From 76b4b9b99b55b4b7eb112239fb24228aae83973e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= Date: Mon, 29 Jun 2015 14:14:55 +0200 Subject: [PATCH] - up to 20150426 --- ca-certificates-DESTDIR.patch | 51 ++++++++++++++--------------- ca-certificates-etc-certs.patch | 6 ++-- ca-certificates-undebianize.patch | 54 ++++++++++++++----------------- ca-certificates.d.patch | 24 +++++++++----- ca-certificates.spec | 8 ++--- 5 files changed, 71 insertions(+), 72 deletions(-) diff --git a/ca-certificates-DESTDIR.patch b/ca-certificates-DESTDIR.patch index c5f66fc..07b6208 100644 --- a/ca-certificates-DESTDIR.patch +++ b/ca-certificates-DESTDIR.patch @@ -1,36 +1,33 @@ ---- ca-certificates-20090814/sbin/update-ca-certificates~ 2010-05-05 14:10:46.000000000 +0300 -+++ ca-certificates-20090814/sbin/update-ca-certificates 2010-05-05 14:10:52.783355044 +0300 -@@ -23,6 +23,7 @@ - +--- a/sbin/update-ca-certificates~ 2015-06-29 14:06:06.000000000 +0200 ++++ b/sbin/update-ca-certificates 2015-06-29 14:09:30.591543265 +0200 +@@ -24,6 +24,7 @@ verbose=0 fresh=0 + default=0 +DESTDIR= - while [ $# -gt 0 ]; - do - case $1 in -@@ -31,6 +31,8 @@ do - verbose=1;; - --fresh|-f) + CERTSCONF=/etc/ca-certificates.conf + CERTSDIR=/usr/share/ca-certificates + LOCALCERTSDIR=/etc/certs +@@ -41,6 +42,8 @@ do + --default|-d) + default=1 fresh=1;; + --destdir) + DESTDIR=$2; shift;; - --help|-h|*) - echo "$0: [--verbose] [--fresh]" - exit;; -@@ -37,11 +40,11 @@ + --certsconf) + shift + CERTSCONF="$1";; +@@ -66,6 +69,13 @@ do shift done --CERTSCONF=/etc/ca-certificates.conf --CERTSDIR=/usr/share/ca-certificates --LOCALCERTSDIR=/etc/certs --CERTBUNDLE=/etc/certs/ca-certificates.crt --ETCCERTSDIR=@openssldir@ -+CERTSCONF=$DESTDIR/etc/ca-certificates.conf -+CERTSDIR=$DESTDIR/usr/share/ca-certificates -+LOCALCERTSDIR=$DESTDIR/etc/certs -+CERTBUNDLE=$DESTDIR/etc/certs/ca-certificates.crt -+ETCCERTSDIR=$DESTDIR@openssldir@ - - cleanup() { - rm -f "$TEMPBUNDLE" ++CERTSCONF=${DESTDIR}${CERTSCONF} ++CERTSDIR=${DESTDIR}${CERTSDIR} ++LOCALCERTSDIR=${DESTDIR}${LOCALCERTSDIR} ++CERTBUNDLE=${DESTDIR}${CERTBUNDLE} ++ETCCERTSDIR=${DESTDIR}${ETCCERTSDIR} ++HOOKSDIR=${DESTDIR}${HOOKSDIR} ++ + if [ ! -s "$CERTSCONF" ] + then + fresh=1 diff --git a/ca-certificates-etc-certs.patch b/ca-certificates-etc-certs.patch index 0427ca2..2e9c4c7 100644 --- a/ca-certificates-etc-certs.patch +++ b/ca-certificates-etc-certs.patch @@ -39,9 +39,9 @@ rm -f "$PEM" @@ -90,6 +90,7 @@ if [ "$fresh" = 1 ]; then do - case $(readlink $symlink) in - $CERTSDIR*) rm -f $symlink;; -+ $LOCALCERTSDIR*) rm -f $symlink;; + case $(readlink "$symlink") in + $CERTSDIR*) rm -f "$symlink";; ++ $LOCALCERTSDIR*) rm -f "$symlink";; esac done find . -type l -print | while read symlink diff --git a/ca-certificates-undebianize.patch b/ca-certificates-undebianize.patch index b557139..125661e 100644 --- a/ca-certificates-undebianize.patch +++ b/ca-certificates-undebianize.patch @@ -1,39 +1,33 @@ --- ca-certificates-undebianize/sbin/update-ca-certificates 2008-11-01 12:17:37.000000000 +0100 +++ ca-certificates-20090814/sbin/update-ca-certificates 2010-05-05 14:03:33.683398895 +0300 -@@ -38,7 +38,7 @@ +@@ -28,7 +28,7 @@ CERTSCONF=/etc/ca-certificates.conf CERTSDIR=/usr/share/ca-certificates LOCALCERTSDIR=/usr/local/share/ca-certificates CERTBUNDLE=ca-certificates.crt -ETCCERTSDIR=/etc/ssl/certs +ETCCERTSDIR=@openssldir@ + HOOKSDIR=/etc/ca-certificates/update.d - cleanup() { - rm -f "$TEMPBUNDLE" -@@ -57,7 +57,7 @@ - REMOVED="$(mktemp -t "ca-certificates.tmp.XXXXXX")" - - # Adds a certificate to the list of trusted ones. This includes a symlink --# in /etc/ssl/certs to the certificate file and its inclusion into the -+# in @openssldir@ to the certificate file and its inclusion into the - # bundle. - add() { - CERT="$1" -@@ -88,16 +88,6 @@ - fi + while [ $# -gt 0 ]; +@@ -187,19 +187,4 @@ mv -f "$TEMPBUNDLE" "$CERTBUNDLE" echo "$ADDED_CNT added, $REMOVED_CNT removed; done." -- --HOOKSDIR=/etc/ca-certificates/update.d --echo -n "Running hooks in $HOOKSDIR...." --VERBOSE_ARG= --[ "$verbose" = 0 ] || VERBOSE_ARG=--verbose --eval run-parts $VERBOSE_ARG --test -- $HOOKSDIR | while read hook --do -- ( cat $ADDED -- cat $REMOVED ) | $hook || echo E: $hook exited with code $?. --done - echo "done." +-if [ -d "$HOOKSDIR" ] +-then +- +- echo "Running hooks in $HOOKSDIR..." +- VERBOSE_ARG= +- [ "$verbose" = 0 ] || VERBOSE_ARG="--verbose" +- eval run-parts "$VERBOSE_ARG" --test -- "$HOOKSDIR" | while read hook +- do +- ( cat "$ADDED" +- cat "$REMOVED" ) | "$hook" || echo "E: $hook exited with code $?." +- done +- echo "done." +- +-fi +- # vim:set et sw=2: --- ca-certificates-20130610/sbin/update-ca-certificates.8~ 2013-06-11 11:32:35.000000000 +0300 +++ ca-certificates-20130610/sbin/update-ca-certificates.8 2013-06-11 11:54:40.662201388 +0300 @@ -41,17 +35,17 @@ .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME --update-ca-certificates \- update /etc/ssl/certs and certificates.crt +-update-ca-certificates \- update /etc/ssl/certs and ca-certificates.crt +update-ca-certificates \- update @openssldir@ and ca-certificates.crt .SH SYNOPSIS .B update-ca-certificates .RI [ options ] -@@ -26,7 +26,7 @@ - This manual page was written for the Debian distribution. +@@ -26,7 +26,7 @@ This manual page documents briefly the + command. .PP \fBupdate-ca-certificates\fP is a program that updates the directory --/etc/ssl/certs to hold SSL certificates and generates certificates.crt, -+@openssldir@ to hold SSL certificates and generates certificates.crt, +-/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, ++@openssldir@ to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates. .PP It reads the file /etc/ca-certificates.conf. Each line gives a pathname of diff --git a/ca-certificates.d.patch b/ca-certificates.d.patch index 63c8da9..c8b9d3a 100644 --- a/ca-certificates.d.patch +++ b/ca-certificates.d.patch @@ -1,20 +1,28 @@ --- ca-certificates-20140223/sbin/update-ca-certificates 2014-03-14 14:42:21.171246343 +0200 +++ ca-certificates-20140223/sbin/update-ca-certificates 2014-03-14 14:46:50.556014888 +0200 -@@ -41,6 +41,7 @@ +@@ -26,6 +26,7 @@ fresh=0 + default=0 + DESTDIR= + CERTSCONF=/etc/ca-certificates.conf ++CERTSCONFD=/etc/ca-certificates.d + CERTSDIR=/usr/share/ca-certificates + LOCALCERTSDIR=/etc/certs + CERTBUNDLE=/etc/certs/ca-certificates.crt +@@ -70,6 +71,7 @@ do done - CERTSCONF=$DESTDIR/etc/ca-certificates.conf -+CERTSCONFD=$DESTDIR/etc/ca-certificates.d - CERTSDIR=$DESTDIR/usr/share/ca-certificates - LOCALCERTSDIR=$DESTDIR/etc/certs - CERTBUNDLE=$DESTDIR/etc/certs/ca-certificates.crt + CERTSCONF=${DESTDIR}${CERTSCONF} ++CERTSCONFD=${DESTDIR}${CERTSCONFD} + CERTSDIR=${DESTDIR}${CERTSDIR} + LOCALCERTSDIR=${DESTDIR}${LOCALCERTSDIR} + CERTBUNDLE=${DESTDIR}${CERTBUNDLE} @@ -105,25 +106,30 @@ echo -n "Updating certificates in $ETCCERTSDIR... " -# Handle certificates that should be removed. This is an explicit act -# by prefixing lines in the configuration files with exclamation marks (!). --sed -n -e '/^$/d' -e 's/^!//p' $CERTSCONF | while read crt +-sed -n -e '/^$/d' -e 's/^!//p' "$CERTSCONF" | while read crt -do - remove "$CERTSDIR/$crt" -done @@ -29,7 +37,7 @@ + remove "$CERTSDIR/$crt" + done --sed -e '/^$/d' -e '/^#/d' -e '/^!/d' $CERTSCONF | while read crt +-sed -e '/^$/d' -e '/^#/d' -e '/^!/d' "$CERTSCONF" | while read crt -do - if test -f "$CERTSDIR/$crt" - then diff --git a/ca-certificates.spec b/ca-certificates.spec index e76427d..95b3acd 100644 --- a/ca-certificates.spec +++ b/ca-certificates.spec @@ -9,12 +9,12 @@ Summary: Common CA Certificates PEM files Summary(pl.UTF-8): Pliki PEM popularnych certyfikatów CA Name: ca-certificates -Version: 20141019 -Release: 3 +Version: 20150426 +Release: 1 License: GPL v2 (scripts), MPL v2 (mozilla certs), distributable (other certs) Group: Libraries Source0: ftp://ftp.debian.org/debian/pool/main/c/ca-certificates/%{name}_%{version}.tar.xz -# Source0-md5: f619282081c8bfc65ea64c37fa5285ed +# Source0-md5: 717455f13fb31fd014a11a468ea3895d Source1: https://www.verisign.com/support/thawte-roots.zip # Source1-md5: 21a284ebdc6e8f4178d5cc10fb9e1ef2 Source2: http://www.certum.pl/keys/CA.pem @@ -191,7 +191,7 @@ openssl x509 -inform DER -in %{SOURCE25} -outform PEM -out terena/$(basename %{S %{__make} # We have those and more in specific dirs -rm mozilla/{Thawte,thawte,Certum,IGC_A,Deutsche_Telekom_Root_CA_2,Juur-SK}*.crt +rm mozilla/{thawte,Certum,IGC_A,Deutsche_Telekom_Root_CA_2,Juur-SK}*.crt # See TODO # rm mozilla/RSA_Security_1024_v3.crt -- 2.43.0