Robert Relyea
f4842fa2d8
Fix stray commit character that turned a comment into an invalid rpm directive
2018-09-24 17:53:39 -07:00
Robert Relyea
439a513c7a
Update ca-certficates to 2.26 from NSS 3.39
2018-09-24 17:18:53 -07:00
Fedora Release Engineering
46d2f25804
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:28:32 +00:00
Paul Wouters
31ba2e4690
packaging: remove obsolete defattr line
2018-07-03 15:36:24 -04:00
Kai Engert
1a2c011ba4
Ported scripts to python3
2018-06-28 22:36:01 +02:00
Kai Engert
34c0da9058
edk2 requires p11-kit >= 0.23.10
2018-06-11 16:08:26 +02:00
Daiki Ueno
6220683f76
Extract certificate bundle in EDK2 format
2018-06-11 14:05:57 +02:00
Kai Engert
398639612c
Adjust ghost file permissions, rhbz#1564432
2018-06-04 15:19:58 +02:00
Kai Engert
342574ec95
Update to CKBI 2.24 from NSS 3.37
2018-05-18 13:05:43 +02:00
Iryna Shcherbina
77a1f2aa46
Update Python 2 dependency declarations to new packaging standards
2018-03-15 00:20:54 +01:00
Patrick Uiterwijk
09838f0deb
Add dep on coreutils for ln(1) in %post
...
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-23 23:02:30 +01:00
Igor Gnatenko
44ff50bbce
Remove %clean section
...
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:53:59 +01:00
Kai Engert
a77bc273de
Update to CKBI 2.22 from NSS 3.35
2018-02-06 14:42:09 +01:00
Kai Engert
756b8b4c69
Depend on bash, grep, sed. Required for ca-legacy script execution.
...
p11-kit is already required at %%post execution time. (rhbz#1537127)
2018-01-22 15:35:38 +01:00
Kai Engert
4d1e9c779d
Use the force, script! (Which sln did by default).
2018-01-19 13:14:55 +01:00
Kai Engert
201f66b36b
Stop using sln in ca-legacy script.
2018-01-19 13:07:06 +01:00
Kai Engert
078e3f0b9b
Use ln -s, because sln was removed from glibc. rhbz#1536349
2018-01-19 12:57:53 +01:00
Kai Engert
e3a2f67722
Update to CKBI 2.20 from NSS 3.34.1
2017-11-27 21:37:37 +01:00
Kai Engert
6b317cb305
Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/ca-certificates
2017-08-15 15:41:33 +02:00
Kai Engert
7a69d0d22f
- Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172).
2017-08-15 15:39:45 +02:00
Fedora Release Engineering
c735381906
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-07-26 04:24:01 +00:00
Kai Engert
7accaab619
Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing.
2017-07-19 11:40:38 +02:00
Petr Písař
a2a1b6c64d
perl dependency renamed to perl-interpreter < https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules >
2017-07-12 14:05:20 +02:00
Kai Engert
6cea01c4b1
Update to CKBI 2.14 from NSS 3.30.2
2017-04-26 14:37:22 +02:00
Kai Engert
c1c275770a
For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true
...
Set attribute modifiable: false
Require p11-kit 0.23.4
2017-02-23 19:39:46 +01:00
Kai Engert
f0b0be2c1f
- Changed the packaged bundle to use the flexible p11-kit-object-v1 file format,
...
as a preparation to fix bugs in the interaction between p11-kit-trust and
Mozilla applications, such as Firefox, Thunderbird etc.
- Changed update-ca-trust to add comments to extracted PEM format files.
- Added an utility to help with comparing output of the trust dump command.
2017-02-13 21:04:08 +01:00
Fedora Release Engineering
b1bece42f2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2017-02-10 07:11:28 +00:00
Kai Engert
1926916bb3
Update to CKBI 2.11 from NSS 3.28.1
2017-01-11 14:16:31 +01:00
Kai Engert
00af3f958b
Update to CKBI 2.10 from NSS 3.27
2016-10-04 19:54:47 +02:00
Kai Engert
552fa4a6d3
Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change.
2016-08-18 14:11:51 +02:00
Kai Engert
02204a071d
Update to CKBI 2.9 from NSS 3.26 with legacy modifications
2016-08-16 18:51:35 +02:00
Kai Engert
54fae46d1e
Update to CKBI 2.8 from NSS 3.25 with legacy modifications
2016-07-15 13:44:08 +02:00
Kai Engert
8867a18ec0
Only create backup files if there is an original file (bug 999017).
2016-05-10 20:28:23 +02:00
Kai Engert
5300aa7f75
Use sln, not ln, to avoid the dependency on coreutils.
2016-05-10 18:48:44 +02:00
Kai Engert
de9cf5de04
Fix typos in a manual page and in a README file.
2016-04-25 18:58:31 +02:00
Kai Engert
53674928a5
Update to CKBI 2.7 from NSS 3.23 with legacy modifications
2016-03-16 18:25:23 +01:00
Dennis Gilmore
199d06cb4e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
2016-02-03 17:20:38 +00:00
Kai Engert
da979a1a44
Update to CKBI 2.6 from NSS 3.21 with legacy modifications
2015-11-23 17:51:07 +01:00
Kai Engert
87f92384d1
Update the spec file to version 2.5
2015-08-13 22:49:30 +02:00
Dennis Gilmore
298b40723b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
2015-06-17 02:13:52 +00:00
Kai Engert
b2076a019e
Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications
2015-05-05 20:18:08 +02:00
Kai Engert
41111200ad
Fixed a typo in the ca-legacy manual page.
2015-05-05 17:27:27 +02:00
Kai Engert
40d3667f3c
rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy
2015-03-31 23:02:57 +02:00
Kai Engert
b18dd49764
Update to CKBI 2.3 from NSS 3.18 with legacy modifications
2015-03-20 22:12:01 +01:00
Kai Engert
b1d00ef388
Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases
2015-03-20 21:23:05 +01:00
Kai Engert
053dde8a2f
- Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications
2014-12-16 22:09:03 +01:00
Kai Engert
a1c2aece67
update project URL
2014-11-21 16:29:39 +01:00
Peter Lemenkov
0c19add667
Restore Requires: coreutils
...
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
2014-11-15 08:11:39 +03:00
Peter Lemenkov
d8e353c1d2
A proper fix for #1158343
...
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
2014-11-14 18:33:00 +03:00
Kai Engert
d7defefea7
add Requires: coreutils (rhbz#1158343)
2014-10-29 12:14:57 +01:00
Kai Engert
e24bfeb6b0
- Introduce the ca-legacy utility and a ca-legacy.conf configuration file.
...
By default, legacy roots required for OpenSSL/GnuTLS compatibility
are kept enabled. Using the ca-legacy utility, the legacy roots can be
disabled. If disabled, the system will use the trust set as provided
by the upstream Mozilla CA list. (See also: rhbz#1158197)
2014-10-28 20:54:15 +01:00
Kai Engert
f81c301d27
- Temporarily re-enable several legacy root CA certificates because of
...
compatibility issues with software based on OpenSSL/GnuTLS,
see rhbz#1144808
2014-09-21 10:33:16 +02:00
Kai Engert
18eedda612
- Update to CKBI 2.1 from NSS 3.16.4
...
- Fix rhbz#1130226
2014-08-14 17:06:04 +02:00
Dennis Gilmore
b0943c5cc0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2014-06-06 22:50:54 -05:00
Kai Engert
f176bca921
Update to CKBI 1.97 from NSS 3.16
2014-03-19 11:30:07 +01:00
Kai Engert
4a1396fc65
Merge branch 'master' of ssh://pkgs.fedoraproject.org/ca-certificates
...
Conflicts:
ca-certificates.spec
2014-02-10 20:15:14 +01:00
Kai Engert
278ac24070
remove openjdk build requirement
2014-02-10 20:13:22 +01:00
Ville Skyttä
a14dcb43a0
Own the %{_datadir}/pki dir.
2014-01-25 20:39:23 +02:00
Kai Engert
5df4185c4d
* Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1
...
- Update to CKBI 1.96 from NSS 3.15.4
2014-01-09 17:38:04 +01:00
Kai Engert
9a4d41a78e
* Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1
...
- Update to CKBI 1.95 from NSS 3.15.3.1
2013-12-17 18:51:16 +01:00
Kai Engert
10e748b11e
The PKCS#11 attributes of a stapled extension changed slightly
...
during the 0.19.x releases. This was due to specification work on
the 'Storing Trust Policy' document. Patch by Stef Walter.
Resolves: rhbz#988745
2013-09-06 17:22:25 +02:00
Kai Engert
e3e96c2ad9
- merge manual improvement from f19
2013-09-03 13:32:18 +02:00
Dennis Gilmore
04d3dc5036
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-02 23:13:50 -05:00
Kai Engert
540618e93b
- clarification updates to manual page
2013-07-09 12:50:17 +02:00
Kai Engert
9ac574b7ef
- added a manual page and related build requirements
...
- simplify the README files now that we have a manual page
- set a certificate alias in trusted bundle (thanks to Ludwig Nussel)
2013-07-09 00:59:15 +02:00
Kai Engert
6c5dbfb646
* Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-13
...
- use correct command in README files, rhbz#961809
2013-05-27 15:28:11 +02:00
Kai Engert
2dc4526741
- update to version 1.94 provided by NSS 3.15 (beta)
2013-05-27 14:57:04 +02:00
Kai Engert
b2e71a9f9a
* Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 2012.87-12
...
- Use both label and serial to identify cert during conversion, rhbz#927601
- Add myself as contributor to certdata2.pem.py and remove use of rcs/ident.
(thanks to Michael Shuler for suggesting to do so)
- Update source URLs and comments, add source file for version information.
2013-04-22 14:58:59 +02:00
Kai Engert
34f352da5f
* Tue Mar 19 2013 Kai Engert <kaie@redhat.com> - 2012.87-11
...
- adjust to changed and new functionality provided by p11-kit 0.17.3
- updated READMEs to describe the new directory-specific treatment of files
- ship a new file that contains certificates with neutral trust
- ship a new file that contains distrust objects, and also staple a
basic constraint extension to one legacy root contained in the
Mozilla CA list
- adjust the build script to dynamically produce most of above files
- add and own the anchors and blacklist subdirectories
- file generate-cacerts.pl is no longer required
2013-03-24 00:36:13 +01:00
Kai Engert
d538ada99c
* Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9
...
- Major rework for the Fedora SharedSystemCertificates feature.
- Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format.
- Require the p11-kit package that contains tools to automatically create
other file format bundles.
- Convert old file locations to symbolic links that point to dynamically
generated files.
- Old files, which might have been locally modified, will be saved in backup
files with .rpmsave extension.
- Added a update-ca-certificates script which can be used to regenerate
the merged trusted output.
- Refer to the various README files that have been added for more detailed
explanation of the new system.
- No longer require rsc for building.
- Add explanation for the future version numbering scheme,
because the old numbering scheme was based on upstream using cvs,
which is no longer true, and therefore can no longer be used.
- Includes changes from rhbz#873369.
2013-03-09 00:09:26 +01:00
Kai Engert
0ecb427592
* Thu Mar 07 2013 Kai Engert <kaie@redhat.com> - 2012.87-2.fc19.1
...
- Ship trust bundle file in /usr/share/pki/ca-trust-source/, temporarily in addition.
This location will soon become the only place containing this file.
2013-03-08 00:03:25 +01:00
Dennis Gilmore
dc139972f7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
2013-02-13 12:10:59 -06:00
Paul Wouters
73800e131b
* Fri Jan 04 2013 Paul Wouters <pwouters@redhat.com> - 2012.87-1
...
- Updated to r1.87 to blacklist mis-issued turktrust CA certs
2013-01-04 12:50:54 -05:00
Paul Wouters
829cbef0ba
* Wed Oct 24 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-2
...
- Updated blacklist with 20 entries (Diginotar, Trustwave, Comodo(?)
- Fix to certdata2pem.py to also check for CKT_NSS_NOT_TRUSTED
Also updated pointer to certdata.txt explaining that's a pointer to
an unstable version.
2012-10-24 14:17:36 -04:00
Paul Wouters
0a930f04ef
* Added real source url for certdata.txt on hg.mozilla.org
2012-10-23 21:34:15 -04:00
Paul Wouters
b65d8a87f1
* Tue Oct 23 2012 Paul Wouters <pwouters@redhat.com> - 2012.86-1
...
- update to r1.86
2012-10-23 16:04:09 -04:00
Joe Orton
bc18e50165
add openssl to BuildRequires
2012-07-23 12:49:30 +01:00
Joe Orton
df639e3f3e
update to r1.85
2012-07-23 11:50:51 +01:00
Dennis Gilmore
816ae11fdb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-18 13:30:37 -05:00
Joe Orton
1a704861b2
merge
2012-02-13 10:21:52 +00:00
Joe Orton
229976ab38
update to r1.81
2012-02-13 10:20:14 +00:00
Dennis Gilmore
8c27f267a8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-12 16:58:40 -06:00
Joe Orton
596824452e
update to r1.80
...
fix handling of certs with dublicate Subject names (#733032 )
2011-11-09 14:36:15 -08:00
Joe Orton
f098063f3d
update to r1.78, removing trust from DigiNotar root ( #734679 )
2011-09-01 14:36:45 +01:00
Joe Orton
fbef64556c
update to r1.75
2011-08-03 11:40:12 +01:00
Joe Orton
3f0275ff7a
update to r1.74
2011-04-20 10:27:11 +01:00
Joe Orton
37d25f7154
update to r1.74
2011-04-20 10:12:55 +01:00
Dennis Gilmore
9ee01c7c25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-08 00:15:48 -06:00
Joe Orton
bf4a1f1789
- update to r1.70
2011-01-12 13:51:15 +00:00
Joe Orton
96465e81bb
- update to r1.65
2010-11-09 08:24:29 +00:00
jorton
c9fb114c90
- package /etc/ssl/certs symlink for third-party apps ( #572725 )
2010-04-07 14:51:30 +00:00
jorton
58bb64fcf4
- rebuild
2010-04-07 10:32:36 +00:00
jorton
b62ba6e474
- update to certdata.txt r1.63
...
- use upstream RCS version in Version
2010-04-07 09:40:17 +00:00
jorton
dc70b1f07b
- fix ca-bundle.crt ( #575111 )
2010-03-19 14:00:29 +00:00
jorton
708646cc46
- update to certdata.txt r1.58
...
- add /etc/pki/tls/certs/ca-bundle.trust.crt using 'TRUSTED CERTICATE'
format
- exclude ECC certs from the Java cacerts database
- catch keytool failures
- fail parsing certdata.txt on finding untrusted but not blacklisted cert
2010-03-18 12:23:55 +00:00
jorton
425940e355
- fix install
2010-01-15 20:48:32 +00:00
jorton
56a6866973
- fix Java cacert database generation: use Subject rather than Issuer for
...
alias name; add diagnostics; fix some alias names.
2010-01-15 20:22:01 +00:00
jorton
5f392b3f7e
- adopt Python certdata.txt parsing script from Debian
2010-01-15 17:11:52 +00:00
Jesse Keating
0bfc15efe4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-24 18:34:22 +00:00
jorton
5406f40280
- update to certdata.txt r1.53
2009-07-22 14:33:22 +00:00