"Explicitly Distrust DigiNotar Root CA"
# Expired CAs
-+"E-Tugra Certification Authority"
++"Security Communication Root CA"
rm -f "$PEM"
@@ -111,24 +111,18 @@
- sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
do
- if ! test -f "$CERTSDIR/$crt"
+ if test -f "$CERTSDIR/$crt"
-# administrator.
-if [ -d "$LOCALCERTSDIR" ]
-then
-- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read crt
+- find -L "$LOCALCERTSDIR" -type f -name '*.crt' | sort | while read -r crt
- do
- add "$crt"
- done
- echo "Running hooks in $HOOKSDIR..."
- VERBOSE_ARG=
- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose"
-- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook
+- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read -r hook
- do
- ( cat "$ADDED"
- cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?."
.SH SYNOPSIS
.B update-ca-certificates
.RI [ options ]
-@@ -26,7 +26,7 @@ This manual page documents briefly the
- command.
- .PP
- \fBupdate-ca-certificates\fP is a program that updates the directory
--/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt,
-+@openssldir@ to hold SSL certificates and generates ca-certificates.crt,
- a concatenated single-file list of certificates.
- .PP
- It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
@@ -38,11 +38,6 @@
- .PP
- Furthermore all certificates with a .crt extension found below
- /usr/local/share/ca-certificates are also included as implicitly trusted.
+ should be one certificate per file, and not multiple certificates in a single
+ file. Then run update-ca-certificates to merge the new certificates into the
+ existing machine store at /etc/ssl/certs.
-.PP
-Before terminating, \fBupdate-ca-certificates\fP invokes
-\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
.SH OPTIONS
A summary of options is included below.
.TP
-@@ -53,13 +48,13 @@
+@@ -61,7 +61,7 @@
Be verbose. Output \fBopenssl rehash\fP.
.TP
.B \-f, \-\-fresh
-Fresh updates. Remove symlinks in /etc/ssl/certs directory.
+Fresh updates. Remove symlinks in @openssldir@ directory.
- .SH FILES
.TP
+ .B \-\-certsconf
+ Change the configuration file. By default, the file
+@@ -84,7 +84,7 @@
.I /etc/ca-certificates.conf
A configuration file.
.TP
-.I /etc/ssl/certs/ca-certificates.crt
+.I /etc/openssl/ca-certificates.crt
- A single-file version of CA certificates. This holds
- all CA certificates that you activated in /etc/ca-certificates.conf.
+ A single-file version of CA certificates. This holds all CA certificates
+ that were activated in /etc/ca-certificates.conf.
.TP
-# Handle certificates that should be removed. This is an explicit act
-# by prefixing lines in the configuration files with exclamation marks (!).
--sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt
+-sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read -r crt
-do
- remove "$CERTSDIR/$crt"
-done
+
+ # Handle certificates that should be removed. This is an explicit act
+ # by prefixing lines in the configuration files with exclamation marks (!).
-+ sed -n -e '/^$/d' -e 's/^!//p' $conf | while read crt
++ sed -n -e '/^$/d' -e 's/^!//p' $conf | while read -r crt
+ do
+ remove "$CERTSDIR/$crt"
+ done
--sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt
+-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read -r crt
-do
- if test -f "$CERTSDIR/$crt"
- then
- echo "W: $CERTSDIR/$crt or $LOCALCERTSDIR/$crt not found, but listed in $CERTSCONF." >&2
- continue
- fi
-+ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read crt
++ sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $conf | while read -r crt
+ do
+ if test -f "$CERTSDIR/$crt"
+ then
Summary: Common CA Certificates PEM files
Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA
Name: ca-certificates
-%define ver_date 20230311
+%define ver_date 20240203
Version: %{ver_date}
-Release: 2
+Release: 1
License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs)
Group: Base
Source0: http://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz
-# Source0-md5: fc1c3ec0067385f0be8ac7f6e670a0f8
+# Source0-md5: 228129ccf8cd99b991d771c44dd4052c
Source2: http://www.certum.pl/keys/CA.pem
# Source2-md5: 35610177afc9c64e70f1ce62c1885496
Source14: http://www.certum.pl/CTNCA.pem