Add the --output option to update-ca-trust so that trust stores can be
written to a different output directory. This is useful to prepare trust
store directories that can be used in containers.
Additionally, fix running update-ca-trust as non-root user
(specifically, without CAP_DAC_OVERRIDE) which was previously required
to create two symbolic links.
Quote all uses of $DEST since a user-specified path could contain
spaces.
Resolves: rhbz#2241240
as a preparation to fix bugs in the interaction between p11-kit-trust and
Mozilla applications, such as Firefox, Thunderbird etc.
- Changed update-ca-trust to add comments to extracted PEM format files.
- Added an utility to help with comparing output of the trust dump command.
- Major rework for the Fedora SharedSystemCertificates feature.
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
- Require the p11-kit package that contains tools to automatically create
other file format bundles.
- Convert old file locations to symbolic links that point to dynamically
generated files.
- Old files, which might have been locally modified, will be saved in backup
files with .rpmsave extension.
- Added a update-ca-certificates script which can be used to regenerate
the merged trusted output.
- Refer to the various README files that have been added for more detailed
explanation of the new system.
- No longer require rsc for building.
- Add explanation for the future version numbering scheme,
because the old numbering scheme was based on upstream using cvs,
which is no longer true, and therefore can no longer be used.
- Includes changes from rhbz#873369.