rpms/ca-certificates
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Commit Graph

  • 6835eac039 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 Mohan Boddu 2021-04-15 22:48:37 +0000
  • 17e75b4e10 change master to rawhide in fetch.sh to match fedora's new tree arragement. Bob Relyea 2021-03-26 15:45:22 -0700
  • f5f0f5fd95 Merged update from upstream sources DistroBaker 2021-02-03 11:56:36 +0100
  • 0fa62ae95f - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Fedora Release Engineering 2021-01-26 01:32:44 +0000
  • a6a84258da Merged update from upstream sources DistroBaker 2021-01-12 22:08:18 +0000
  • 05fc0ccfd2 remove unnecessarily divisive terms, take 1. in ca-certificates there are 3 cases: 1) master refering to the fedora master branch in the fetch.sh script. This can only be changed once fedora changes the master branch name. 2) a reference to the 'master bundle' in this file: this has been changed to 'primary bundle'. 3) a couple of blacklist directories owned by this package, but used to p11-kit. New 'blocklist' directories have been created, but p11-kit needs to be updated before the old blacklist directories can be removed and the man pages corrected. Bob Relyea 2021-01-12 13:50:47 -0800
  • 8eeccfe166 Merged update from upstream sources DistroBaker 2020-12-10 01:08:56 +0100
  • 9bd23da27f Add cross-distro compatibility symlinks Christian Heimes 2020-11-09 08:50:15 +0100
  • cbe6d70855 RHEL 9.0.0 Alpha bootstrap Petr Šabata 2020-10-14 22:35:13 +0200
  • 8f161f5cb6 New branch setup Release Configuration Management 2020-10-08 11:11:01 +0000
  • 5221e001cb - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Fedora Release Engineering 2020-07-27 13:33:08 +0000
  • 5f1176f65b Fix up broken %post and %postinstall scriptlet changes from -2 Adam Williamson 2020-06-16 12:49:50 -0700
  • a430e4124c Simplify the %post and %postinstall script stuff, it was broken Adam Williamson 2020-06-16 12:43:54 -0700
  • 34155d6cbe Fix unclosed if Bob Relyea 2020-06-10 12:50:35 -0700
  • 9a68b05c60 Update to CKBI 2.41 from NSS 3.53.0 Removing: # Certificate "AddTrust Low-Value Services Root" # Certificate "AddTrust External Root" # Certificate "Staat der Nederlanden Root CA - G2" Bob Relyea 2020-06-10 12:45:49 -0700
  • 00da4d0e2a Update versioned dependency on p11-kit Daiki Ueno 2020-01-28 08:49:10 +0100
  • eaf3ef8b6b Update to CKBI 2.40 from NSS 3.48 Daiki Ueno 2020-01-22 10:56:12 +0100
  • 6aec97d9bd certdata2pem.py: emit flags for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER Daiki Ueno 2019-12-04 10:53:31 +0100
  • 8702798203 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Fedora Release Engineering 2019-07-24 19:46:15 +0000
  • 605570b71e Resolves: rhbz#1722213 - Update to CKBI 2.32 from NSS 3.44 Removing: # Certificate "Visa eCommerce Root" # Certificate "AC Raiz Certicamara S.A." # Certificate "Certplus Root CA G1" # Certificate "Certplus Root CA G2" # Certificate "OpenTrust Root CA G1" # Certificate "OpenTrust Root CA G2" # Certificate "OpenTrust Root CA G3" Adding: # Certificate "GTS Root R1" # Certificate "GTS Root R2" # Certificate "GTS Root R3" # Certificate "GTS Root R4" # Certificate "UCA Global G2 Root" # Certificate "UCA Extended Validation Root" # Certificate "Certigna Root CA" # Certificate "emSign Root CA - G1" # Certificate "emSign ECC Root CA - G3" # Certificate "emSign Root CA - C1" # Certificate "emSign ECC Root CA - C3" # Certificate "Hongkong Post Root CA 3" Bob Relyea 2019-06-19 10:17:16 -0700
  • 4f5bce3dc2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Fedora Release Engineering 2019-01-31 15:07:07 +0000
  • 6947c0bb5e Remove obsolete Group tag Igor Gnatenko 2019-01-28 20:17:40 +0100
  • f4842fa2d8 Fix stray commit character that turned a comment into an invalid rpm directive Robert Relyea 2018-09-24 17:53:39 -0700
  • 439a513c7a Update ca-certficates to 2.26 from NSS 3.39 Robert Relyea 2018-09-24 17:18:53 -0700
  • 46d2f25804 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Fedora Release Engineering 2018-07-12 21:28:32 +0000
  • 31ba2e4690 packaging: remove obsolete defattr line Paul Wouters 2018-07-03 15:36:24 -0400
  • 1a2c011ba4 Ported scripts to python3 Kai Engert 2018-06-28 22:36:01 +0200
  • 34c0da9058 edk2 requires p11-kit >= 0.23.10 Kai Engert 2018-06-11 16:08:26 +0200
  • 6220683f76 Extract certificate bundle in EDK2 format Daiki Ueno 2018-06-11 13:57:17 +0200
  • 398639612c Adjust ghost file permissions, rhbz#1564432 Kai Engert 2018-06-04 15:19:58 +0200
  • 342574ec95 Update to CKBI 2.24 from NSS 3.37 Kai Engert 2018-05-18 13:05:43 +0200
  • 77a1f2aa46 Update Python 2 dependency declarations to new packaging standards Iryna Shcherbina 2018-03-15 00:20:54 +0100
  • 09838f0deb Add dep on coreutils for ln(1) in %post Patrick Uiterwijk 2018-02-23 23:02:30 +0100
  • 44ff50bbce
         Remove %clean section Igor Gnatenko 2018-02-14 07:53:59 +0100
  • a77bc273de Update to CKBI 2.22 from NSS 3.35 Kai Engert 2018-02-06 14:42:09 +0100
  • 756b8b4c69 Depend on bash, grep, sed. Required for ca-legacy script execution. p11-kit is already required at %%post execution time. (rhbz#1537127) Kai Engert 2018-01-22 15:35:38 +0100
  • 4d1e9c779d Use the force, script! (Which sln did by default). Kai Engert 2018-01-19 13:14:55 +0100
  • 201f66b36b Stop using sln in ca-legacy script. Kai Engert 2018-01-19 13:07:06 +0100
  • 078e3f0b9b Use ln -s, because sln was removed from glibc. rhbz#1536349 Kai Engert 2018-01-19 12:57:53 +0100
  • e3a2f67722 Update to CKBI 2.20 from NSS 3.34.1 Kai Engert 2017-11-27 21:37:37 +0100
  • 5fae916208 Add CI tests using the standard test interface Bruno Goncalves 2017-09-25 11:03:21 +0200
  • 6b317cb305 Merge branch 'master' of ssh://pkgs.fedoraproject.org/rpms/ca-certificates Kai Engert 2017-08-15 15:41:33 +0200
  • 7a69d0d22f - Set P11_KIT_NO_USER_CONFIG=1 to prevent p11-kit from reading user configuration files (rhbz#1478172). Kai Engert 2017-08-15 15:39:45 +0200
  • c735381906 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild Fedora Release Engineering 2017-07-26 04:24:01 +0000
  • 7accaab619 Update to (yet unreleased) CKBI 2.16 which is planned for NSS 3.32. Mozilla removed all trust bits for code signing. Kai Engert 2017-07-19 11:40:38 +0200
  • a2a1b6c64d perl dependency renamed to perl-interpreter <https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules> Petr Písař 2017-07-12 14:05:20 +0200
  • 6cea01c4b1 Update to CKBI 2.14 from NSS 3.30.2 Kai Engert 2017-04-26 14:37:22 +0200
  • c1c275770a For CAs trusted by Mozilla, set attribute nss-mozilla-ca-policy: true Set attribute modifiable: false Require p11-kit 0.23.4 Kai Engert 2017-02-23 19:39:46 +0100
  • f0b0be2c1f - Changed the packaged bundle to use the flexible p11-kit-object-v1 file format, as a preparation to fix bugs in the interaction between p11-kit-trust and Mozilla applications, such as Firefox, Thunderbird etc. - Changed update-ca-trust to add comments to extracted PEM format files. - Added an utility to help with comparing output of the trust dump command. Kai Engert 2017-02-13 21:04:08 +0100
  • b1bece42f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild Fedora Release Engineering 2017-02-10 07:11:28 +0000
  • 1926916bb3 Update to CKBI 2.11 from NSS 3.28.1 Kai Engert 2017-01-11 14:16:31 +0100
  • 00af3f958b Update to CKBI 2.10 from NSS 3.27 Kai Engert 2016-10-04 19:54:47 +0200
  • 552fa4a6d3 Revert to the unmodified upstream CA list, changing the legacy trust to an empty list. Keeping the ca-legacy tool and existing config, however, the configuration has no effect after this change. Kai Engert 2016-08-18 14:11:51 +0200
  • 02204a071d Update to CKBI 2.9 from NSS 3.26 with legacy modifications Kai Engert 2016-08-16 18:51:35 +0200
  • 54fae46d1e Update to CKBI 2.8 from NSS 3.25 with legacy modifications Kai Engert 2016-07-15 13:44:08 +0200
  • 8867a18ec0 Only create backup files if there is an original file (bug 999017). Kai Engert 2016-05-10 20:28:23 +0200
  • 5300aa7f75 Use sln, not ln, to avoid the dependency on coreutils. Kai Engert 2016-05-10 18:48:44 +0200
  • de9cf5de04 Fix typos in a manual page and in a README file. Kai Engert 2016-04-25 18:58:31 +0200
  • 53674928a5 Update to CKBI 2.7 from NSS 3.23 with legacy modifications Kai Engert 2016-03-16 18:25:23 +0100
  • 199d06cb4e - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild Dennis Gilmore 2016-02-03 17:20:38 +0000
  • da979a1a44 Update to CKBI 2.6 from NSS 3.21 with legacy modifications Kai Engert 2015-11-23 17:51:07 +0100
  • 87f92384d1 Update the spec file to version 2.5 Kai Engert 2015-08-13 22:49:30 +0200
  • 6df1740e0f Update to CKBI 2.5 from NSS 3.19.3 with legacy modifications This update adjusts the diff-from-upstream patch (which is a patch purely provided for documentation purposes). It shows a modification that was made as part of the 2.4 update (which in fact removed legacy treatment for one certificate, because upstream had reverted it to an earlier trusted state, as documented on the package wiki page). No changes to the legacy treatment were made in this 2.5 update. Kai Engert 2015-08-13 22:43:25 +0200
  • 298b40723b - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild Dennis Gilmore 2015-06-17 02:13:52 +0000
  • b2076a019e Update to CKBI 2.4 from NSS 3.18.1 with legacy modifications Kai Engert 2015-05-05 20:18:08 +0200
  • 41111200ad Fixed a typo in the ca-legacy manual page. Kai Engert 2015-05-05 17:27:27 +0200
  • 40d3667f3c rename legacy=enable to legacy=default and related changes; add ca-legacy man page; handle absent configuration in ca-legacy Kai Engert 2015-03-31 23:02:57 +0200
  • b18dd49764 Update to CKBI 2.3 from NSS 3.18 with legacy modifications Kai Engert 2015-03-20 22:12:01 +0100
  • ca86efd661 Update the documented differences from upstream 2.2 Kai Engert 2015-03-20 21:49:48 +0100
  • b1d00ef388 Fix mistakes in the legacy handling of the upstream 2.1 and 2.2 releases Kai Engert 2015-03-20 21:23:05 +0100
  • 053dde8a2f - Update to CKBI 2.2 from NSS 3.17.3 with legacy modifications Kai Engert 2014-12-16 22:09:03 +0100
  • 3837ff2e4e Add a patch to document the changes from upstream version 2.1 Kai Engert 2014-12-16 19:42:43 +0100
  • a1c2aece67 update project URL Kai Engert 2014-11-21 16:29:39 +0100
  • 99c1a4b448 remove the obsolete blacklist.txt file Kai Engert 2014-11-20 17:24:17 +0100
  • f9355b7943 remove the unnecessary entry in trust-fixes, because we no longer ship the old entrust root (it got replaced with one that contains the basic constraints extension) Kai Engert 2014-11-20 17:22:39 +0100
  • 0c19add667 Restore Requires: coreutils Peter Lemenkov 2014-11-15 08:11:39 +0300
  • d8e353c1d2 A proper fix for #1158343 Peter Lemenkov 2014-11-14 18:31:24 +0300
  • d7defefea7 add Requires: coreutils (rhbz#1158343) Kai Engert 2014-10-29 12:14:57 +0100
  • e24bfeb6b0 - Introduce the ca-legacy utility and a ca-legacy.conf configuration file. By default, legacy roots required for OpenSSL/GnuTLS compatibility are kept enabled. Using the ca-legacy utility, the legacy roots can be disabled. If disabled, the system will use the trust set as provided by the upstream Mozilla CA list. (See also: rhbz#1158197) Kai Engert 2014-10-28 20:54:15 +0100
  • f81c301d27 - Temporarily re-enable several legacy root CA certificates because of compatibility issues with software based on OpenSSL/GnuTLS, see rhbz#1144808 Kai Engert 2014-09-21 10:33:16 +0200
  • 18eedda612 - Update to CKBI 2.1 from NSS 3.16.4 - Fix rhbz#1130226 Kai Engert 2014-08-14 17:06:04 +0200
  • b0943c5cc0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild Dennis Gilmore 2014-06-06 22:50:54 -0500
  • f176bca921 Update to CKBI 1.97 from NSS 3.16 Kai Engert 2014-03-19 11:30:07 +0100
  • 4a1396fc65 Merge branch 'master' of ssh://pkgs.fedoraproject.org/ca-certificates Kai Engert 2014-02-10 20:15:14 +0100
  • 278ac24070 remove openjdk build requirement Kai Engert 2014-02-10 20:13:22 +0100
  • a14dcb43a0 Own the %{_datadir}/pki dir. Ville Skyttä 2014-01-25 20:39:23 +0200
  • 5df4185c4d * Thu Jan 09 2014 Kai Engert <kaie@redhat.com> - 2013.1.96-1 - Update to CKBI 1.96 from NSS 3.15.4 Kai Engert 2014-01-09 17:38:04 +0100
  • 9a4d41a78e * Tue Dec 17 2013 Kai Engert <kaie@redhat.com> - 2013.1.95-1 - Update to CKBI 1.95 from NSS 3.15.3.1 Kai Engert 2013-12-17 18:51:16 +0100
  • 10e748b11e The PKCS#11 attributes of a stapled extension changed slightly during the 0.19.x releases. This was due to specification work on the 'Storing Trust Policy' document. Patch by Stef Walter. Resolves: rhbz#988745 Kai Engert 2013-09-06 17:22:25 +0200
  • e3e96c2ad9 - merge manual improvement from f19 Kai Engert 2013-09-03 13:32:18 +0200
  • ec67e63d7a Merge branch 'master' of ssh://pkgs.fedoraproject.org/ca-certificates Kai Engert 2013-09-03 13:07:33 +0200
  • 04d3dc5036 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild Dennis Gilmore 2013-08-02 23:13:50 -0500
  • ed9b40a653 - improve manpage Kai Engert 2013-07-17 15:39:41 +0200
  • 540618e93b - clarification updates to manual page Kai Engert 2013-07-09 12:50:17 +0200
  • 9ac574b7ef - added a manual page and related build requirements - simplify the README files now that we have a manual page - set a certificate alias in trusted bundle (thanks to Ludwig Nussel) Kai Engert 2013-07-09 00:59:15 +0200
  • 6c5dbfb646 * Mon May 27 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-13 - use correct command in README files, rhbz#961809 Kai Engert 2013-05-27 15:28:11 +0200
  • 2dc4526741 - update to version 1.94 provided by NSS 3.15 (beta) Kai Engert 2013-05-27 14:57:04 +0200
  • b2e71a9f9a * Mon Apr 22 2013 Kai Engert <kaie@redhat.com> - 2012.87-12 - Use both label and serial to identify cert during conversion, rhbz#927601 - Add myself as contributor to certdata2.pem.py and remove use of rcs/ident. (thanks to Michael Shuler for suggesting to do so) - Update source URLs and comments, add source file for version information. Kai Engert 2013-04-22 14:58:59 +0200
  • 34f352da5f * Tue Mar 19 2013 Kai Engert <kaie@redhat.com> - 2012.87-11 - adjust to changed and new functionality provided by p11-kit 0.17.3 - updated READMEs to describe the new directory-specific treatment of files - ship a new file that contains certificates with neutral trust - ship a new file that contains distrust objects, and also staple a basic constraint extension to one legacy root contained in the Mozilla CA list - adjust the build script to dynamically produce most of above files - add and own the anchors and blacklist subdirectories - file generate-cacerts.pl is no longer required Kai Engert 2013-03-24 00:36:13 +0100
  • d538ada99c * Fri Mar 08 2013 Kai Engert <kaie@redhat.com> - 2012.87-9 - Major rework for the Fedora SharedSystemCertificates feature. - Only ship a PEM bundle file using the BEGIN TRUSTED CERTIFICATE file format. - Require the p11-kit package that contains tools to automatically create other file format bundles. - Convert old file locations to symbolic links that point to dynamically generated files. - Old files, which might have been locally modified, will be saved in backup files with .rpmsave extension. - Added a update-ca-certificates script which can be used to regenerate the merged trusted output. - Refer to the various README files that have been added for more detailed explanation of the new system. - No longer require rsc for building. - Add explanation for the future version numbering scheme, because the old numbering scheme was based on upstream using cvs, which is no longer true, and therefore can no longer be used. - Includes changes from rhbz#873369. Kai Engert 2013-03-09 00:09:26 +0100