Frantisek Krenzelok
4050611f40
Update to CKBI 2.68_v8.0.302 from NSS 3.101
...
Resolves: RHEL-46002
Removing:
# Certificate "Verisign Class 1 Public Primary Certification Authority - G3"
# Certificate "Verisign Class 2 Public Primary Certification Authority - G3"
# Certificate "Security Communication Root CA"
# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
# Certificate "Symantec Class 1 Public Primary Certification Authority - G6"
# Certificate "Symantec Class 2 Public Primary Certification Authority - G6"
# Certificate "TrustCor RootCert CA-1"
# Certificate "TrustCor RootCert CA-2"
# Certificate "TrustCor ECA-1"
Adding:
# Certificate "TrustAsia Global Root CA G3"
# Certificate "TrustAsia Global Root CA G4"
# Certificate "CommScope Public Trust ECC Root-01"
# Certificate "CommScope Public Trust ECC Root-02"
# Certificate "CommScope Public Trust RSA Root-01"
# Certificate "CommScope Public Trust RSA Root-02"
# Certificate "D-Trust SBR Root CA 1 2022"
# Certificate "D-Trust SBR Root CA 2 2022"
# Certificate "Telekom Security SMIME ECC Root 2021"
# Certificate "Telekom Security TLS ECC Root 2020"
# Certificate "Telekom Security SMIME RSA Root 2023"
# Certificate "Telekom Security TLS RSA Root 2023"
# Certificate "FIRMAPROFESIONAL CA ROOT-A WEB"
# Certificate "SECOM Trust.net"
# Certificate "VeriSign Class 2 Public Primary Certification Authority - G3"
# Certificate "SSL.com Code Signing RSA Root CA 2022"
# Certificate "SSL.com Code Signing ECC Root CA 2022"
2024-07-03 15:47:53 +02:00
Troy Dawson
7667efa999
Bump release for June 2024 mass rebuild
2024-06-24 08:37:47 -07:00
Fedora Release Engineering
ad028945f2
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-23 01:04:43 +00:00
Fedora Release Engineering
302dbabf4e
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-19 14:55:25 +00:00
Robert Relyea
44da037acb
update-ca-trust: Fix bug in update-ca-trust so we don't depened on util-unix
...
rhbz#2242727
2023-10-09 17:23:28 -07:00
Adam Williamson
f04a9cf58d
Skip %post if getopt is missing
2023-10-07 08:59:46 -07:00
Robert Relyea
65515a4fba
fix version pasting
2023-10-04 14:37:44 -07:00
Robert Relyea
fe9aee3d97
- Update fetch to handle merging microsoft code signing certs.
...
- Update fetchobjsign.sh and merge2certdata.py to their
ca-certificate-scripts equivalent.
- Update to CKBI 2.62-v7.0.401 from NSS 3.93
Removing:
# Certificate "Camerfirma Chambers of Commerce Root"
# Certificate "Hongkong Post Root CA 1"
# Certificate "FNMT-RCM"
Adding:
# Certificate "LAWtrust Root CA2 (4096)"
# Certificate "Sectigo Public Email Protection Root E46"
# Certificate "Sectigo Public Email Protection Root R46"
# Certificate "Sectigo Public Server Authentication Root E46"
# Certificate "Sectigo Public Server Authentication Root R46"
# Certificate "SSL.com TLS RSA Root CA 2022"
# Certificate "SSL.com TLS ECC Root CA 2022"
# Certificate "SSL.com Client ECC Root CA 2022"
# Certificate "SSL.com Client RSA Root CA 2022"
# Certificate "Atos TrustedRoot Root CA ECC G2 2020"
# Certificate "Atos TrustedRoot Root CA RSA G2 2020"
# Certificate "Atos TrustedRoot Root CA ECC TLS 2021"
# Certificate "Atos TrustedRoot Root CA RSA TLS 2021"
# Certificate "Chambers of Commerce Root"
2023-10-04 14:31:59 -07:00
Clemens Lang
e004a0c69f
update-ca-trust: Support --output and non-root operation
...
Add the --output option to update-ca-trust so that trust stores can be
written to a different output directory. This is useful to prepare trust
store directories that can be used in containers.
Additionally, fix running update-ca-trust as non-root user
(specifically, without CAP_DAC_OVERRIDE) which was previously required
to create two symbolic links.
Quote all uses of $DEST since a user-specified path could contain
spaces.
Resolves: rhbz#2241240
2023-10-02 11:54:29 +02:00
Robert Relyea
ebc3273b93
update License: field to SPDX
2023-09-11 09:44:36 -07:00
Robert Relyea
19f1fee1e6
Update to CKBI 2.60_v7.0.306 from NSS 3.91
...
Removing:
# Certificate "OpenTrust Root CA G1"
# Certificate "Swedish Government Root Authority v1"
# Certificate "DigiNotar Root CA G2"
# Certificate "Federal Common Policy CA"
# Certificate "TC TrustCenter Universal CA III"
# Certificate "CCA India 2007"
# Certificate "ipsCA Global CA Root"
# Certificate "ipsCA Main CA Root"
# Certificate "Macao Post eSignTrust Root Certification Authority"
# Certificate "InfoNotary CSP Root"
# Certificate "DigiNotar Root CA"
# Certificate "Root CA"
# Certificate "GPKIRootCA"
# Certificate "D-TRUST Qualified Root CA 1 2007:PN"
# Certificate "TC TrustCenter Universal CA I"
# Certificate "TC TrustCenter Universal CA II"
# Certificate "TC TrustCenter Class 2 CA II"
# Certificate "TC TrustCenter Class 4 CA II"
# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
# Certificate "CertRSA01"
# Certificate "KISA RootCA 3"
# Certificate "A-CERT ADVANCED"
# Certificate "A-Trust-Qual-01"
# Certificate "A-Trust-nQual-01"
# Certificate "Serasa Certificate Authority II"
# Certificate "TDC Internet"
# Certificate "America Online Root Certification Authority 2"
# Certificate "RSA Security Inc"
# Certificate "Public Notary Root"
# Certificate "Autoridade Certificadora Raiz Brasileira"
# Certificate "Post.Trust Root CA"
# Certificate "Entrust.net Secure Server Certification Authority"
# Certificate "ePKI EV SSL Certification Authority - G1"
Adding:
# Certificate "BJCA Global Root CA1"
# Certificate "BJCA Global Root CA2"
# Certificate "Symantec Enterprise Mobile Root for Microsoft"
# Certificate "A-Trust-Root-05"
# Certificate "ADOCA02"
# Certificate "StartCom Certification Authority G2"
# Certificate "ATHEX Root CA"
# Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı"
# Certificate "GeoTrust Primary Certification Authority"
# Certificate "thawte Primary Root CA"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
# Certificate "America Online Root Certification Authority 1"
# Certificate "Juur-SK"
# Certificate "ComSign CA"
# Certificate "ComSign Secured CA"
# Certificate "ComSign Advanced Security CA"
# Certificate "Sonera Class2 CA"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
# Certificate "VeriSign, Inc."
# Certificate "GTE CyberTrust Global Root"
# Certificate "Equifax Secure Global eBusiness CA-1"
# Certificate "Equifax"
# Certificate "Class 1 Primary CA"
# Certificate "Swiss Government Root CA III"
# Certificate "Application CA G4 Root"
# Certificate "SSC GDL CA Root A"
# Certificate "GlobalSign Code Signing Root E45"
# Certificate "GlobalSign Code Signing Root R45"
# Certificate "Entrust Code Signing Root Certification Authority - CSBR1"
2023-08-01 10:11:53 -07:00
Robert Relyea
0ea28921fe
Bump version and rebuild for f39 mass rebuild
2023-07-25 15:04:05 -07:00
Yaakov Selkowitz
5a328d3079
Adapt to asciidoc 10 changes
...
asciidoc 10 includes a number of packaging changes, including the
removal of asciidoc.py aliases and the relocation of resources.
Instead of trying to manage the latter in a compatible way, use
xmlto instead for the xml-to-man conversion.
2023-06-26 17:07:05 -04:00
Frantisek Krenzelok
baa0ace302
Update to CKBI 2.60 from NSS 3.86
...
Removing:
# Certificate "Camerfirma Global Chambersign Root"
# Certificate "Staat der Nederlanden EV Root CA"
Adding:
# Certificate "DigiCert TLS ECC P384 Root G5"
# Certificate "DigiCert TLS RSA4096 Root G5"
# Certificate "DigiCert SMIME ECC P384 Root G5"
# Certificate "DigiCert SMIME RSA4096 Root G5"
# Certificate "Certainly Root R1"
# Certificate "Certainly Root E1"
# Certificate "E-Tugra Global Root CA RSA v3"
# Certificate "E-Tugra Global Root CA ECC v3"
# Certificate "DIGITALSIGN GLOBAL ROOT RSA CA"
# Certificate "DIGITALSIGN GLOBAL ROOT ECDSA CA"
# Certificate "Global Chambersign Root"
2023-01-20 20:06:00 +01:00
Fedora Release Engineering
65fd29ac02
Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-18 23:22:38 +00:00
Bob Relyea
3e24439003
Update to CKBI 2.54 from NSS 3.79
...
Removing:
# Certificate "TrustCor ECA-1"
# Certificate "TrustCor RootCert CA-2"
# Certificate "TrustCor RootCert CA-1"
# Certificate "Network Solutions Certificate Authority"
# Certificate "COMODO Certification Authority"
# Certificate "Autoridad de Certificacion Raiz del Estado Venezolano"
# Certificate "Microsec e-Szigno Root CA 2009"
# Certificate "TWCA Root Certification Authority"
# Certificate "Izenpe.com"
# Certificate "state-institutions"
# Certificate "GlobalSign"
# Certificate "Common Policy"
# Certificate "A-Trust-nQual-03"
# Certificate "A-Trust-Qual-02"
# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
# Certificate "Government Root Certification Authority"
# Certificate "AC Raíz Certicámara S.A."
2022-07-28 12:10:46 -07:00
Bob Relyea
d4451d31cd
Update to CKBI 2.54 from NSS 3.79
2022-07-27 16:05:04 -07:00
Fedora Release Engineering
082ca8530e
Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 22:27:16 +00:00
Bob Relyea
f6b8f45e83
Update to CKBI 2.54 from NSS 3.79
...
Removing:
# Certificate "GlobalSign Root CA - R2"
# Certificate "DST Root CA X3"
# Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
Adding:
# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
# Certificate "vTrus ECC Root CA"
# Certificate "vTrus Root CA"
# Certificate "ISRG Root X2"
# Certificate "HiPKI Root CA - G1"
# Certificate "Telia Root CA v2"
# Certificate "D-TRUST BR Root CA 1 2020"
# Certificate "D-TRUST EV Root CA 1 2020"
# Certificate "CAEDICOM Root"
# Certificate "I.CA Root CA/RSA"
# Certificate "MULTICERT Root Certification Authority 01"
# Certificate "Certification Authority of WoSign G2"
# Certificate "CA WoSign ECC Root"
# Certificate "CCA India 2015 SPL"
# Certificate "Swedish Government Root Authority v3"
# Certificate "Swedish Government Root Authority v2"
# Certificate "Tunisian Root Certificate Authority - TunRootCA2"
# Certificate "OpenTrust Root CA G1"
# Certificate "OpenTrust Root CA G2"
# Certificate "OpenTrust Root CA G3"
# Certificate "Certplus Root CA G1"
# Certificate "Certplus Root CA G2"
# Certificate "Government Root Certification Authority"
# Certificate "A-Trust-Qual-02"
# Certificate "Thailand National Root Certification Authority - G1"
# Certificate "TrustCor ECA-1"
# Certificate "TrustCor RootCert CA-2"
# Certificate "TrustCor RootCert CA-1"
# Certificate "Certification Authority of WoSign"
# Certificate "CA 沃通根证书"
# Certificate "SSC GDL CA Root B"
# Certificate "SAPO Class 2 Root CA"
# Certificate "SAPO Class 3 Root CA"
# Certificate "SAPO Class 4 Root CA"
# Certificate "CA Disig Root R1"
# Certificate "Autoridad Certificadora Raíz Nacional de Uruguay"
# Certificate "ApplicationCA2 Root"
# Certificate "GlobalSign"
# Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
# Certificate "Symantec Class 3 Public Primary Certification Authority - G4"
# Certificate "Halcom Root CA"
# Certificate "Swisscom Root EV CA 2"
# Certificate "CFCA GT CA"
# Certificate "Digidentity L3 Root CA - G2"
# Certificate "SITHS Root CA v1"
# Certificate "Macao Post eSignTrust Root Certification Authority (G02)"
# Certificate "Autoridade Certificadora Raiz Brasileira v2"
# Certificate "Swisscom Root CA 2"
# Certificate "IGC/A AC racine Etat francais"
# Certificate "PersonalID Trustworthy RootCA 2011"
# Certificate "Swedish Government Root Authority v1"
# Certificate "Swiss Government Root CA II"
# Certificate "Swiss Government Root CA I"
# Certificate "Network Solutions Certificate Authority"
# Certificate "COMODO Certification Authority"
# Certificate "LuxTrust Global Root"
# Certificate "AC1 RAIZ MTIN"
# Certificate "Microsoft Root Certificate Authority 2011"
# Certificate "CCA India 2011"
# Certificate "ANCERT Certificados Notariales V2"
# Certificate "ANCERT Certificados CGN V2"
# Certificate "EE Certification Centre Root CA"
# Certificate "DigiNotar Root CA G2"
# Certificate "Federal Common Policy CA"
# Certificate "Autoridad de Certificacion Raiz del Estado Venezolano"
# Certificate "Autoridad de Certificacion Raiz del Estado Venezolano"
# Certificate "China Internet Network Information Center EV Certificates Root"
# Certificate "Verizon Global Root CA"
# Certificate "SwissSign Silver Root CA - G3"
# Certificate "SwissSign Platinum Root CA - G3"
# Certificate "SwissSign Gold Root CA - G3"
# Certificate "Microsec e-Szigno Root CA 2009"
# Certificate "SITHS CA v3"
# Certificate "Certinomis - Autorité Racine"
# Certificate "ANF Server CA"
# Certificate "Thawte Premium Server CA"
# Certificate "Thawte Server CA"
# Certificate "TC TrustCenter Universal CA III"
# Certificate "KEYNECTIS ROOT CA"
# Certificate "I.CA - Standard Certification Authority, 09/2009"
# Certificate "I.CA - Qualified Certification Authority, 09/2009"
# Certificate "VI Registru Centras RCSC (RootCA)"
# Certificate "CCA India 2007"
# Certificate "Autoridade Certificadora Raiz Brasileira v1"
# Certificate "ipsCA Global CA Root"
# Certificate "ipsCA Main CA Root"
# Certificate "Actalis Authentication CA G1"
# Certificate "A-Trust-Qual-03"
# Certificate "AddTrust External CA Root"
# Certificate "ECRaizEstado"
# Certificate "Configuration"
# Certificate "FNMT-RCM"
# Certificate "StartCom Certification Authority"
# Certificate "TWCA Root Certification Authority"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
# Certificate "thawte Primary Root CA - G2"
# Certificate "GeoTrust Primary Certification Authority - G2"
# Certificate "VeriSign Universal Root Certification Authority"
# Certificate "thawte Primary Root CA - G3"
# Certificate "GeoTrust Primary Certification Authority - G3"
# Certificate "E-ME SSI (RCA)"
# Certificate "ACEDICOM Root"
# Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia"
# Certificate "Correo Uruguayo - Root CA"
# Certificate "CNNIC ROOT"
# Certificate "Common Policy"
# Certificate "Macao Post eSignTrust Root Certification Authority"
# Certificate "Staat der Nederlanden Root CA - G2"
# Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
# Certificate "AC Raíz Certicámara S.A."
# Certificate "Cisco Root CA 2048"
# Certificate "CA Disig"
# Certificate "InfoNotary CSP Root"
# Certificate "UCA Global Root"
# Certificate "UCA Root"
# Certificate "DigiNotar Root CA"
# Certificate "Starfield Services Root Certificate Authority"
# Certificate "I.CA - Qualified root certificate"
# Certificate "I.CA - Standard root certificate"
# Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
# Certificate "Japanese Government"
# Certificate "AdminCA-CD-T01"
# Certificate "Admin-Root-CA"
# Certificate "Izenpe.com"
# Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3"
# Certificate "Halcom CA FO"
# Certificate "Halcom CA PO 2"
# Certificate "Root CA"
# Certificate "GPKIRootCA"
# Certificate "ACNLB"
# Certificate "state-institutions"
# Certificate "state-institutions"
# Certificate "SECOM Trust Systems CO.,LTD."
# Certificate "D-TRUST Qualified Root CA 1 2007:PN"
# Certificate "D-TRUST Root Class 2 CA 2007"
# Certificate "D-TRUST Root Class 3 CA 2007"
# Certificate "SSC Root CA A"
# Certificate "SSC Root CA B"
# Certificate "SSC Root CA C"
# Certificate "Autoridad de Certificacion de la Abogacia"
# Certificate "Root CA Generalitat Valenciana"
# Certificate "VAS Latvijas Pasts SSI(RCA)"
# Certificate "ANCERT Certificados CGN"
# Certificate "ANCERT Certificados Notariales"
# Certificate "ANCERT Corporaciones de Derecho Publico"
# Certificate "GLOBALTRUST"
# Certificate "Certipost E-Trust TOP Root CA"
# Certificate "Certipost E-Trust Primary Qualified CA"
# Certificate "Certipost E-Trust Primary Normalised CA"
# Certificate "GlobalSign"
# Certificate "IGC/A"
# Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN"
# Certificate "TC TrustCenter Universal CA I"
# Certificate "TC TrustCenter Universal CA II"
# Certificate "TC TrustCenter Class 2 CA II"
# Certificate "TC TrustCenter Class 4 CA II"
# Certificate "Swisscom Root CA 1"
# Certificate "Microsec e-Szigno Root CA"
# Certificate "LGPKI"
# Certificate "AC RAIZ DNIE"
# Certificate "Common Policy"
# Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
# Certificate "A-Trust-nQual-03"
# Certificate "A-Trust-nQual-03"
# Certificate "CertRSA01"
# Certificate "KISA RootCA 1"
# Certificate "KISA RootCA 3"
# Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado"
# Certificate "A-CERT ADVANCED"
# Certificate "A-Trust-Qual-01"
# Certificate "A-Trust-nQual-01"
# Certificate "A-Trust-Qual-02"
# Certificate "Staat der Nederlanden Root CA"
# Certificate "Serasa Certificate Authority II"
# Certificate "TDC Internet"
# Certificate "America Online Root Certification Authority 2"
# Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
# Certificate "Government Root Certification Authority"
# Certificate "RSA Security Inc"
# Certificate "Public Notary Root"
# Certificate "GeoTrust Global CA"
# Certificate "GeoTrust Global CA 2"
# Certificate "GeoTrust Universal CA"
# Certificate "GeoTrust Universal CA 2"
# Certificate "QuoVadis Root Certification Authority"
# Certificate "Autoridade Certificadora Raiz Brasileira"
# Certificate "Post.Trust Root CA"
# Certificate "Microsoft Root Authority"
# Certificate "Microsoft Root Certificate Authority"
# Certificate "Microsoft Root Certificate Authority 2010"
# Certificate "Entrust.net Secure Server Certification Authority"
# Certificate "UTN-USERFirst-Object"
# Certificate "BYTE Root Certification Authority 001"
# Certificate "CISRCA1"
# Certificate "ePKI Root Certification Authority - G2"
# Certificate "ePKI EV SSL Certification Authority - G1"
# Certificate "AC Raíz Certicámara S.A."
# Certificate "SSL.com EV Root Certification Authority RSA"
# Certificate "LuxTrust Global Root 2"
# Certificate "ACA ROOT"
# Certificate "Security Communication ECC RootCA1"
# Certificate "Security Communication RootCA3"
# Certificate "CHAMBERS OF COMMERCE ROOT - 2016"
# Certificate "Network Solutions RSA Certificate Authority"
# Certificate "Network Solutions ECC Certificate Authority"
# Certificate "Australian Defence Public Root CA"
# Certificate "SI-TRUST Root"
# Certificate "Halcom Root Certificate Authority"
# Certificate "Application CA G3 Root"
# Certificate "GLOBALTRUST 2015"
# Certificate "Microsoft ECC Product Root Certificate Authority 2018"
# Certificate "emSign Root CA - G2"
# Certificate "emSign Root CA - C2"
# Certificate "Microsoft ECC TS Root Certificate Authority 2018"
# Certificate "DigiCert CS ECC P384 Root G5"
# Certificate "DigiCert CS RSA4096 Root G5"
# Certificate "DigiCert RSA4096 Root G5"
# Certificate "DigiCert ECC P384 Root G5"
# Certificate "HARICA Code Signing RSA Root CA 2021"
# Certificate "HARICA Code Signing ECC Root CA 2021"
# Certificate "Microsoft Identity Verification Root Certificate Authority 2020"
2022-07-15 10:08:43 -07:00
Fedora Release Engineering
421e34b661
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 22:46:28 +00:00
Bob Relyea
662998d9d7
Update to CKBI 2.52 from NSS 3.72
...
Adding:
# Certificate "TunTrust Root CA"
# Certificate "HARICA TLS RSA Root CA 2021"
# Certificate "HARICA TLS ECC Root CA 2021"
# Certificate "HARICA Client RSA Root CA 2021"
# Certificate "HARICA Client ECC Root CA 2021"
2021-12-13 09:07:38 -08:00
Bob Relyea
1c8b67fb5a
Resolves: rhbz#1053883 rhbz#1396811
...
Add debian compatible certificate trust hash directory and links for less aware packages.
2021-12-06 15:49:38 -08:00
Bob Relyea
40ecfc5f64
remove blacklist directory now that pk11-kit is using blocklist
2021-11-01 16:45:20 -07:00
Fedora Release Engineering
dff1c3cf33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 19:02:20 +00:00
Fedora Release Engineering
ea71242686
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 14:05:01 +00:00
Bob Relyea
6d222498e8
Update to CKBI 2.50 from NSS 3.67
...
Removing:
# Certificate "Trustis FPS Root CA"
# Certificate "GlobalSign Code Signing Root R45"
# Certificate "GlobalSign Code Signing Root E45"
# Certificate "Halcom Root Certificate Authority"
# Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
# Certificate "GLOBALTRUST"
# Certificate "MULTICERT Root Certification Authority 01"
# Certificate "Verizon Global Root CA"
# Certificate "Tunisian Root Certificate Authority - TunRootCA2"
# Certificate "CAEDICOM Root"
# Certificate "COMODO Certification Authority"
# Certificate "Security Communication ECC RootCA1"
# Certificate "Security Communication RootCA3"
# Certificate "AC RAIZ DNIE"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
# Certificate "VeriSign Universal Root Certification Authority"
# Certificate "GeoTrust Global CA"
# Certificate "GeoTrust Primary Certification Authority"
# Certificate "thawte Primary Root CA"
# Certificate "thawte Primary Root CA - G2"
# Certificate "thawte Primary Root CA - G3"
# Certificate "GeoTrust Primary Certification Authority - G3"
# Certificate "GeoTrust Primary Certification Authority - G2"
# Certificate "GeoTrust Universal CA"
# Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
# Certificate "GLOBALTRUST 2015"
# Certificate "emSign Root CA - G2"
# Certificate "emSign Root CA - C2"
Adding:
# Certificate "GLOBALTRUST 2020"
# Certificate "ANF Secure Server Root CA"
2021-06-16 13:32:35 -07:00
Bob Relyea
c4c1a32e95
Add code to pull in object signing certs from Common CA Database (ccadb.org).
...
Fix the updated merge scripts to handle this.
Prune Expired certificates from certdata.txt and the object signing cert list
Update to CKBI 2.48 from NSS 3.64
Removing:
# Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
# Certificate "GeoTrust Universal CA 2"
# Certificate "QuoVadis Root CA"
# Certificate "Sonera Class 2 Root CA"
# Certificate "Taiwan GRCA"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
# Certificate "EE Certification Centre Root CA"
# Certificate "LuxTrust Global Root 2"
# Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
# Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
Adding:
# Certificate "Microsoft ECC Root Certificate Authority 2017"
# Certificate "Microsoft RSA Root Certificate Authority 2017"
# Certificate "e-Szigno Root CA 2017"
# Certificate "certSIGN Root CA G2"
# Certificate "Trustwave Global Certification Authority"
# Certificate "Trustwave Global ECC P256 Certification Authority"
# Certificate "Trustwave Global ECC P384 Certification Authority"
# Certificate "NAVER Global Root Certification Authority"
# Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
# Certificate "GlobalSign Secure Mail Root R45"
# Certificate "GlobalSign Secure Mail Root E45"
# Certificate "GlobalSign Root R46"
# Certificate "GlobalSign Root E46"
# Certificate "Certum EC-384 CA"
# Certificate "Certum Trusted Root CA"
# Certificate "GlobalSign Code Signing Root R45"
# Certificate "GlobalSign Code Signing Root E45"
# Certificate "Halcom Root Certificate Authority"
# Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
# Certificate "GLOBALTRUST"
# Certificate "MULTICERT Root Certification Authority 01"
# Certificate "Verizon Global Root CA"
# Certificate "Tunisian Root Certificate Authority - TunRootCA2"
# Certificate "CAEDICOM Root"
# Certificate "COMODO Certification Authority"
# Certificate "Security Communication ECC RootCA1"
# Certificate "Security Communication RootCA3"
# Certificate "AC RAIZ DNIE"
# Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
# Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
# Certificate "GLOBALTRUST 2015"
# Certificate "emSign Root CA - G2"
# Certificate "emSign Root CA - C2"
2021-05-25 16:48:57 -07:00
Bob Relyea
6d164aedd7
Update tools to pick up code signing certs from the Common CA Database:
...
https://www.ccadb.org/resources
Our normal root certs come from mozilla, but mozilla does not evaluate
code signing. Currently code signing is only used my Microsoft .net, so
we need to get code signing certs from Microsoft's code signing list.
The certs in this list will only show up in the code signing lists
or in the general list with only code signing set.
2021-05-24 10:49:58 -07:00
Bob Relyea
17e75b4e10
change master to rawhide in fetch.sh to match fedora's new tree arragement.
2021-03-26 15:45:22 -07:00
Fedora Release Engineering
0fa62ae95f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 01:32:44 +00:00
Bob Relyea
05fc0ccfd2
remove unnecessarily divisive terms, take 1.
...
in ca-certificates there are 3 cases:
1) master refering to the fedora master branch in the fetch.sh script.
This can only be changed once fedora changes the master branch name.
2) a reference to the 'master bundle' in this file: this has been changed
to 'primary bundle'.
3) a couple of blacklist directories owned by this package, but used to
p11-kit. New 'blocklist' directories have been created, but p11-kit
needs to be updated before the old blacklist directories can be removed
and the man pages corrected.
2021-01-12 13:50:47 -08:00
Christian Heimes
9bd23da27f
Add cross-distro compatibility symlinks
...
The directory /etc/ssl now contains symlinks to cert.pem bundle,
openssl.cnf, and ct_log_list.cnf to provide better cross-distribution
compatibility.
Resolves: rhbz#1895619
2020-11-10 10:59:19 +01:00
Fedora Release Engineering
5221e001cb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:33:08 +00:00
Adam Williamson
5f1176f65b
Fix up broken %post and %postinstall scriptlet changes from -2
2020-06-16 12:49:50 -07:00
Adam Williamson
a430e4124c
Simplify the %post and %postinstall script stuff, it was broken
...
This approach had multiple problems. The most obvious is a typo -
it had `%-bindir` instead of `%_bindir`. But you also cannot mix
a %define into a %post script as was being done here, that just
doesn't work, you can't track state between scriptlets like that.
And the `%if` in %posttrans would be resolved at package build
time, not at %posttrans run time. (I think the syntax was wrong
anyway). This whole approach was irredeemably broken.
To get things back to a working state quickly, let's just do it
in a simple-but-dumb way: always run the scripts in %posttrans,
run them in %post if `ln` is available (with the typo fixed).
This means we'll often run them twice, but I don't think that
actually hurts anything. We can refine from here if desired.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-06-16 12:43:54 -07:00
Bob Relyea
34155d6cbe
Fix unclosed if
2020-06-10 12:50:35 -07:00
Bob Relyea
9a68b05c60
Update to CKBI 2.41 from NSS 3.53.0
...
Removing:
# Certificate "AddTrust Low-Value Services Root"
# Certificate "AddTrust External Root"
# Certificate "Staat der Nederlanden Root CA - G2"
-Updates several certificates with CKA_SERVER_DISTRUST_AFTER with a data
-Fix circular dependency issue by moving ca-legacy and upcate-ca-trust to
%posttrans
2020-06-10 12:45:49 -07:00
Daiki Ueno
00da4d0e2a
Update versioned dependency on p11-kit
2020-01-28 08:49:10 +01:00
Daiki Ueno
eaf3ef8b6b
Update to CKBI 2.40 from NSS 3.48
2020-01-22 10:56:12 +01:00
Daiki Ueno
6aec97d9bd
certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER
...
This allows to follow upcoming changes in certdata.txt:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2019-12-04 10:53:31 +01:00
Fedora Release Engineering
8702798203
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 19:46:15 +00:00
Bob Relyea
605570b71e
Resolves: rhbz#1722213
...
- Update to CKBI 2.32 from NSS 3.44
Removing:
# Certificate "Visa eCommerce Root"
# Certificate "AC Raiz Certicamara S.A."
# Certificate "Certplus Root CA G1"
# Certificate "Certplus Root CA G2"
# Certificate "OpenTrust Root CA G1"
# Certificate "OpenTrust Root CA G2"
# Certificate "OpenTrust Root CA G3"
Adding:
# Certificate "GTS Root R1"
# Certificate "GTS Root R2"
# Certificate "GTS Root R3"
# Certificate "GTS Root R4"
# Certificate "UCA Global G2 Root"
# Certificate "UCA Extended Validation Root"
# Certificate "Certigna Root CA"
# Certificate "emSign Root CA - G1"
# Certificate "emSign ECC Root CA - G3"
# Certificate "emSign Root CA - C1"
# Certificate "emSign ECC Root CA - C3"
# Certificate "Hongkong Post Root CA 3"
2019-06-19 10:17:16 -07:00
Fedora Release Engineering
4f5bce3dc2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:07:07 +00:00
Igor Gnatenko
6947c0bb5e
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:57 +01:00
Robert Relyea
f4842fa2d8
Fix stray commit character that turned a comment into an invalid rpm directive
2018-09-24 17:53:39 -07:00
Robert Relyea
439a513c7a
Update ca-certficates to 2.26 from NSS 3.39
2018-09-24 17:18:53 -07:00
Fedora Release Engineering
46d2f25804
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:28:32 +00:00
Paul Wouters
31ba2e4690
packaging: remove obsolete defattr line
2018-07-03 15:36:24 -04:00
Kai Engert
1a2c011ba4
Ported scripts to python3
2018-06-28 22:36:01 +02:00
Kai Engert
34c0da9058
edk2 requires p11-kit >= 0.23.10
2018-06-11 16:08:26 +02:00