Commit Graph

156 Commits

Author SHA1 Message Date
Robert Relyea
f4842fa2d8 Fix stray commit character that turned a comment into an invalid rpm directive 2018-09-24 17:53:39 -07:00
Robert Relyea
439a513c7a Update ca-certficates to 2.26 from NSS 3.39 2018-09-24 17:18:53 -07:00
Fedora Release Engineering
46d2f25804 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:28:32 +00:00
Paul Wouters
31ba2e4690 packaging: remove obsolete defattr line 2018-07-03 15:36:24 -04:00
Kai Engert
1a2c011ba4 Ported scripts to python3 2018-06-28 22:36:01 +02:00
Kai Engert
34c0da9058 edk2 requires p11-kit >= 0.23.10 2018-06-11 16:08:26 +02:00
Daiki Ueno
6220683f76 Extract certificate bundle in EDK2 format 2018-06-11 14:05:57 +02:00
Kai Engert
398639612c Adjust ghost file permissions, rhbz#1564432 2018-06-04 15:19:58 +02:00
Kai Engert
342574ec95 Update to CKBI 2.24 from NSS 3.37 2018-05-18 13:05:43 +02:00
Iryna Shcherbina
77a1f2aa46 Update Python 2 dependency declarations to new packaging standards 2018-03-15 00:20:54 +01:00
Patrick Uiterwijk
09838f0deb Add dep on coreutils for ln(1) in %post
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-23 23:02:30 +01:00
Igor Gnatenko
44ff50bbce
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:53:59 +01:00
Kai Engert
a77bc273de Update to CKBI 2.22 from NSS 3.35 2018-02-06 14:42:09 +01:00
Kai Engert
756b8b4c69 Depend on bash, grep, sed. Required for ca-legacy script execution.
p11-kit is already required at %%post execution time. (rhbz#1537127)
2018-01-22 15:35:38 +01:00
Kai Engert
4d1e9c779d Use the force, script! (Which sln did by default). 2018-01-19 13:14:55 +01:00
Kai Engert
201f66b36b Stop using sln in ca-legacy script. 2018-01-19 13:07:06 +01:00
Kai Engert
078e3f0b9b Use ln -s, because sln was removed from glibc. rhbz#1536349 2018-01-19 12:57:53 +01:00
Kai Engert
e3a2f67722 Update to CKBI 2.20 from NSS 3.34.1 2017-11-27 21:37:37 +01:00
Kai Engert
6b317cb305 Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/ca-certificates 2017-08-15 15:41:33 +02:00
Kai Engert
7a69d0d22f - Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172). 2017-08-15 15:39:45 +02:00
Fedora Release Engineering
c735381906 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 04:24:01 +00:00
Kai Engert
7accaab619 Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing. 2017-07-19 11:40:38 +02:00
Petr Písař
a2a1b6c64d perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> 2017-07-12 14:05:20 +02:00
Kai Engert
6cea01c4b1 Update to CKBI 2.14 from NSS 3.30.2 2017-04-26 14:37:22 +02:00
Kai Engert
c1c275770a For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
Set attribute modifiable: false
Require p11-kit 0.23.4
2017-02-23 19:39:46 +01:00
Kai Engert
f0b0be2c1f - Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
as a preparation to fix bugs in the interaction between p11-kit-trust and
  Mozilla applications, such as Firefox, Thunderbird etc.
- Changed update-ca-trust to add comments to extracted PEM format files.
- Added an utility to help with comparing output of the trust dump command.
2017-02-13 21:04:08 +01:00
Fedora Release Engineering
b1bece42f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 07:11:28 +00:00
Kai Engert
1926916bb3 Update to CKBI 2.11 from NSS 3.28.1 2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b Update to CKBI 2.10 from NSS 3.27 2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3 Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change. 2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d Update to CKBI 2.9 from NSS 3.26 with legacy modifications 2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e Update to CKBI 2.8 from NSS 3.25 with legacy modifications 2016-07-15 13:44:08 +02:00
Kai Engert
8867a18ec0 Only create backup files if there is an original file (bug 999017). 2016-05-10 20:28:23 +02:00
Kai Engert
5300aa7f75 Use sln, not ln, to avoid the dependency on coreutils. 2016-05-10 18:48:44 +02:00
Kai Engert
de9cf5de04 Fix typos in a manual page and in a README file. 2016-04-25 18:58:31 +02:00
Kai Engert
53674928a5 Update to CKBI 2.7 from NSS 3.23 with legacy modifications 2016-03-16 18:25:23 +01:00
Dennis Gilmore
199d06cb4e - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-03 17:20:38 +00:00
Kai Engert
da979a1a44 Update to CKBI 2.6 from NSS 3.21 with legacy modifications 2015-11-23 17:51:07 +01:00
Kai Engert
87f92384d1 Update the spec file to version 2.5 2015-08-13 22:49:30 +02:00
Dennis Gilmore
298b40723b - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 02:13:52 +00:00
Kai Engert
b2076a019e Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications 2015-05-05 20:18:08 +02:00
Kai Engert
41111200ad Fixed a typo in the ca-legacy manual page. 2015-05-05 17:27:27 +02:00
Kai Engert
40d3667f3c rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy 2015-03-31 23:02:57 +02:00
Kai Engert
b18dd49764 Update to CKBI 2.3 from NSS 3.18 with legacy modifications 2015-03-20 22:12:01 +01:00
Kai Engert
b1d00ef388 Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases 2015-03-20 21:23:05 +01:00
Kai Engert
053dde8a2f - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications 2014-12-16 22:09:03 +01:00
Kai Engert
a1c2aece67 update project URL 2014-11-21 16:29:39 +01:00
Peter Lemenkov
0c19add667 Restore Requires: coreutils
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
2014-11-15 08:11:39 +03:00
Peter Lemenkov
d8e353c1d2 A proper fix for #1158343
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
2014-11-14 18:33:00 +03:00
Kai Engert
d7defefea7 add Requires: coreutils (rhbz#1158343) 2014-10-29 12:14:57 +01:00
Kai Engert
e24bfeb6b0 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
By default, legacy roots required for OpenSSL/GnuTLS compatibility
  are kept enabled. Using the ca-legacy utility, the legacy roots can be
  disabled. If disabled, the system will use the trust set as provided
  by the upstream Mozilla CA list. (See also: rhbz#1158197)
2014-10-28 20:54:15 +01:00
Kai Engert
f81c301d27 - Temporarily re-enable several legacy root CA certificates because of
compatibility issues with software based on OpenSSL/GnuTLS,
  see rhbz#1144808
2014-09-21 10:33:16 +02:00
Kai Engert
18eedda612 - Update to CKBI 2.1 from NSS 3.16.4
- Fix rhbz#1130226
2014-08-14 17:06:04 +02:00
Dennis Gilmore
b0943c5cc0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-06 22:50:54 -05:00
Kai Engert
f176bca921 Update to CKBI 1.97 from NSS 3.16 2014-03-19 11:30:07 +01:00
Kai Engert
4a1396fc65 Merge branch 'master' of ssh://pkgs.fedoraproject.org/ca-certificates
Conflicts:
	ca-certificates.spec
2014-02-10 20:15:14 +01:00
Kai Engert
278ac24070 remove openjdk build requirement 2014-02-10 20:13:22 +01:00
Ville Skyttä
a14dcb43a0 Own the %{_datadir}/pki dir. 2014-01-25 20:39:23 +02:00
Kai Engert
5df4185c4d * Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1
- Update to CKBI 1.96 from NSS 3.15.4
2014-01-09 17:38:04 +01:00
Kai Engert
9a4d41a78e * Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
- Update to CKBI 1.95 from NSS 3.15.3.1
2013-12-17 18:51:16 +01:00
Kai Engert
10e748b11e The PKCS#11 attributes of a stapled extension changed slightly
during the 0.19.x releases. This was due to specification work on
the 'Storing Trust Policy' document. Patch by Stef Walter.
Resolves: rhbz#988745
2013-09-06 17:22:25 +02:00
Kai Engert
e3e96c2ad9 - merge manual improvement from f19 2013-09-03 13:32:18 +02:00
Dennis Gilmore
04d3dc5036 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-02 23:13:50 -05:00
Kai Engert
540618e93b - clarification updates to manual page 2013-07-09 12:50:17 +02:00
Kai Engert
9ac574b7ef - added a manual page and related build requirements
- simplify the README files now that we have a manual page
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
2013-07-09 00:59:15 +02:00
Kai Engert
6c5dbfb646 * Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-13
- use correct command in README files, rhbz#961809
2013-05-27 15:28:11 +02:00
Kai Engert
2dc4526741 - update to version 1.94 provided by NSS 3.15 (beta) 2013-05-27 14:57:04 +02:00
Kai Engert
b2e71a9f9a * Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 2012.87-12
- Use both label and serial to identify cert during conversion, rhbz#927601
- Add myself as contributor to certdata2.pem.py and remove use of rcs/ident.
  (thanks to Michael Shuler for suggesting to do so)
- Update source URLs and comments, add source file for version information.
2013-04-22 14:58:59 +02:00
Kai Engert
34f352da5f * Tue Mar 19 2013 Kai Engert <kaie@redhat.com> - 2012.87-11
- adjust to changed and new functionality provided by p11-kit 0.17.3
- updated READMEs to describe the new directory-specific treatment of files
- ship a new file that contains certificates with neutral trust
- ship a new file that contains distrust objects, and also staple a
  basic constraint extension to one legacy root contained in the
  Mozilla CA list
- adjust the build script to dynamically produce most of above files
- add and own the anchors and blacklist subdirectories
- file generate-cacerts.pl is no longer required
2013-03-24 00:36:13 +01:00
Kai Engert
d538ada99c * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9
- Major rework for the Fedora SharedSystemCertificates feature.
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
- Require the p11-kit package that contains tools to automatically create
  other file format bundles.
- Convert old file locations to symbolic links that point to dynamically
  generated files.
- Old files, which might have been locally modified, will be saved in backup
  files with .rpmsave extension.
- Added a update-ca-certificates script which can be used to regenerate
  the merged trusted output.
- Refer to the various README files that have been added for more detailed
  explanation of the new system.
- No longer require rsc for building.
- Add explanation for the future version numbering scheme,
  because the old numbering scheme was based on upstream using cvs,
  which is no longer true, and therefore can no longer be used.
- Includes changes from rhbz#873369.
2013-03-09 00:09:26 +01:00
Kai Engert
0ecb427592 * Thu Mar 07 2013 Kai Engert <kaie@redhat.com> - 2012.87-2.fc19.1
- Ship trust bundle file in /usr/share/pki/ca-trust-source/, temporarily in addition.
  This location will soon become the only place containing this file.
2013-03-08 00:03:25 +01:00
Dennis Gilmore
dc139972f7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 12:10:59 -06:00
Paul Wouters
73800e131b * Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
2013-01-04 12:50:54 -05:00
Paul Wouters
829cbef0ba * Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED

Also updated pointer to certdata.txt explaining that's a pointer to
an unstable version.
2012-10-24 14:17:36 -04:00
Paul Wouters
0a930f04ef * Added real source url for certdata.txt on hg.mozilla.org 2012-10-23 21:34:15 -04:00
Paul Wouters
b65d8a87f1 * Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
- update to r1.86
2012-10-23 16:04:09 -04:00
Joe Orton
bc18e50165 add openssl to BuildRequires 2012-07-23 12:49:30 +01:00
Joe Orton
df639e3f3e update to r1.85 2012-07-23 11:50:51 +01:00
Dennis Gilmore
816ae11fdb - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-18 13:30:37 -05:00
Joe Orton
1a704861b2 merge 2012-02-13 10:21:52 +00:00
Joe Orton
229976ab38 update to r1.81 2012-02-13 10:20:14 +00:00
Dennis Gilmore
8c27f267a8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-12 16:58:40 -06:00
Joe Orton
596824452e update to r1.80
fix handling of certs with dublicate Subject names (#733032)
2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d update to r1.78, removing trust from DigiNotar root (#734679) 2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c update to r1.75 2011-08-03 11:40:12 +01:00
Joe Orton
3f0275ff7a update to r1.74 2011-04-20 10:27:11 +01:00
Joe Orton
37d25f7154 update to r1.74 2011-04-20 10:12:55 +01:00
Dennis Gilmore
9ee01c7c25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 00:15:48 -06:00
Joe Orton
bf4a1f1789 - update to r1.70 2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb - update to r1.65 2010-11-09 08:24:29 +00:00
jorton
c9fb114c90 - package /etc/ssl/certs symlink for third-party apps (#572725) 2010-04-07 14:51:30 +00:00
jorton
58bb64fcf4 - rebuild 2010-04-07 10:32:36 +00:00
jorton
b62ba6e474 - update to certdata.txt r1.63
- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00
jorton
dc70b1f07b - fix ca-bundle.crt (#575111) 2010-03-19 14:00:29 +00:00
jorton
708646cc46 - update to certdata.txt r1.58
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
    format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
2010-03-18 12:23:55 +00:00
jorton
425940e355 - fix install 2010-01-15 20:48:32 +00:00
jorton
56a6866973 - fix Java cacert database generation: use Subject rather than Issuer for
alias name; add diagnostics; fix some alias names.
2010-01-15 20:22:01 +00:00
jorton
5f392b3f7e - adopt Python certdata.txt parsing script from Debian 2010-01-15 17:11:52 +00:00
Jesse Keating
0bfc15efe4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-24 18:34:22 +00:00
jorton
5406f40280 - update to certdata.txt r1.53 2009-07-22 14:33:22 +00:00