Commit Graph

156 Commits

Author SHA1 Message Date
Bob Relyea
d4451d31cd Update to CKBI 2.54 from NSS 3.79 2022-07-27 16:05:04 -07:00
Fedora Release Engineering
082ca8530e Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-20 22:27:16 +00:00
Bob Relyea
f6b8f45e83 Update to CKBI 2.54 from NSS 3.79
Removing:
    # Certificate "GlobalSign Root CA - R2"
    # Certificate "DST Root CA X3"
    # Certificate "Explicitly Distrusted DigiNotar PKIoverheid G2"
   Adding:
    # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
    # Certificate "vTrus ECC Root CA"
    # Certificate "vTrus Root CA"
    # Certificate "ISRG Root X2"
    # Certificate "HiPKI Root CA - G1"
    # Certificate "Telia Root CA v2"
    # Certificate "D-TRUST BR Root CA 1 2020"
    # Certificate "D-TRUST EV Root CA 1 2020"
    # Certificate "CAEDICOM Root"
    # Certificate "I.CA Root CA/RSA"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Certification Authority of WoSign G2"
    # Certificate "CA WoSign ECC Root"
    # Certificate "CCA India 2015 SPL"
    # Certificate "Swedish Government Root Authority v3"
    # Certificate "Swedish Government Root Authority v2"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "OpenTrust Root CA G1"
    # Certificate "OpenTrust Root CA G2"
    # Certificate "OpenTrust Root CA G3"
    # Certificate "Certplus Root CA G1"
    # Certificate "Certplus Root CA G2"
    # Certificate "Government Root Certification Authority"
    # Certificate "A-Trust-Qual-02"
    # Certificate "Thailand National Root Certification Authority - G1"
    # Certificate "TrustCor ECA-1"
    # Certificate "TrustCor RootCert CA-2"
    # Certificate "TrustCor RootCert CA-1"
    # Certificate "Certification Authority of WoSign"
    # Certificate "CA 沃通根证书"
    # Certificate "SSC GDL CA Root B"
    # Certificate "SAPO Class 2 Root CA"
    # Certificate "SAPO Class 3 Root CA"
    # Certificate "SAPO Class 4 Root CA"
    # Certificate "CA Disig Root R1"
    # Certificate "Autoridad Certificadora Raíz Nacional de Uruguay"
    # Certificate "ApplicationCA2 Root"
    # Certificate "GlobalSign"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G4"
    # Certificate "Halcom Root CA"
    # Certificate "Swisscom Root EV CA 2"
    # Certificate "CFCA GT CA"
    # Certificate "Digidentity L3 Root CA - G2"
    # Certificate "SITHS Root CA v1"
    # Certificate "Macao Post eSignTrust Root Certification Authority (G02)"
    # Certificate "Autoridade Certificadora Raiz Brasileira v2"
    # Certificate "Swisscom Root CA 2"
    # Certificate "IGC/A AC racine Etat francais"
    # Certificate "PersonalID Trustworthy RootCA 2011"
    # Certificate "Swedish Government Root Authority v1"
    # Certificate "Swiss Government Root CA II"
    # Certificate "Swiss Government Root CA I"
    # Certificate "Network Solutions Certificate Authority"
    # Certificate "COMODO Certification Authority"
    # Certificate "LuxTrust Global Root"
    # Certificate "AC1 RAIZ MTIN"
    # Certificate "Microsoft Root Certificate Authority 2011"
    # Certificate "CCA India 2011"
    # Certificate "ANCERT Certificados Notariales V2"
    # Certificate "ANCERT Certificados CGN V2"
    # Certificate "EE Certification Centre Root CA"
    # Certificate "DigiNotar Root CA G2"
    # Certificate "Federal Common Policy CA"
    # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano"
    # Certificate "Autoridad de Certificacion Raiz del Estado Venezolano"
    # Certificate "China Internet Network Information Center EV Certificates Root"
    # Certificate "Verizon Global Root CA"
    # Certificate "SwissSign Silver Root CA - G3"
    # Certificate "SwissSign Platinum Root CA - G3"
    # Certificate "SwissSign Gold Root CA - G3"
    # Certificate "Microsec e-Szigno Root CA 2009"
    # Certificate "SITHS CA v3"
    # Certificate "Certinomis - Autorité Racine"
    # Certificate "ANF Server CA"
    # Certificate "Thawte Premium Server CA"
    # Certificate "Thawte Server CA"
    # Certificate "TC TrustCenter Universal CA III"
    # Certificate "KEYNECTIS ROOT CA"
    # Certificate "I.CA - Standard Certification Authority, 09/2009"
    # Certificate "I.CA - Qualified Certification Authority, 09/2009"
    # Certificate "VI Registru Centras RCSC (RootCA)"
    # Certificate "CCA India 2007"
    # Certificate "Autoridade Certificadora Raiz Brasileira v1"
    # Certificate "ipsCA Global CA Root"
    # Certificate "ipsCA Main CA Root"
    # Certificate "Actalis Authentication CA G1"
    # Certificate "A-Trust-Qual-03"
    # Certificate "AddTrust External CA Root"
    # Certificate "ECRaizEstado"
    # Certificate "Configuration"
    # Certificate "FNMT-RCM"
    # Certificate "StartCom Certification Authority"
    # Certificate "TWCA Root Certification Authority"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
    # Certificate "thawte Primary Root CA - G2"
    # Certificate "GeoTrust Primary Certification Authority - G2"
    # Certificate "VeriSign Universal Root Certification Authority"
    # Certificate "thawte Primary Root CA - G3"
    # Certificate "GeoTrust Primary Certification Authority - G3"
    # Certificate "E-ME SSI (RCA)"
    # Certificate "ACEDICOM Root"
    # Certificate "Autoridad Certificadora Raiz de la Secretaria de Economia"
    # Certificate "Correo Uruguayo - Root CA"
    # Certificate "CNNIC ROOT"
    # Certificate "Common Policy"
    # Certificate "Macao Post eSignTrust Root Certification Authority"
    # Certificate "Staat der Nederlanden Root CA - G2"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "AC Raíz Certicámara S.A."
    # Certificate "Cisco Root CA 2048"
    # Certificate "CA Disig"
    # Certificate "InfoNotary CSP Root"
    # Certificate "UCA Global Root"
    # Certificate "UCA Root"
    # Certificate "DigiNotar Root CA"
    # Certificate "Starfield Services Root Certificate Authority"
    # Certificate "I.CA - Qualified root certificate"
    # Certificate "I.CA - Standard root certificate"
    # Certificate "e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi"
    # Certificate "Japanese Government"
    # Certificate "AdminCA-CD-T01"
    # Certificate "Admin-Root-CA"
    # Certificate "Izenpe.com"
    # Certificate "TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3"
    # Certificate "Halcom CA FO"
    # Certificate "Halcom CA PO 2"
    # Certificate "Root CA"
    # Certificate "GPKIRootCA"
    # Certificate "ACNLB"
    # Certificate "state-institutions"
    # Certificate "state-institutions"
    # Certificate "SECOM Trust Systems CO.,LTD."
    # Certificate "D-TRUST Qualified Root CA 1 2007:PN"
    # Certificate "D-TRUST Root Class 2 CA 2007"
    # Certificate "D-TRUST Root Class 3 CA 2007"
    # Certificate "SSC Root CA A"
    # Certificate "SSC Root CA B"
    # Certificate "SSC Root CA C"
    # Certificate "Autoridad de Certificacion de la Abogacia"
    # Certificate "Root CA Generalitat Valenciana"
    # Certificate "VAS Latvijas Pasts SSI(RCA)"
    # Certificate "ANCERT Certificados CGN"
    # Certificate "ANCERT Certificados Notariales"
    # Certificate "ANCERT Corporaciones de Derecho Publico"
    # Certificate "GLOBALTRUST"
    # Certificate "Certipost E-Trust TOP Root CA"
    # Certificate "Certipost E-Trust Primary Qualified CA"
    # Certificate "Certipost E-Trust Primary Normalised CA"
    # Certificate "GlobalSign"
    # Certificate "IGC/A"
    # Certificate "S-TRUST Authentication and Encryption Root CA 2005:PN"
    # Certificate "TC TrustCenter Universal CA I"
    # Certificate "TC TrustCenter Universal CA II"
    # Certificate "TC TrustCenter Class 2 CA II"
    # Certificate "TC TrustCenter Class 4 CA II"
    # Certificate "Swisscom Root CA 1"
    # Certificate "Microsec e-Szigno Root CA"
    # Certificate "LGPKI"
    # Certificate "AC RAIZ DNIE"
    # Certificate "Common Policy"
    # Certificate "TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı"
    # Certificate "A-Trust-nQual-03"
    # Certificate "A-Trust-nQual-03"
    # Certificate "CertRSA01"
    # Certificate "KISA RootCA 1"
    # Certificate "KISA RootCA 3"
    # Certificate "NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado"
    # Certificate "A-CERT ADVANCED"
    # Certificate "A-Trust-Qual-01"
    # Certificate "A-Trust-nQual-01"
    # Certificate "A-Trust-Qual-02"
    # Certificate "Staat der Nederlanden Root CA"
    # Certificate "Serasa Certificate Authority II"
    # Certificate "TDC Internet"
    # Certificate "America Online Root Certification Authority 2"
    # Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068"
    # Certificate "Government Root Certification Authority"
    # Certificate "RSA Security Inc"
    # Certificate "Public Notary Root"
    # Certificate "GeoTrust Global CA"
    # Certificate "GeoTrust Global CA 2"
    # Certificate "GeoTrust Universal CA"
    # Certificate "GeoTrust Universal CA 2"
    # Certificate "QuoVadis Root Certification Authority"
    # Certificate "Autoridade Certificadora Raiz Brasileira"
    # Certificate "Post.Trust Root CA"
    # Certificate "Microsoft Root Authority"
    # Certificate "Microsoft Root Certificate Authority"
    # Certificate "Microsoft Root Certificate Authority 2010"
    # Certificate "Entrust.net Secure Server Certification Authority"
    # Certificate "UTN-USERFirst-Object"
    # Certificate "BYTE Root Certification Authority 001"
    # Certificate "CISRCA1"
    # Certificate "ePKI Root Certification Authority - G2"
    # Certificate "ePKI EV SSL Certification Authority - G1"
    # Certificate "AC Raíz Certicámara S.A."
    # Certificate "SSL.com EV Root Certification Authority RSA"
    # Certificate "LuxTrust Global Root 2"
    # Certificate "ACA ROOT"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "CHAMBERS OF COMMERCE ROOT - 2016"
    # Certificate "Network Solutions RSA Certificate Authority"
    # Certificate "Network Solutions ECC Certificate Authority"
    # Certificate "Australian Defence Public Root CA"
    # Certificate "SI-TRUST Root"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Application CA G3 Root"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "Microsoft ECC Product Root Certificate Authority 2018"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
    # Certificate "Microsoft ECC TS Root Certificate Authority 2018"
    # Certificate "DigiCert CS ECC P384 Root G5"
    # Certificate "DigiCert CS RSA4096 Root G5"
    # Certificate "DigiCert RSA4096 Root G5"
    # Certificate "DigiCert ECC P384 Root G5"
    # Certificate "HARICA Code Signing RSA Root CA 2021"
    # Certificate "HARICA Code Signing ECC Root CA 2021"
    # Certificate "Microsoft Identity Verification Root Certificate Authority 2020"
2022-07-15 10:08:43 -07:00
Fedora Release Engineering
421e34b661 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-19 22:46:28 +00:00
Bob Relyea
662998d9d7 Update to CKBI 2.52 from NSS 3.72
Adding:
    # Certificate "TunTrust Root CA"
    # Certificate "HARICA TLS RSA Root CA 2021"
    # Certificate "HARICA TLS ECC Root CA 2021"
    # Certificate "HARICA Client RSA Root CA 2021"
    # Certificate "HARICA Client ECC Root CA 2021"
2021-12-13 09:07:38 -08:00
Bob Relyea
1c8b67fb5a Resolves: rhbz#1053883 rhbz#1396811
Add debian compatible certificate trust hash directory and links for less aware packages.
2021-12-06 15:49:38 -08:00
Bob Relyea
40ecfc5f64 remove blacklist directory now that pk11-kit is using blocklist 2021-11-01 16:45:20 -07:00
Fedora Release Engineering
dff1c3cf33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 19:02:20 +00:00
Fedora Release Engineering
ea71242686 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-21 14:05:01 +00:00
Bob Relyea
6d222498e8 Update to CKBI 2.50 from NSS 3.67
Removing:
    # Certificate "Trustis FPS Root CA"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "GLOBALTRUST"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Verizon Global Root CA"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "CAEDICOM Root"
    # Certificate "COMODO Certification Authority"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "AC RAIZ DNIE"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G5"
    # Certificate "VeriSign Universal Root Certification Authority"
    # Certificate "GeoTrust Global CA"
    # Certificate "GeoTrust Primary Certification Authority"
    # Certificate "thawte Primary Root CA"
    # Certificate "thawte Primary Root CA - G2"
    # Certificate "thawte Primary Root CA - G3"
    # Certificate "GeoTrust Primary Certification Authority - G3"
    # Certificate "GeoTrust Primary Certification Authority - G2"
    # Certificate "GeoTrust Universal CA"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
   Adding:
    # Certificate "GLOBALTRUST 2020"
    # Certificate "ANF Secure Server Root CA"
2021-06-16 13:32:35 -07:00
Bob Relyea
c4c1a32e95 Add code to pull in object signing certs from Common CA Database (ccadb.org).
Fix the updated merge scripts to handle this.
Prune Expired certificates from certdata.txt and the object signing cert list

Update to CKBI 2.48 from NSS 3.64

   Removing:
    # Certificate "Verisign Class 3 Public Primary Certification Authority - G3"
    # Certificate "GeoTrust Universal CA 2"
    # Certificate "QuoVadis Root CA"
    # Certificate "Sonera Class 2 Root CA"
    # Certificate "Taiwan GRCA"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G4"
    # Certificate "EE Certification Centre Root CA"
    # Certificate "LuxTrust Global Root 2"
    # Certificate "Symantec Class 1 Public Primary Certification Authority - G4"
    # Certificate "Symantec Class 2 Public Primary Certification Authority - G4"
   Adding:
    # Certificate "Microsoft ECC Root Certificate Authority 2017"
    # Certificate "Microsoft RSA Root Certificate Authority 2017"
    # Certificate "e-Szigno Root CA 2017"
    # Certificate "certSIGN Root CA G2"
    # Certificate "Trustwave Global Certification Authority"
    # Certificate "Trustwave Global ECC P256 Certification Authority"
    # Certificate "Trustwave Global ECC P384 Certification Authority"
    # Certificate "NAVER Global Root Certification Authority"
    # Certificate "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
    # Certificate "GlobalSign Secure Mail Root R45"
    # Certificate "GlobalSign Secure Mail Root E45"
    # Certificate "GlobalSign Root R46"
    # Certificate "GlobalSign Root E46"
    # Certificate "Certum EC-384 CA"
    # Certificate "Certum Trusted Root CA"
    # Certificate "GlobalSign Code Signing Root R45"
    # Certificate "GlobalSign Code Signing Root E45"
    # Certificate "Halcom Root Certificate Authority"
    # Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
    # Certificate "GLOBALTRUST"
    # Certificate "MULTICERT Root Certification Authority 01"
    # Certificate "Verizon Global Root CA"
    # Certificate "Tunisian Root Certificate Authority - TunRootCA2"
    # Certificate "CAEDICOM Root"
    # Certificate "COMODO Certification Authority"
    # Certificate "Security Communication ECC RootCA1"
    # Certificate "Security Communication RootCA3"
    # Certificate "AC RAIZ DNIE"
    # Certificate "VeriSign Class 3 Public Primary Certification Authority - G3"
    # Certificate "NetLock Platina (Class Platinum) Főtanúsítvány"
    # Certificate "GLOBALTRUST 2015"
    # Certificate "emSign Root CA - G2"
    # Certificate "emSign Root CA - C2"
2021-05-25 16:48:57 -07:00
Bob Relyea
6d164aedd7 Update tools to pick up code signing certs from the Common CA Database:
https://www.ccadb.org/resources

Our normal root certs come from mozilla, but mozilla does not evaluate
code signing. Currently code signing is only used my Microsoft .net, so
we need to get code signing certs from Microsoft's code signing list.

The certs in this list will only show up in the code signing lists
or in the general list with only code signing set.
2021-05-24 10:49:58 -07:00
Bob Relyea
17e75b4e10 change master to rawhide in fetch.sh to match fedora's new tree arragement. 2021-03-26 15:45:22 -07:00
Fedora Release Engineering
0fa62ae95f - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 01:32:44 +00:00
Bob Relyea
05fc0ccfd2 remove unnecessarily divisive terms, take 1.
in ca-certificates there are 3 cases:
   1) master refering to the fedora master branch in the fetch.sh script.
      This can only be changed once fedora changes the master branch name.
   2) a reference to the 'master bundle' in this file: this has been changed
      to 'primary bundle'.
   3) a couple of blacklist directories owned by this package, but used to
      p11-kit. New 'blocklist' directories have been created, but p11-kit
      needs to be updated before the old blacklist directories can be removed
      and the man pages corrected.
2021-01-12 13:50:47 -08:00
Christian Heimes
9bd23da27f Add cross-distro compatibility symlinks
The directory /etc/ssl now contains symlinks to cert.pem bundle,
openssl.cnf, and ct_log_list.cnf to provide better cross-distribution
compatibility.

Resolves: rhbz#1895619
2020-11-10 10:59:19 +01:00
Fedora Release Engineering
5221e001cb - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-27 13:33:08 +00:00
Adam Williamson
5f1176f65b Fix up broken %post and %postinstall scriptlet changes from -2 2020-06-16 12:49:50 -07:00
Adam Williamson
a430e4124c Simplify the %post and %postinstall script stuff, it was broken
This approach had multiple problems. The most obvious is a typo -
it had `%-bindir` instead of `%_bindir`. But you also cannot mix
a %define into a %post script as was being done here, that just
doesn't work, you can't track state between scriptlets like that.
And the `%if` in %posttrans would be resolved at package build
time, not at %posttrans run time. (I think the syntax was wrong
anyway). This whole approach was irredeemably broken.

To get things back to a working state quickly, let's just do it
in a simple-but-dumb way: always run the scripts in %posttrans,
run them in %post if `ln` is available (with the typo fixed).
This means we'll often run them twice, but I don't think that
actually hurts anything. We can refine from here if desired.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2020-06-16 12:43:54 -07:00
Bob Relyea
34155d6cbe Fix unclosed if 2020-06-10 12:50:35 -07:00
Bob Relyea
9a68b05c60 Update to CKBI 2.41 from NSS 3.53.0
Removing:
    # Certificate "AddTrust Low-Value Services Root"
    # Certificate "AddTrust External Root"
    # Certificate "Staat der Nederlanden Root CA - G2"

-Updates several certificates with CKA_SERVER_DISTRUST_AFTER with a data
-Fix circular dependency issue by moving ca-legacy and upcate-ca-trust to
 %posttrans
2020-06-10 12:45:49 -07:00
Daiki Ueno
00da4d0e2a Update versioned dependency on p11-kit 2020-01-28 08:49:10 +01:00
Daiki Ueno
eaf3ef8b6b Update to CKBI 2.40 from NSS 3.48 2020-01-22 10:56:12 +01:00
Daiki Ueno
6aec97d9bd certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER
This allows to follow upcoming changes in certdata.txt:
https://bugzilla.mozilla.org/show_bug.cgi?id=1465613

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2019-12-04 10:53:31 +01:00
Fedora Release Engineering
8702798203 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-24 19:46:15 +00:00
Bob Relyea
605570b71e Resolves: rhbz#1722213
- Update to CKBI 2.32 from NSS 3.44
   Removing:
    # Certificate "Visa eCommerce Root"
    # Certificate "AC Raiz Certicamara S.A."
    # Certificate "Certplus Root CA G1"
    # Certificate "Certplus Root CA G2"
    # Certificate "OpenTrust Root CA G1"
    # Certificate "OpenTrust Root CA G2"
    # Certificate "OpenTrust Root CA G3"
   Adding:
    # Certificate "GTS Root R1"
    # Certificate "GTS Root R2"
    # Certificate "GTS Root R3"
    # Certificate "GTS Root R4"
    # Certificate "UCA Global G2 Root"
    # Certificate "UCA Extended Validation Root"
    # Certificate "Certigna Root CA"
    # Certificate "emSign Root CA - G1"
    # Certificate "emSign ECC Root CA - G3"
    # Certificate "emSign Root CA - C1"
    # Certificate "emSign ECC Root CA - C3"
    # Certificate "Hongkong Post Root CA 3"
2019-06-19 10:17:16 -07:00
Fedora Release Engineering
4f5bce3dc2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 15:07:07 +00:00
Igor Gnatenko
6947c0bb5e Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:23:57 +01:00
Robert Relyea
f4842fa2d8 Fix stray commit character that turned a comment into an invalid rpm directive 2018-09-24 17:53:39 -07:00
Robert Relyea
439a513c7a Update ca-certficates to 2.26 from NSS 3.39 2018-09-24 17:18:53 -07:00
Fedora Release Engineering
46d2f25804 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 21:28:32 +00:00
Paul Wouters
31ba2e4690 packaging: remove obsolete defattr line 2018-07-03 15:36:24 -04:00
Kai Engert
1a2c011ba4 Ported scripts to python3 2018-06-28 22:36:01 +02:00
Kai Engert
34c0da9058 edk2 requires p11-kit >= 0.23.10 2018-06-11 16:08:26 +02:00
Daiki Ueno
6220683f76 Extract certificate bundle in EDK2 format 2018-06-11 14:05:57 +02:00
Kai Engert
398639612c Adjust ghost file permissions, rhbz#1564432 2018-06-04 15:19:58 +02:00
Kai Engert
342574ec95 Update to CKBI 2.24 from NSS 3.37 2018-05-18 13:05:43 +02:00
Iryna Shcherbina
77a1f2aa46 Update Python 2 dependency declarations to new packaging standards 2018-03-15 00:20:54 +01:00
Patrick Uiterwijk
09838f0deb Add dep on coreutils for ln(1) in %post
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-23 23:02:30 +01:00
Igor Gnatenko
44ff50bbce
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 07:53:59 +01:00
Kai Engert
a77bc273de Update to CKBI 2.22 from NSS 3.35 2018-02-06 14:42:09 +01:00
Kai Engert
756b8b4c69 Depend on bash, grep, sed. Required for ca-legacy script execution.
p11-kit is already required at %%post execution time. (rhbz#1537127)
2018-01-22 15:35:38 +01:00
Kai Engert
4d1e9c779d Use the force, script! (Which sln did by default). 2018-01-19 13:14:55 +01:00
Kai Engert
201f66b36b Stop using sln in ca-legacy script. 2018-01-19 13:07:06 +01:00
Kai Engert
078e3f0b9b Use ln -s, because sln was removed from glibc. rhbz#1536349 2018-01-19 12:57:53 +01:00
Kai Engert
e3a2f67722 Update to CKBI 2.20 from NSS 3.34.1 2017-11-27 21:37:37 +01:00
Bruno Goncalves
5fae916208 Add CI tests using the standard test interface 2017-09-25 11:03:21 +02:00
Kai Engert
6b317cb305 Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/ca-certificates 2017-08-15 15:41:33 +02:00
Kai Engert
7a69d0d22f - Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172). 2017-08-15 15:39:45 +02:00
Fedora Release Engineering
c735381906 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 04:24:01 +00:00