Commit Graph

10 Commits

Author SHA1 Message Date
Frantisek Krenzelok
59744b459d update-ca-trust: return errors on a unsupported argument
Resolves: RHEL-50293

update-ca-trust: return error on a unsupported argument
2024-08-29 11:15:00 +02:00
Frantisek Krenzelok
be4d5cdeb0 Reduce dependency on p11-kit to only the trust subpackage
Related: RHEL-50293

Fedora MR: https://src.fedoraproject.org/rpms/ca-certificates/pull-request/9#
2024-08-27 18:15:10 +02:00
Robert Relyea
44da037acb update-ca-trust: Fix bug in update-ca-trust so we don't depened on util-unix
rhbz#2242727
2023-10-09 17:23:28 -07:00
Clemens Lang
e004a0c69f update-ca-trust: Support --output and non-root operation
Add the --output option to update-ca-trust so that trust stores can be
written to a different output directory. This is useful to prepare trust
store directories that can be used in containers.

Additionally, fix running update-ca-trust as non-root user
(specifically, without CAP_DAC_OVERRIDE) which was previously required
to create two symbolic links.

Quote all uses of $DEST since a user-specified path could contain
spaces.

Resolves: rhbz#2241240
2023-10-02 11:54:29 +02:00
Bob Relyea
1c8b67fb5a Resolves: rhbz#1053883 rhbz#1396811
Add debian compatible certificate trust hash directory and links for less aware packages.
2021-12-06 15:49:38 -08:00
Daiki Ueno
6220683f76 Extract certificate bundle in EDK2 format 2018-06-11 14:05:57 +02:00
Kai Engert
7a69d0d22f - Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172). 2017-08-15 15:39:45 +02:00
Kai Engert
f0b0be2c1f - Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
as a preparation to fix bugs in the interaction between p11-kit-trust and
  Mozilla applications, such as Firefox, Thunderbird etc.
- Changed update-ca-trust to add comments to extracted PEM format files.
- Added an utility to help with comparing output of the trust dump command.
2017-02-13 21:04:08 +01:00
Kai Engert
9ac574b7ef - added a manual page and related build requirements
- simplify the README files now that we have a manual page
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
2013-07-09 00:59:15 +02:00
Kai Engert
d538ada99c * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9
- Major rework for the Fedora SharedSystemCertificates feature.
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
- Require the p11-kit package that contains tools to automatically create
  other file format bundles.
- Convert old file locations to symbolic links that point to dynamically
  generated files.
- Old files, which might have been locally modified, will be saved in backup
  files with .rpmsave extension.
- Added a update-ca-certificates script which can be used to regenerate
  the merged trusted output.
- Refer to the various README files that have been added for more detailed
  explanation of the new system.
- No longer require rsc for building.
- Add explanation for the future version numbering scheme,
  because the old numbering scheme was based on upstream using cvs,
  which is no longer true, and therefore can no longer be used.
- Includes changes from rhbz#873369.
2013-03-09 00:09:26 +01:00