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 01:32:44 +00:00
Bob Relyea
05fc0ccfd2
remove unnecessarily divisive terms, take 1.
...
in ca-certificates there are 3 cases:
1) master refering to the fedora master branch in the fetch.sh script.
This can only be changed once fedora changes the master branch name.
2) a reference to the 'master bundle' in this file: this has been changed
to 'primary bundle'.
3) a couple of blacklist directories owned by this package, but used to
p11-kit. New 'blocklist' directories have been created, but p11-kit
needs to be updated before the old blacklist directories can be removed
and the man pages corrected.
2021-01-12 13:50:47 -08:00
Christian Heimes
9bd23da27f
Add cross-distro compatibility symlinks
...
The directory /etc/ssl now contains symlinks to cert.pem bundle,
openssl.cnf, and ct_log_list.cnf to provide better cross-distribution
compatibility.
Resolves: rhbz#1895619
2020-11-10 10:59:19 +01:00
Fedora Release Engineering
5221e001cb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:33:08 +00:00
Adam Williamson
5f1176f65b
Fix up broken %post and %postinstall scriptlet changes from -2
2020-06-16 12:49:50 -07:00
Adam Williamson
a430e4124c
Simplify the %post and %postinstall script stuff, it was broken
...
This approach had multiple problems. The most obvious is a typo -
it had `%-bindir` instead of `%_bindir`. But you also cannot mix
a %define into a %post script as was being done here, that just
doesn't work, you can't track state between scriptlets like that.
And the `%if` in %posttrans would be resolved at package build
time, not at %posttrans run time. (I think the syntax was wrong
anyway). This whole approach was irredeemably broken.
To get things back to a working state quickly, let's just do it
in a simple-but-dumb way: always run the scripts in %posttrans,
run them in %post if `ln` is available (with the typo fixed).
This means we'll often run them twice, but I don't think that
actually hurts anything. We can refine from here if desired.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-06-16 12:43:54 -07:00
Bob Relyea
34155d6cbe
Fix unclosed if
2020-06-10 12:50:35 -07:00
Bob Relyea
9a68b05c60
Update to CKBI 2.41 from NSS 3.53.0
...
Removing:
# Certificate "AddTrust Low-Value Services Root"
# Certificate "AddTrust External Root"
# Certificate "Staat der Nederlanden Root CA - G2"
-Updates several certificates with CKA_SERVER_DISTRUST_AFTER with a data
-Fix circular dependency issue by moving ca-legacy and upcate-ca-trust to
%posttrans
2020-06-10 12:45:49 -07:00
Daiki Ueno
00da4d0e2a
Update versioned dependency on p11-kit
2020-01-28 08:49:10 +01:00
Daiki Ueno
eaf3ef8b6b
Update to CKBI 2.40 from NSS 3.48
2020-01-22 10:56:12 +01:00
Daiki Ueno
6aec97d9bd
certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER
...
This allows to follow upcoming changes in certdata.txt:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2019-12-04 10:53:31 +01:00
Fedora Release Engineering
8702798203
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 19:46:15 +00:00
Bob Relyea
605570b71e
Resolves: rhbz#1722213
...
- Update to CKBI 2.32 from NSS 3.44
Removing:
# Certificate "Visa eCommerce Root"
# Certificate "AC Raiz Certicamara S.A."
# Certificate "Certplus Root CA G1"
# Certificate "Certplus Root CA G2"
# Certificate "OpenTrust Root CA G1"
# Certificate "OpenTrust Root CA G2"
# Certificate "OpenTrust Root CA G3"
Adding:
# Certificate "GTS Root R1"
# Certificate "GTS Root R2"
# Certificate "GTS Root R3"
# Certificate "GTS Root R4"
# Certificate "UCA Global G2 Root"
# Certificate "UCA Extended Validation Root"
# Certificate "Certigna Root CA"
# Certificate "emSign Root CA - G1"
# Certificate "emSign ECC Root CA - G3"
# Certificate "emSign Root CA - C1"
# Certificate "emSign ECC Root CA - C3"
# Certificate "Hongkong Post Root CA 3"
2019-06-19 10:17:16 -07:00
Fedora Release Engineering
4f5bce3dc2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:07:07 +00:00
Igor Gnatenko
6947c0bb5e
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:57 +01:00
Robert Relyea
f4842fa2d8
Fix stray commit character that turned a comment into an invalid rpm directive
2018-09-24 17:53:39 -07:00
Robert Relyea
439a513c7a
Update ca-certficates to 2.26 from NSS 3.39
2018-09-24 17:18:53 -07:00
Fedora Release Engineering
46d2f25804
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:28:32 +00:00
Paul Wouters
31ba2e4690
packaging: remove obsolete defattr line
2018-07-03 15:36:24 -04:00
Kai Engert
1a2c011ba4
Ported scripts to python3
2018-06-28 22:36:01 +02:00
Kai Engert
34c0da9058
edk2 requires p11-kit >= 0.23.10
2018-06-11 16:08:26 +02:00
Daiki Ueno
6220683f76
Extract certificate bundle in EDK2 format
2018-06-11 14:05:57 +02:00
Kai Engert
398639612c
Adjust ghost file permissions, rhbz#1564432
2018-06-04 15:19:58 +02:00
Kai Engert
342574ec95
Update to CKBI 2.24 from NSS 3.37
2018-05-18 13:05:43 +02:00
Iryna Shcherbina
77a1f2aa46
Update Python 2 dependency declarations to new packaging standards
2018-03-15 00:20:54 +01:00
Patrick Uiterwijk
09838f0deb
Add dep on coreutils for ln(1) in %post
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-23 23:02:30 +01:00
Igor Gnatenko
44ff50bbce
Remove %clean section
...
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:53:59 +01:00
Kai Engert
a77bc273de
Update to CKBI 2.22 from NSS 3.35
2018-02-06 14:42:09 +01:00
Kai Engert
756b8b4c69
Depend on bash, grep, sed. Required for ca-legacy script execution.
...
p11-kit is already required at %%post execution time. (rhbz#1537127)
2018-01-22 15:35:38 +01:00
Kai Engert
4d1e9c779d
Use the force, script! (Which sln did by default).
2018-01-19 13:14:55 +01:00
Kai Engert
201f66b36b
Stop using sln in ca-legacy script.
2018-01-19 13:07:06 +01:00
Kai Engert
078e3f0b9b
Use ln -s, because sln was removed from glibc. rhbz#1536349
2018-01-19 12:57:53 +01:00
Kai Engert
e3a2f67722
Update to CKBI 2.20 from NSS 3.34.1
2017-11-27 21:37:37 +01:00
Bruno Goncalves
5fae916208
Add CI tests using the standard test interface
2017-09-25 11:03:21 +02:00
Kai Engert
6b317cb305
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/ca-certificates
2017-08-15 15:41:33 +02:00
Kai Engert
7a69d0d22f
- Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172).
2017-08-15 15:39:45 +02:00
Fedora Release Engineering
c735381906
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 04:24:01 +00:00
Kai Engert
7accaab619
Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing.
2017-07-19 11:40:38 +02:00
Petr Písař
a2a1b6c64d
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:05:20 +02:00
Kai Engert
6cea01c4b1
Update to CKBI 2.14 from NSS 3.30.2
2017-04-26 14:37:22 +02:00
Kai Engert
c1c275770a
For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
...
Set attribute modifiable: false
Require p11-kit 0.23.4
2017-02-23 19:39:46 +01:00
Kai Engert
f0b0be2c1f
- Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
...
as a preparation to fix bugs in the interaction between p11-kit-trust and
Mozilla applications, such as Firefox, Thunderbird etc.
- Changed update-ca-trust to add comments to extracted PEM format files.
- Added an utility to help with comparing output of the trust dump command.
2017-02-13 21:04:08 +01:00
Fedora Release Engineering
b1bece42f2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 07:11:28 +00:00
Kai Engert
1926916bb3
Update to CKBI 2.11 from NSS 3.28.1
2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b
Update to CKBI 2.10 from NSS 3.27
2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3
Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change.
2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d
Update to CKBI 2.9 from NSS 3.26 with legacy modifications
2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e
Update to CKBI 2.8 from NSS 3.25 with legacy modifications
2016-07-15 13:44:08 +02:00
Kai Engert
8867a18ec0
Only create backup files if there is an original file (bug 999017).
2016-05-10 20:28:23 +02:00
Kai Engert
5300aa7f75
Use sln, not ln, to avoid the dependency on coreutils.
2016-05-10 18:48:44 +02:00