ca-certificates

Author	SHA1	Message	Date
Frantisek Krenzelok	9bf988861b	update-ca-trust: make a copy of directory-hash symlinks in ../tls/certs Resolves: RHEL-50293 - update-ca-trust: copy directory-hash symlinks to /etc/pki/tls/certs - Remove /etc/pki/tls/cert.pem symlink so that it isn't loaded by default	2024-09-03 12:59:30 +02:00
Frantisek Krenzelok	59744b459d	update-ca-trust: return errors on a unsupported argument Resolves: RHEL-50293 update-ca-trust: return error on a unsupported argument	2024-08-29 11:15:00 +02:00
Frantisek Krenzelok	3941eed963	Track the directory-hash files Related: RHEL-50293 - Temporarily generate the directory-hash files in %%install ...(next item) - Add list of ghost files from directory-hash to %%files	2024-08-28 16:10:05 +02:00
Daiki Ueno	c875a80bab	Populate directory-hash at %install Related: RHEL-50293 This generates the contents of /etc/pki/ca-trust/extracted/pem/directory-hash at %install, only taking into account of the generated bundle, not the one already present on the build system. This is done by creating a temporary module configuration file for p11-kit-trust.so. Signed-off-by: Daiki Ueno <dueno@redhat.com>	2024-08-28 16:09:54 +02:00
Frantisek Krenzelok	1736dc56a7	Own the Directory-hash directory Resolves: RHEL-50293	2024-08-27 18:24:42 +02:00
Frantisek Krenzelok	be4d5cdeb0	Reduce dependency on p11-kit to only the trust subpackage Related: RHEL-50293 Fedora MR: https://src.fedoraproject.org/rpms/ca-certificates/pull-request/9#	2024-08-27 18:15:10 +02:00
Frantisek Krenzelok	65124caff8	Update gating.yaml - remove baseos-ci.* tests	2024-08-22 09:57:06 +02:00
Frantisek Krenzelok	05d8ffffc1	Add gating.yaml Resolves: RHEL-49453	2024-07-19 09:53:27 +02:00
Frantisek Krenzelok	144ae96a04	Remove blacklist use blocklists only Resolves: RHEL-49453	2024-07-18 10:09:30 +02:00
Frantisek Krenzelok	b877c1467d	Update to CKBI 2.69_v8.0.302 from NSS 3.101 Resolves: RHEL-46002	2024-07-11 09:35:04 +02:00
Frantisek Krenzelok	4050611f40	Update to CKBI 2.68_v8.0.302 from NSS 3.101 Resolves: RHEL-46002 Removing: # Certificate "Verisign Class 1 Public Primary Certification Authority - G3" # Certificate "Verisign Class 2 Public Primary Certification Authority - G3" # Certificate "Security Communication Root CA" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Symantec Class 1 Public Primary Certification Authority - G6" # Certificate "Symantec Class 2 Public Primary Certification Authority - G6" # Certificate "TrustCor RootCert CA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor ECA-1" Adding: # Certificate "TrustAsia Global Root CA G3" # Certificate "TrustAsia Global Root CA G4" # Certificate "CommScope Public Trust ECC Root-01" # Certificate "CommScope Public Trust ECC Root-02" # Certificate "CommScope Public Trust RSA Root-01" # Certificate "CommScope Public Trust RSA Root-02" # Certificate "D-Trust SBR Root CA 1 2022" # Certificate "D-Trust SBR Root CA 2 2022" # Certificate "Telekom Security SMIME ECC Root 2021" # Certificate "Telekom Security TLS ECC Root 2020" # Certificate "Telekom Security SMIME RSA Root 2023" # Certificate "Telekom Security TLS RSA Root 2023" # Certificate "FIRMAPROFESIONAL CA ROOT-A WEB" # Certificate "SECOM Trust.net" # Certificate "VeriSign Class 2 Public Primary Certification Authority - G3" # Certificate "SSL.com Code Signing RSA Root CA 2022" # Certificate "SSL.com Code Signing ECC Root CA 2022"	2024-07-03 15:47:53 +02:00
Troy Dawson	7667efa999	Bump release for June 2024 mass rebuild	2024-06-24 08:37:47 -07:00
Fedora Release Engineering	ad028945f2	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-23 01:04:43 +00:00
Fedora Release Engineering	302dbabf4e	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 14:55:25 +00:00
Robert Relyea	44da037acb	update-ca-trust: Fix bug in update-ca-trust so we don't depened on util-unix rhbz#2242727	2023-10-09 17:23:28 -07:00
Adam Williamson	f04a9cf58d	Skip %post if getopt is missing	2023-10-07 08:59:46 -07:00
Robert Relyea	65515a4fba	fix version pasting	2023-10-04 14:37:44 -07:00
Robert Relyea	fe9aee3d97	- Update fetch to handle merging microsoft code signing certs. - Update fetchobjsign.sh and merge2certdata.py to their ca-certificate-scripts equivalent. - Update to CKBI 2.62-v7.0.401 from NSS 3.93 Removing: # Certificate "Camerfirma Chambers of Commerce Root" # Certificate "Hongkong Post Root CA 1" # Certificate "FNMT-RCM" Adding: # Certificate "LAWtrust Root CA2 (4096)" # Certificate "Sectigo Public Email Protection Root E46" # Certificate "Sectigo Public Email Protection Root R46" # Certificate "Sectigo Public Server Authentication Root E46" # Certificate "Sectigo Public Server Authentication Root R46" # Certificate "SSL.com TLS RSA Root CA 2022" # Certificate "SSL.com TLS ECC Root CA 2022" # Certificate "SSL.com Client ECC Root CA 2022" # Certificate "SSL.com Client RSA Root CA 2022" # Certificate "Atos TrustedRoot Root CA ECC G2 2020" # Certificate "Atos TrustedRoot Root CA RSA G2 2020" # Certificate "Atos TrustedRoot Root CA ECC TLS 2021" # Certificate "Atos TrustedRoot Root CA RSA TLS 2021" # Certificate "Chambers of Commerce Root"	2023-10-04 14:31:59 -07:00
Clemens Lang	e004a0c69f	update-ca-trust: Support --output and non-root operation Add the --output option to update-ca-trust so that trust stores can be written to a different output directory. This is useful to prepare trust store directories that can be used in containers. Additionally, fix running update-ca-trust as non-root user (specifically, without CAP_DAC_OVERRIDE) which was previously required to create two symbolic links. Quote all uses of $DEST since a user-specified path could contain spaces. Resolves: rhbz#2241240	2023-10-02 11:54:29 +02:00
Robert Relyea	ebc3273b93	update License: field to SPDX	2023-09-11 09:44:36 -07:00
Robert Relyea	19f1fee1e6	Update to CKBI 2.60_v7.0.306 from NSS 3.91 Removing: # Certificate "OpenTrust Root CA G1" # Certificate "Swedish Government Root Authority v1" # Certificate "DigiNotar Root CA G2" # Certificate "Federal Common Policy CA" # Certificate "TC TrustCenter Universal CA III" # Certificate "CCA India 2007" # Certificate "ipsCA Global CA Root" # Certificate "ipsCA Main CA Root" # Certificate "Macao Post eSignTrust Root Certification Authority" # Certificate "InfoNotary CSP Root" # Certificate "DigiNotar Root CA" # Certificate "Root CA" # Certificate "GPKIRootCA" # Certificate "D-TRUST Qualified Root CA 1 2007:PN" # Certificate "TC TrustCenter Universal CA I" # Certificate "TC TrustCenter Universal CA II" # Certificate "TC TrustCenter Class 2 CA II" # Certificate "TC TrustCenter Class 4 CA II" # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "CertRSA01" # Certificate "KISA RootCA 3" # Certificate "A-CERT ADVANCED" # Certificate "A-Trust-Qual-01" # Certificate "A-Trust-nQual-01" # Certificate "Serasa Certificate Authority II" # Certificate "TDC Internet" # Certificate "America Online Root Certification Authority 2" # Certificate "RSA Security Inc" # Certificate "Public Notary Root" # Certificate "Autoridade Certificadora Raiz Brasileira" # Certificate "Post.Trust Root CA" # Certificate "Entrust.net Secure Server Certification Authority" # Certificate "ePKI EV SSL Certification Authority - G1" Adding: # Certificate "BJCA Global Root CA1" # Certificate "BJCA Global Root CA2" # Certificate "Symantec Enterprise Mobile Root for Microsoft" # Certificate "A-Trust-Root-05" # Certificate "ADOCA02" # Certificate "StartCom Certification Authority G2" # Certificate "ATHEX Root CA" # Certificate "EBG Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "GeoTrust Primary Certification Authority" # Certificate "thawte Primary Root CA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Certificate "America Online Root Certification Authority 1" # Certificate "Juur-SK" # Certificate "ComSign CA" # Certificate "ComSign Secured CA" # Certificate "ComSign Advanced Security CA" # Certificate "Sonera Class2 CA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "VeriSign, Inc." # Certificate "GTE CyberTrust Global Root" # Certificate "Equifax Secure Global eBusiness CA-1" # Certificate "Equifax" # Certificate "Class 1 Primary CA" # Certificate "Swiss Government Root CA III" # Certificate "Application CA G4 Root" # Certificate "SSC GDL CA Root A" # Certificate "GlobalSign Code Signing Root E45" # Certificate "GlobalSign Code Signing Root R45" # Certificate "Entrust Code Signing Root Certification Authority - CSBR1"	2023-08-01 10:11:53 -07:00
Robert Relyea	0ea28921fe	Bump version and rebuild for f39 mass rebuild	2023-07-25 15:04:05 -07:00
Yaakov Selkowitz	5a328d3079	Adapt to asciidoc 10 changes asciidoc 10 includes a number of packaging changes, including the removal of asciidoc.py aliases and the relocation of resources. Instead of trying to manage the latter in a compatible way, use xmlto instead for the xml-to-man conversion.	2023-06-26 17:07:05 -04:00
Frantisek Krenzelok	baa0ace302	Update to CKBI 2.60 from NSS 3.86 Removing: # Certificate "Camerfirma Global Chambersign Root" # Certificate "Staat der Nederlanden EV Root CA" Adding: # Certificate "DigiCert TLS ECC P384 Root G5" # Certificate "DigiCert TLS RSA4096 Root G5" # Certificate "DigiCert SMIME ECC P384 Root G5" # Certificate "DigiCert SMIME RSA4096 Root G5" # Certificate "Certainly Root R1" # Certificate "Certainly Root E1" # Certificate "E-Tugra Global Root CA RSA v3" # Certificate "E-Tugra Global Root CA ECC v3" # Certificate "DIGITALSIGN GLOBAL ROOT RSA CA" # Certificate "DIGITALSIGN GLOBAL ROOT ECDSA CA" # Certificate "Global Chambersign Root"	2023-01-20 20:06:00 +01:00
Fedora Release Engineering	65fd29ac02	Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2023-01-18 23:22:38 +00:00
Bob Relyea	3e24439003	Update to CKBI 2.54 from NSS 3.79 Removing: # Certificate "TrustCor ECA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor RootCert CA-1" # Certificate "Network Solutions Certificate Authority" # Certificate "COMODO Certification Authority" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "Microsec e-Szigno Root CA 2009" # Certificate "TWCA Root Certification Authority" # Certificate "Izenpe.com" # Certificate "state-institutions" # Certificate "GlobalSign" # Certificate "Common Policy" # Certificate "A-Trust-nQual-03" # Certificate "A-Trust-Qual-02" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Government Root Certification Authority" # Certificate "AC Raíz Certicámara S.A."	2022-07-28 12:10:46 -07:00
Bob Relyea	d4451d31cd	Update to CKBI 2.54 from NSS 3.79	2022-07-27 16:05:04 -07:00
Fedora Release Engineering	082ca8530e	Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-07-20 22:27:16 +00:00
Bob Relyea	f6b8f45e83	Update to CKBI 2.54 from NSS 3.79 Removing: # Certificate "GlobalSign Root CA - R2" # Certificate "DST Root CA X3" # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2" Adding: # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "vTrus ECC Root CA" # Certificate "vTrus Root CA" # Certificate "ISRG Root X2" # Certificate "HiPKI Root CA - G1" # Certificate "Telia Root CA v2" # Certificate "D-TRUST BR Root CA 1 2020" # Certificate "D-TRUST EV Root CA 1 2020" # Certificate "CAEDICOM Root" # Certificate "I.CA Root CA/RSA" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Certification Authority of WoSign G2" # Certificate "CA WoSign ECC Root" # Certificate "CCA India 2015 SPL" # Certificate "Swedish Government Root Authority v3" # Certificate "Swedish Government Root Authority v2" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "OpenTrust Root CA G1" # Certificate "OpenTrust Root CA G2" # Certificate "OpenTrust Root CA G3" # Certificate "Certplus Root CA G1" # Certificate "Certplus Root CA G2" # Certificate "Government Root Certification Authority" # Certificate "A-Trust-Qual-02" # Certificate "Thailand National Root Certification Authority - G1" # Certificate "TrustCor ECA-1" # Certificate "TrustCor RootCert CA-2" # Certificate "TrustCor RootCert CA-1" # Certificate "Certification Authority of WoSign" # Certificate "CA 沃通根证书" # Certificate "SSC GDL CA Root B" # Certificate "SAPO Class 2 Root CA" # Certificate "SAPO Class 3 Root CA" # Certificate "SAPO Class 4 Root CA" # Certificate "CA Disig Root R1" # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay" # Certificate "ApplicationCA2 Root" # Certificate "GlobalSign" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "Symantec Class 3 Public Primary Certification Authority - G4" # Certificate "Halcom Root CA" # Certificate "Swisscom Root EV CA 2" # Certificate "CFCA GT CA" # Certificate "Digidentity L3 Root CA - G2" # Certificate "SITHS Root CA v1" # Certificate "Macao Post eSignTrust Root Certification Authority (G02)" # Certificate "Autoridade Certificadora Raiz Brasileira v2" # Certificate "Swisscom Root CA 2" # Certificate "IGC/A AC racine Etat francais" # Certificate "PersonalID Trustworthy RootCA 2011" # Certificate "Swedish Government Root Authority v1" # Certificate "Swiss Government Root CA II" # Certificate "Swiss Government Root CA I" # Certificate "Network Solutions Certificate Authority" # Certificate "COMODO Certification Authority" # Certificate "LuxTrust Global Root" # Certificate "AC1 RAIZ MTIN" # Certificate "Microsoft Root Certificate Authority 2011" # Certificate "CCA India 2011" # Certificate "ANCERT Certificados Notariales V2" # Certificate "ANCERT Certificados CGN V2" # Certificate "EE Certification Centre Root CA" # Certificate "DigiNotar Root CA G2" # Certificate "Federal Common Policy CA" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano" # Certificate "China Internet Network Information Center EV Certificates Root" # Certificate "Verizon Global Root CA" # Certificate "SwissSign Silver Root CA - G3" # Certificate "SwissSign Platinum Root CA - G3" # Certificate "SwissSign Gold Root CA - G3" # Certificate "Microsec e-Szigno Root CA 2009" # Certificate "SITHS CA v3" # Certificate "Certinomis - Autorité Racine" # Certificate "ANF Server CA" # Certificate "Thawte Premium Server CA" # Certificate "Thawte Server CA" # Certificate "TC TrustCenter Universal CA III" # Certificate "KEYNECTIS ROOT CA" # Certificate "I.CA - Standard Certification Authority, 09/2009" # Certificate "I.CA - Qualified Certification Authority, 09/2009" # Certificate "VI Registru Centras RCSC (RootCA)" # Certificate "CCA India 2007" # Certificate "Autoridade Certificadora Raiz Brasileira v1" # Certificate "ipsCA Global CA Root" # Certificate "ipsCA Main CA Root" # Certificate "Actalis Authentication CA G1" # Certificate "A-Trust-Qual-03" # Certificate "AddTrust External CA Root" # Certificate "ECRaizEstado" # Certificate "Configuration" # Certificate "FNMT-RCM" # Certificate "StartCom Certification Authority" # Certificate "TWCA Root Certification Authority" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "thawte Primary Root CA - G2" # Certificate "GeoTrust Primary Certification Authority - G2" # Certificate "VeriSign Universal Root Certification Authority" # Certificate "thawte Primary Root CA - G3" # Certificate "GeoTrust Primary Certification Authority - G3" # Certificate "E-ME SSI (RCA)" # Certificate "ACEDICOM Root" # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia" # Certificate "Correo Uruguayo - Root CA" # Certificate "CNNIC ROOT" # Certificate "Common Policy" # Certificate "Macao Post eSignTrust Root Certification Authority" # Certificate "Staat der Nederlanden Root CA - G2" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "AC Raíz Certicámara S.A." # Certificate "Cisco Root CA 2048" # Certificate "CA Disig" # Certificate "InfoNotary CSP Root" # Certificate "UCA Global Root" # Certificate "UCA Root" # Certificate "DigiNotar Root CA" # Certificate "Starfield Services Root Certificate Authority" # Certificate "I.CA - Qualified root certificate" # Certificate "I.CA - Standard root certificate" # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi" # Certificate "Japanese Government" # Certificate "AdminCA-CD-T01" # Certificate "Admin-Root-CA" # Certificate "Izenpe.com" # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3" # Certificate "Halcom CA FO" # Certificate "Halcom CA PO 2" # Certificate "Root CA" # Certificate "GPKIRootCA" # Certificate "ACNLB" # Certificate "state-institutions" # Certificate "state-institutions" # Certificate "SECOM Trust Systems CO.,LTD." # Certificate "D-TRUST Qualified Root CA 1 2007:PN" # Certificate "D-TRUST Root Class 2 CA 2007" # Certificate "D-TRUST Root Class 3 CA 2007" # Certificate "SSC Root CA A" # Certificate "SSC Root CA B" # Certificate "SSC Root CA C" # Certificate "Autoridad de Certificacion de la Abogacia" # Certificate "Root CA Generalitat Valenciana" # Certificate "VAS Latvijas Pasts SSI(RCA)" # Certificate "ANCERT Certificados CGN" # Certificate "ANCERT Certificados Notariales" # Certificate "ANCERT Corporaciones de Derecho Publico" # Certificate "GLOBALTRUST" # Certificate "Certipost E-Trust TOP Root CA" # Certificate "Certipost E-Trust Primary Qualified CA" # Certificate "Certipost E-Trust Primary Normalised CA" # Certificate "GlobalSign" # Certificate "IGC/A" # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN" # Certificate "TC TrustCenter Universal CA I" # Certificate "TC TrustCenter Universal CA II" # Certificate "TC TrustCenter Class 2 CA II" # Certificate "TC TrustCenter Class 4 CA II" # Certificate "Swisscom Root CA 1" # Certificate "Microsec e-Szigno Root CA" # Certificate "LGPKI" # Certificate "AC RAIZ DNIE" # Certificate "Common Policy" # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı" # Certificate "A-Trust-nQual-03" # Certificate "A-Trust-nQual-03" # Certificate "CertRSA01" # Certificate "KISA RootCA 1" # Certificate "KISA RootCA 3" # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado" # Certificate "A-CERT ADVANCED" # Certificate "A-Trust-Qual-01" # Certificate "A-Trust-nQual-01" # Certificate "A-Trust-Qual-02" # Certificate "Staat der Nederlanden Root CA" # Certificate "Serasa Certificate Authority II" # Certificate "TDC Internet" # Certificate "America Online Root Certification Authority 2" # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" # Certificate "Government Root Certification Authority" # Certificate "RSA Security Inc" # Certificate "Public Notary Root" # Certificate "GeoTrust Global CA" # Certificate "GeoTrust Global CA 2" # Certificate "GeoTrust Universal CA" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root Certification Authority" # Certificate "Autoridade Certificadora Raiz Brasileira" # Certificate "Post.Trust Root CA" # Certificate "Microsoft Root Authority" # Certificate "Microsoft Root Certificate Authority" # Certificate "Microsoft Root Certificate Authority 2010" # Certificate "Entrust.net Secure Server Certification Authority" # Certificate "UTN-USERFirst-Object" # Certificate "BYTE Root Certification Authority 001" # Certificate "CISRCA1" # Certificate "ePKI Root Certification Authority - G2" # Certificate "ePKI EV SSL Certification Authority - G1" # Certificate "AC Raíz Certicámara S.A." # Certificate "SSL.com EV Root Certification Authority RSA" # Certificate "LuxTrust Global Root 2" # Certificate "ACA ROOT" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "CHAMBERS OF COMMERCE ROOT - 2016" # Certificate "Network Solutions RSA Certificate Authority" # Certificate "Network Solutions ECC Certificate Authority" # Certificate "Australian Defence Public Root CA" # Certificate "SI-TRUST Root" # Certificate "Halcom Root Certificate Authority" # Certificate "Application CA G3 Root" # Certificate "GLOBALTRUST 2015" # Certificate "Microsoft ECC Product Root Certificate Authority 2018" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2" # Certificate "Microsoft ECC TS Root Certificate Authority 2018" # Certificate "DigiCert CS ECC P384 Root G5" # Certificate "DigiCert CS RSA4096 Root G5" # Certificate "DigiCert RSA4096 Root G5" # Certificate "DigiCert ECC P384 Root G5" # Certificate "HARICA Code Signing RSA Root CA 2021" # Certificate "HARICA Code Signing ECC Root CA 2021" # Certificate "Microsoft Identity Verification Root Certificate Authority 2020"	2022-07-15 10:08:43 -07:00
Fedora Release Engineering	421e34b661	- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2022-01-19 22:46:28 +00:00
Bob Relyea	662998d9d7	Update to CKBI 2.52 from NSS 3.72 Adding: # Certificate "TunTrust Root CA" # Certificate "HARICA TLS RSA Root CA 2021" # Certificate "HARICA TLS ECC Root CA 2021" # Certificate "HARICA Client RSA Root CA 2021" # Certificate "HARICA Client ECC Root CA 2021"	2021-12-13 09:07:38 -08:00
Bob Relyea	1c8b67fb5a	Resolves: rhbz#1053883 rhbz#1396811 Add debian compatible certificate trust hash directory and links for less aware packages.	2021-12-06 15:49:38 -08:00
Bob Relyea	40ecfc5f64	remove blacklist directory now that pk11-kit is using blocklist	2021-11-01 16:45:20 -07:00
Fedora Release Engineering	dff1c3cf33	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 19:02:20 +00:00
Fedora Release Engineering	ea71242686	- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-07-21 14:05:01 +00:00
Bob Relyea	6d222498e8	Update to CKBI 2.50 from NSS 3.67 Removing: # Certificate "Trustis FPS Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5" # Certificate "VeriSign Universal Root Certification Authority" # Certificate "GeoTrust Global CA" # Certificate "GeoTrust Primary Certification Authority" # Certificate "thawte Primary Root CA" # Certificate "thawte Primary Root CA - G2" # Certificate "thawte Primary Root CA - G3" # Certificate "GeoTrust Primary Certification Authority - G3" # Certificate "GeoTrust Primary Certification Authority - G2" # Certificate "GeoTrust Universal CA" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2" Adding: # Certificate "GLOBALTRUST 2020" # Certificate "ANF Secure Server Root CA"	2021-06-16 13:32:35 -07:00
Bob Relyea	c4c1a32e95	Add code to pull in object signing certs from Common CA Database (ccadb.org). Fix the updated merge scripts to handle this. Prune Expired certificates from certdata.txt and the object signing cert list Update to CKBI 2.48 from NSS 3.64 Removing: # Certificate "Verisign Class 3 Public Primary Certification Authority - G3" # Certificate "GeoTrust Universal CA 2" # Certificate "QuoVadis Root CA" # Certificate "Sonera Class 2 Root CA" # Certificate "Taiwan GRCA" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4" # Certificate "EE Certification Centre Root CA" # Certificate "LuxTrust Global Root 2" # Certificate "Symantec Class 1 Public Primary Certification Authority - G4" # Certificate "Symantec Class 2 Public Primary Certification Authority - G4" Adding: # Certificate "Microsoft ECC Root Certificate Authority 2017" # Certificate "Microsoft RSA Root Certificate Authority 2017" # Certificate "e-Szigno Root CA 2017" # Certificate "certSIGN Root CA G2" # Certificate "Trustwave Global Certification Authority" # Certificate "Trustwave Global ECC P256 Certification Authority" # Certificate "Trustwave Global ECC P384 Certification Authority" # Certificate "NAVER Global Root Certification Authority" # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" # Certificate "GlobalSign Secure Mail Root R45" # Certificate "GlobalSign Secure Mail Root E45" # Certificate "GlobalSign Root R46" # Certificate "GlobalSign Root E46" # Certificate "Certum EC-384 CA" # Certificate "Certum Trusted Root CA" # Certificate "GlobalSign Code Signing Root R45" # Certificate "GlobalSign Code Signing Root E45" # Certificate "Halcom Root Certificate Authority" # Certificate "Symantec Class 3 Public Primary Certification Authority - G6" # Certificate "GLOBALTRUST" # Certificate "MULTICERT Root Certification Authority 01" # Certificate "Verizon Global Root CA" # Certificate "Tunisian Root Certificate Authority - TunRootCA2" # Certificate "CAEDICOM Root" # Certificate "COMODO Certification Authority" # Certificate "Security Communication ECC RootCA1" # Certificate "Security Communication RootCA3" # Certificate "AC RAIZ DNIE" # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3" # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány" # Certificate "GLOBALTRUST 2015" # Certificate "emSign Root CA - G2" # Certificate "emSign Root CA - C2"	2021-05-25 16:48:57 -07:00
Bob Relyea	6d164aedd7	Update tools to pick up code signing certs from the Common CA Database: https://www.ccadb.org/resources Our normal root certs come from mozilla, but mozilla does not evaluate code signing. Currently code signing is only used my Microsoft .net, so we need to get code signing certs from Microsoft's code signing list. The certs in this list will only show up in the code signing lists or in the general list with only code signing set.	2021-05-24 10:49:58 -07:00
Bob Relyea	17e75b4e10	change master to rawhide in fetch.sh to match fedora's new tree arragement.	2021-03-26 15:45:22 -07:00
Fedora Release Engineering	0fa62ae95f	- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2021-01-26 01:32:44 +00:00
Bob Relyea	05fc0ccfd2	remove unnecessarily divisive terms, take 1. in ca-certificates there are 3 cases: 1) master refering to the fedora master branch in the fetch.sh script. This can only be changed once fedora changes the master branch name. 2) a reference to the 'master bundle' in this file: this has been changed to 'primary bundle'. 3) a couple of blacklist directories owned by this package, but used to p11-kit. New 'blocklist' directories have been created, but p11-kit needs to be updated before the old blacklist directories can be removed and the man pages corrected.	2021-01-12 13:50:47 -08:00
Christian Heimes	9bd23da27f	Add cross-distro compatibility symlinks The directory /etc/ssl now contains symlinks to cert.pem bundle, openssl.cnf, and ct_log_list.cnf to provide better cross-distribution compatibility. Resolves: rhbz#1895619	2020-11-10 10:59:19 +01:00
Fedora Release Engineering	5221e001cb	- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2020-07-27 13:33:08 +00:00
Adam Williamson	5f1176f65b	Fix up broken %post and %postinstall scriptlet changes from -2	2020-06-16 12:49:50 -07:00
Adam Williamson	a430e4124c	Simplify the %post and %postinstall script stuff, it was broken This approach had multiple problems. The most obvious is a typo - it had `%-bindir` instead of `%_bindir`. But you also cannot mix a %define into a %post script as was being done here, that just doesn't work, you can't track state between scriptlets like that. And the `%if` in %posttrans would be resolved at package build time, not at %posttrans run time. (I think the syntax was wrong anyway). This whole approach was irredeemably broken. To get things back to a working state quickly, let's just do it in a simple-but-dumb way: always run the scripts in %posttrans, run them in %post if `ln` is available (with the typo fixed). This means we'll often run them twice, but I don't think that actually hurts anything. We can refine from here if desired. Signed-off-by: Adam Williamson <awilliam@redhat.com>	2020-06-16 12:43:54 -07:00
Bob Relyea	34155d6cbe	Fix unclosed if	2020-06-10 12:50:35 -07:00
Bob Relyea	9a68b05c60	Update to CKBI 2.41 from NSS 3.53.0 Removing: # Certificate "AddTrust Low-Value Services Root" # Certificate "AddTrust External Root" # Certificate "Staat der Nederlanden Root CA - G2" -Updates several certificates with CKA_SERVER_DISTRUST_AFTER with a data -Fix circular dependency issue by moving ca-legacy and upcate-ca-trust to %posttrans	2020-06-10 12:45:49 -07:00
Daiki Ueno	00da4d0e2a	Update versioned dependency on p11-kit	2020-01-28 08:49:10 +01:00
Daiki Ueno	eaf3ef8b6b	Update to CKBI 2.40 from NSS 3.48	2020-01-22 10:56:12 +01:00
Daiki Ueno	6aec97d9bd	certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER This allows to follow upcoming changes in certdata.txt: https://bugzilla.mozilla.org/show_bug.cgi?id=1465613 Signed-off-by: Daiki Ueno <dueno@redhat.com>	2019-12-04 10:53:31 +01:00

1 2 3 4

182 Commits